Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Slow System


  • This topic is locked This topic is locked
39 replies to this topic

#1 dphenry157

dphenry157

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 13 April 2015 - 03:10 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by dphenry (administrator) on DPHENRY on 13-04-2015 15:44:43
Running from C:\Users\dphenry.DPHENRY\Downloads
Loaded Profiles: dphenry (Available profiles: HP USER & equick & dphenry)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Users\dphenry.DPHENRY\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\n360.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\n360.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\nacl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\conathst.exe
() C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\DPHENR~1.DPH\AppData\Roaming\Dashlane\Dashlane.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
() C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7233640 2011-06-14] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Run: [GoogleChromeAutoLaunch_D5032C95D0AFE1B632236545FA40F308] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: H - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {1fda1161-7720-11e4-9b9b-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {1fda1293-7720-11e4-9b9b-082e5f2a15a9} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {2889da4b-4b05-11e4-be63-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {4d454c93-4961-11e4-9eac-082e5f2a15a9} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {56373f77-0120-11e4-b20e-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\equick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_0cca2.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_0cca2.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_0cca2.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_0cca2.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_0cca2.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-216613731-740240614-3180958297-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/19
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-216613731-740240614-3180958297-1003 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-216613731-740240614-3180958297-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-216613731-740240614-3180958297-1003 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-11] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-216613731-740240614-3180958297-1003: @citrixonline.com/appdetectorplugin -> C:\Users\dphenry.DPHENRY\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-21] (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-13]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-04-09]
FF HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}
FF Extension: Dashlane - C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-02-18]
 
Chrome: 
=======
CHR Profile: C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-02]
CHR Extension: (Google Drive) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-02]
CHR Extension: (YouTube) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-02]
CHR Extension: (Google Search) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-02]
CHR Extension: (Google+) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-02-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-04-03]
CHR Extension: (Dashlane) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-12-11]
CHR Extension: (Save to Google Drive) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-02-24]
CHR Extension: (Norton Identity Safe) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-02]
CHR Extension: (No Name) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Gmail) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-08]
CHR HKU\S-1-5-21-216613731-740240614-3180958297-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MF NTFS Monitor; C:\Users\dphenry.DPHENRY\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2015-02-03] ()
R2 N360; C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-09] (Emsisoft GmbH)
R1 BHDrvx64; C:\Program Files (x86)\Norton Business Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-09] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Business Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150410.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-13] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-13] (Intel® Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-02-03] (Windows ® Win 7 DDK provider)
R3 NAVENG; C:\Program Files (x86)\Norton Business Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150412.022\ENG64.SYS [129752 2015-03-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Business Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150412.022\EX64.SYS [2137304 2015-03-23] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-02-17] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 15:44 - 2015-04-13 15:45 - 00025912 _____ () C:\Users\dphenry.DPHENRY\Downloads\FRST.txt
2015-04-13 15:43 - 2015-04-13 15:45 - 00000000 ____D () C:\FRST
2015-04-13 15:43 - 2015-04-13 15:43 - 02096640 _____ (Farbar) C:\Users\dphenry.DPHENRY\Downloads\FRST64.exe
2015-04-13 14:52 - 2015-04-13 14:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-13 14:52 - 2015-04-13 14:57 - 00002049 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-13 13:40 - 2015-04-13 13:40 - 00000000 _____ () C:\Users\dphenry.DPHENRY\Desktop\Event.txt
2015-04-13 11:38 - 2015-04-13 11:38 - 00408776 _____ (TweakBit) C:\Users\dphenry.DPHENRY\Downloads\fix-my-pc-setup.exe
2015-04-12 11:58 - 2015-04-12 11:58 - 05875301 _____ () C:\Users\dphenry.DPHENRY\Downloads\ccsetup504 (1).zip
2015-04-12 11:57 - 2015-04-12 11:57 - 05344528 _____ (Piriform Ltd) C:\Users\dphenry.DPHENRY\Downloads\ccsetup504.exe
2015-04-11 11:51 - 2015-04-13 12:25 - 00000224 _____ () C:\Windows\setupact.log
2015-04-11 11:51 - 2015-04-11 11:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 11:50 - 2015-04-11 11:50 - 00009072 _____ () C:\Windows\PFRO.log
2015-04-11 11:40 - 2015-04-11 11:40 - 05875301 _____ () C:\Users\dphenry.DPHENRY\Downloads\ccsetup504.zip
2015-04-10 12:40 - 2015-04-10 12:40 - 00000017 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\resmon.resmoncfg
2015-04-10 11:25 - 2015-04-10 11:25 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-04-10 10:58 - 2015-04-13 15:46 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\Lookeen
2015-04-10 10:58 - 2015-04-10 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lookeen
2015-04-10 10:58 - 2015-04-10 10:58 - 00000000 ____D () C:\Program Files (x86)\Axonic
2015-04-10 09:22 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-10 09:22 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-10 09:22 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-10 09:05 - 2015-04-10 09:05 - 00000000 ____D () C:\Users\dphenry.DPHENRY\Desktop\Documents\Add-in Express
2015-04-10 08:04 - 2015-04-10 08:04 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2015-04-10 08:04 - 2015-04-10 08:04 - 00002244 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\a2scan_150409-161818.txt
2015-04-10 08:04 - 2015-04-10 08:04 - 00000098 _____ () C:\Windows\system32\eamclean.dat
2015-04-09 14:38 - 2015-04-09 16:12 - 00000000 ____D () C:\EEK
2015-04-09 14:38 - 2015-04-09 14:38 - 00000745 _____ () C:\Users\dphenry.DPHENRY\Desktop\Start Emsisoft Emergency Kit.lnk
2015-04-09 14:36 - 2015-04-09 14:37 - 160793016 _____ () C:\Users\dphenry.DPHENRY\Downloads\EmsisoftEmergencyKit.exe
2015-04-09 14:08 - 2015-04-13 14:59 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-04-09 14:08 - 2015-04-13 14:59 - 00002039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-04-09 14:08 - 2015-04-13 14:59 - 00002016 _____ () C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-04-09 10:24 - 2015-04-09 10:25 - 26379904 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Downloads\Lookeen.10.0.1.5882.exe
2015-04-09 09:55 - 2015-04-09 09:55 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-09 09:55 - 2015-04-09 09:55 - 00001033 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-09 09:54 - 2015-04-09 09:54 - 07928696 _____ (TeamViewer GmbH) C:\Users\dphenry.DPHENRY\Desktop\TeamViewer_Setup_en.exe
2015-04-09 09:26 - 2015-04-09 09:27 - 11260304 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Desktop\Lookeen.8.3.1.5156 (2).exe
2015-04-09 09:12 - 2015-04-09 09:12 - 11260304 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Desktop\Lookeen.8.3.1.5156 (1).exe
2015-04-08 16:59 - 2015-04-08 16:59 - 00347816 _____ (Microsoft Corporation) C:\Users\dphenry.DPHENRY\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.135195490320359.1.1.Run.exe
2015-04-08 16:52 - 2015-04-08 16:52 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\VS Revo Group
2015-04-08 16:52 - 2015-04-08 16:52 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-04-08 16:52 - 2015-04-08 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-04-08 16:52 - 2015-04-08 16:52 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-08 16:52 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-04-08 14:24 - 2015-04-08 14:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-08 14:24 - 2015-04-08 14:24 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-08 14:24 - 2015-04-08 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-08 14:24 - 2015-04-08 14:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-08 14:24 - 2015-04-08 14:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-08 14:24 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-08 14:24 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-08 14:24 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-08 14:20 - 2015-04-08 14:20 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\dphenry.DPHENRY\Desktop\mbam-setup-2.1.4.1018 (1).exe
2015-04-08 10:33 - 2015-04-08 10:33 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Business Suite
2015-04-07 16:34 - 2015-04-07 16:34 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DPHENRY-Windows-7-Professional-(64-bit).dat
2015-04-07 16:34 - 2015-04-07 16:34 - 00000000 ____D () C:\RegBackup
2015-04-07 14:39 - 2015-04-07 14:40 - 00248728 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\86709201.sys
2015-04-07 13:34 - 2015-04-13 15:40 - 00128456 _____ () C:\lm.log
2015-04-07 10:23 - 2015-04-07 11:54 - 00000000 ____D () C:\NPE
2015-04-07 10:06 - 2015-04-08 10:18 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\LogMeIn Rescue Applet
2015-04-03 10:38 - 2015-04-08 11:19 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\com.adobe.AdobeMuseCC.2014.3
2015-04-03 10:38 - 2015-04-03 10:38 - 00000986 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
2015-04-02 13:55 - 2015-04-08 11:16 - 00000000 ____D () C:\AdwCleaner
2015-03-31 14:04 - 2015-03-31 14:05 - 11260304 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Downloads\Lookeen.8.3.1.5156.exe
2015-03-31 14:02 - 2015-03-31 14:05 - 26360072 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Downloads\Lookeen.10.0.1.5814.exe
2015-03-31 12:15 - 2015-04-13 12:23 - 00000000 ____D () C:\Users\dphenry.DPHENRY\Desktop\Documents\Outlook Files
2015-03-31 12:00 - 2015-04-12 12:36 - 00000000 ____D () C:\Windows\pss
2015-03-31 10:32 - 2015-03-31 10:32 - 00368214 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\BICF Ads_033115.zip
2015-03-31 08:53 - 2015-03-31 08:53 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-31 08:53 - 2015-03-31 08:53 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-30 10:42 - 2015-03-30 10:42 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\RemEngine
2015-03-26 17:12 - 2015-03-27 10:30 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\hpqLog
2015-03-26 13:53 - 2015-03-26 13:53 - 02450591 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\Textures.PspCache
2015-03-26 09:31 - 2015-03-26 09:31 - 00000000 ____D () C:\ProgramData\NTIReg
2015-03-26 09:31 - 2015-03-26 09:31 - 00000000 ____D () C:\ProgramData\BackupNowEZ
2015-03-26 09:31 - 2009-05-05 16:46 - 00018432 _____ (NewTech Infosystems, Inc.) C:\Windows\system32\Drivers\NTIDrvr.sys
2015-03-26 09:31 - 2009-05-05 16:46 - 00016896 _____ (NewTech Infosystems Corporation) C:\Windows\system32\Drivers\UBHelper.sys
2015-03-26 09:30 - 2015-03-26 09:30 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\nti
2015-03-26 09:30 - 2015-03-26 09:30 - 00000000 ____D () C:\Program Files (x86)\NTI
2015-03-26 09:24 - 2015-03-26 09:24 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-03-26 05:41 - 2015-03-26 05:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync
2015-03-24 08:33 - 2015-03-24 08:33 - 00433664 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\VA Indiana Outreach Flyer_032415.pub
2015-03-21 11:35 - 2015-03-31 16:25 - 00000000 ____D () C:\Users\dphenry.DPHENRY\Desktop\Benjamins
2015-03-21 09:51 - 2015-03-21 09:52 - 00064000 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\Phoenix Bridal Show_032015.xls
2015-03-19 16:10 - 2015-03-19 16:10 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-03-18 09:33 - 2015-03-18 09:33 - 00000033 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\AdobeWLCMCache.dat
2015-03-17 17:46 - 2015-03-17 17:46 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2015-03-17 17:44 - 2015-03-17 17:44 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2015-03-17 17:23 - 2015-03-17 17:23 - 00001485 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2015-03-17 16:11 - 2015-03-17 16:31 - 00000000 ____D () C:\Users\dphenry.DPHENRY\Desktop\BYRON Packet_031715
2015-03-17 12:49 - 2015-03-17 15:23 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\sidekick
2015-03-17 11:18 - 2015-03-17 14:54 - 00001431 _____ () C:\Users\dphenry.DPHENRY\Desktop\common2 (planserv7) (T) - Shortcut.lnk
2015-03-17 01:34 - 2015-03-17 01:34 - 00054944 _____ (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00026272 _____ (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2015-03-16 12:19 - 2015-03-16 12:20 - 00675777 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\chuck_houser_031615.mp4
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 15:03 - 2013-11-27 16:20 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\Adobe
2015-04-13 15:00 - 2014-12-23 11:14 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-13 14:52 - 2012-03-08 16:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-13 12:53 - 2012-03-06 10:52 - 01200733 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 12:51 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 12:51 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 12:33 - 2012-02-17 12:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-13 12:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 12:07 - 2013-11-27 16:19 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{89402C05-74CA-4BC0-88DB-B03F17572652}
2015-04-12 12:27 - 2014-08-05 14:40 - 00000000 ___HD () C:\Users\dphenry.DPHENRY\.mediafire
2015-04-12 11:58 - 2014-07-24 17:20 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-12 11:58 - 2014-07-24 17:20 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-12 11:56 - 2014-07-24 17:20 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-11 11:42 - 2013-12-19 13:27 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\CrashDumps
2015-04-11 11:42 - 2011-02-11 16:13 - 00000000 ____D () C:\Windows\Panther
2015-04-10 14:46 - 2009-07-14 01:13 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 12:07 - 2013-11-27 16:21 - 00110960 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-10 11:41 - 2009-07-14 00:45 - 05029200 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-10 11:26 - 2012-03-09 10:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-10 11:25 - 2012-03-09 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-04-10 11:25 - 2012-03-09 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-04-10 11:24 - 2010-11-21 03:17 - 00000000 ____D () C:\Windows\ShellNew
2015-04-10 11:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-10 11:23 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-10 11:19 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2015-04-10 09:26 - 2014-12-11 04:31 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-10 09:26 - 2014-05-06 16:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-10 06:24 - 2014-10-15 11:55 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane
2015-04-09 14:09 - 2012-06-20 09:13 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-04-09 11:06 - 2014-10-15 12:07 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-09 10:03 - 2014-10-15 12:07 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\TeamViewer
2015-04-08 11:52 - 2014-04-04 09:12 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\IrfanView
2015-04-08 11:18 - 2013-11-27 16:19 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\Adobe
2015-04-08 10:18 - 2014-01-21 16:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Business Suite
2015-04-08 10:18 - 2014-01-21 12:23 - 00002442 _____ () C:\Users\Public\Desktop\Norton Business Suite.lnk
2015-04-08 10:18 - 2012-03-09 09:36 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-04-07 12:27 - 2014-07-18 16:26 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\NPE
2015-04-03 11:00 - 2013-11-27 16:19 - 00000000 ____D () C:\Users\dphenry.DPHENRY
2015-04-03 10:35 - 2012-06-20 09:12 - 00000000 ____D () C:\Program Files\Adobe
2015-04-02 14:02 - 2014-05-30 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download-4-Free bundle
2015-04-02 12:21 - 2012-03-08 16:04 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-31 10:28 - 2014-07-01 14:28 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\VERIZON
2015-03-31 10:00 - 2013-12-10 12:58 - 00000000 ____D () C:\Program Files (x86)\GRETECH
2015-03-31 02:31 - 2013-11-27 15:59 - 00000000 ____D () C:\Users\administrator
2015-03-30 17:17 - 2011-02-11 16:29 - 00780914 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-30 16:32 - 2014-07-01 14:34 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-30 16:32 - 2013-12-19 11:18 - 00000000 ____D () C:\Users\equick.PLANNING2
2015-03-30 16:32 - 2013-11-27 15:54 - 00000000 ____D () C:\Users\dphenry
2015-03-30 16:32 - 2012-03-08 15:54 - 00000000 ____D () C:\Users\equick
2015-03-30 16:32 - 2012-02-17 12:35 - 00000000 ____D () C:\ProgramData\Norton
2015-03-30 16:32 - 2012-02-17 12:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-30 16:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-30 16:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-03-30 12:51 - 2014-07-01 14:29 - 00000000 ____D () C:\ProgramData\Samsung
2015-03-30 11:43 - 2014-10-02 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-03-30 08:58 - 2014-07-01 14:29 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2015-03-27 14:00 - 2012-02-17 13:10 - 00000000 ____D () C:\ProgramData\DigitalPersona
2015-03-27 14:00 - 2012-02-17 12:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-27 14:00 - 2012-02-17 12:27 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-03-27 14:00 - 2012-02-17 12:27 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-03-27 10:51 - 2012-02-17 12:28 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-03-27 08:35 - 2014-05-21 10:40 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\Citrix
2015-03-27 08:34 - 2014-10-30 15:14 - 00000000 ____D () C:\Program Files (x86)\FREE Outlook OST File Viewer
2015-03-27 08:19 - 2015-03-02 18:10 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-26 16:53 - 2014-03-14 11:42 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-26 15:55 - 2014-10-01 11:14 - 00000000 ____D () C:\ProgramData\Apple
2015-03-26 15:46 - 2015-02-11 17:08 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer A1PCCleaner
2015-03-26 15:42 - 2014-02-04 10:03 - 00000000 ____D () C:\Program Files\4Team Corporation
2015-03-26 15:12 - 2014-01-25 10:24 - 00000000 ___RD () C:\Users\dphenry.DPHENRY\Google Drive
2015-03-21 15:42 - 2015-02-25 15:20 - 00000348 _____ () C:\Windows\Tasks\0215tbUpdateInfo.job
2015-03-21 15:42 - 2015-02-25 15:20 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-03-19 16:10 - 2012-06-20 09:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-17 15:23 - 2012-03-09 10:47 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-17 11:41 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 11:40 - 2013-12-10 13:08 - 00001311 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-03-17 11:40 - 2013-12-10 13:08 - 00001299 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-03-17 11:38 - 2015-02-06 11:12 - 00000000 ____D () C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2014-03-03 09:18 - 2014-06-02 08:33 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-03-18 09:33 - 2015-03-18 09:33 - 0000033 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\AdobeWLCMCache.dat
2013-12-04 09:32 - 2013-12-04 09:32 - 0022320 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-12-03 09:54 - 2014-10-01 14:55 - 0022526 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-05-30 14:20 - 2014-12-30 15:04 - 0000133 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\WB.CFG
2014-09-20 14:10 - 2014-09-20 14:10 - 0003584 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-30 15:04 - 2014-12-30 15:04 - 0000010 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\DSI.DAT
2015-04-10 12:40 - 2015-04-10 12:40 - 0000017 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\resmon.resmoncfg
2015-03-12 10:10 - 2015-03-12 10:10 - 0017408 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\WebpageIcons.db
 
Some content of TEMP:
====================
C:\Users\dphenry.DPHENRY\AppData\Local\Temp\IntResource64.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-08-02 09:02
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by dphenry at 2015-04-13 15:46:16
Running from C:\Users\dphenry.DPHENRY\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Business Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Business Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Business Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.1.474 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM-x32\...\{F80BB030-D3E3-11E4-B787-F144E7411942}) (Version: 2014.3.2.11 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Dashlane (HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Dashlane) (Version: 3.2.4.78888 - Dashlane SAS)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
File Opener Pro (HKLM-x32\...\fileopenerpro) (Version:  - FileOpenerPro) <==== ATTENTION
Folder Marker Home (Giveaway Edition) (HKLM\...\Folder Marker Home (Giveaway Edition)_is1) (Version: 4.2 - ArcticLine Software)
Google Apps Migration For Microsoft Outlook® 3.3.25.50 (HKLM\...\{C810D017-F651-4DAB-9AA5-3C670F5A3D78}) (Version: 3.3.25.50 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.7.395.1040 (HKLM\...\{044CE495-0ECB-4F8A-B454-F35A7DC1F520}) (Version: 3.7.395.1040 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lookeen Search (HKLM-x32\...\6D7E910F-716D-41E2-98A4-29691C352C1A_is1) (Version: 10.0.1.5882 - Axonic)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 1.2.2.10196) (Version: 1.4.17.10772 - MediaFire)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2002 Runtime (HKLM-x32\...\{901C0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{AAA936C2-46D5-401F-92E9-483616DDCCBD}) (Version: 8.05.2004 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x64) ENU  (HKLM\...\{A4E269C1-168D-40D3-9ABD-57FE4D4DB537}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x64) ENU  (HKLM\...\{1391A7DF-8A20-44C0-A4D8-0D23DDA1C627}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi PDF Converter version 5.2 (HKLM-x32\...\{43CF388F-EB3B-4AF2-9A3C-0E5A2013F598}_is1) (Version: 5.2 - Essex Software, LLC)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Norton Business Suite (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF2PageTurn 1.3 (HKLM-x32\...\PDF2PageTurn100_is1) (Version: 1.3 - DNAML Pty Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PIDC Portfolio and Deal Tracking (HKLM-x32\...\PIDC Portfolio and Deal Tracking) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Snagit 11 (HKLM-x32\...\{90D0FC4B-D653-4F49-BB97-A48C74A52E71}) (Version: 11.4.3 - TechSmith Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{2CE74FD9-BD2F-4190-877C-5F8737C0A96E}) (Version: 2.15.0304 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{03C4C5F4-1893-444C-B8D8-002F0034DA92}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{11E2BC0C-5D4F-4E0C-B438-501FFE05A382}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{29AB7A12-B531-450E-8F7A-EA94C2F3C05F}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{37587889-FC28-4507-B6D3-8557305F7511}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{3E8E0584-1B63-46DF-8783-EAE6DB9859DD}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{4A5E947E-C407-4DCC-A0B5-5658E457153B}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{4FD5C4D3-6C15-4EA0-9EB9-EEE8FC74A91B}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{620D55B0-F2FB-464E-A278-B4308DB1DB2B}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{741BEEFD-AEC0-4AFF-84AF-4F61D15F5526}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{7A41359E-0407-470F-B3F7-7C6A0F7C449A}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{7C4A630A-DE98-4E3E-8093-E8F5E159BB72}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{7ED1E9B1-CB57-4FA0-84E8-FAE653FE8E6B}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{A6931B16-90FA-4D69-A49F-3ABFA2C04060}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{C3B05695-AE2C-4FD5-A191-2E4C782C03E0}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{C5AA36A1-8BD1-47E0-90F8-47E7239C6EA1}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{D46BA7B2-899F-4F60-85C7-4DF5713F6F18}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{ED323630-B4FD-4628-BC6A-D4CC44AE3F00}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{FA2CBAFB-F7B1-4F41-9B7A-73329A6C1CB7}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
 
==================== Restore Points  =========================
 
12-04-2015 13:42:25 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A489C7F-E3E1-4534-9DC2-1442AF3DF2FE} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer A1PCCleaner\updater.exe
Task: {116B49DD-AAB1-42CB-9D61-4A5DEEAA49ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {1A34F92C-149D-4677-BDC0-309C0AA984EE} - System32\Tasks\HPCeeScheduleForequick => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {1AD74C88-7070-4688-BEC3-325A0CBFCF6E} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe
Task: {2215D640-0A28-499D-A045-30C3D115150C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {23450103-389B-44D6-96D9-FD66CE093C92} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe
Task: {2777704A-BAB5-4352-96C5-1A2BFB2F1C5B} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{4C6AF7EC-CEA6-43F6-85C2-907E3228F984}.exe [2015-02-25] ()
Task: {311400C2-7A8F-48C1-AB85-68DC5B0F04F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {3511D43D-4E49-4E31-A114-A54DA8C7B7AA} - System32\Tasks\RegistrationAltF4 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {4810384F-6159-4CCE-A12E-C23ED842BE5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {56DE50A9-F154-4244-8677-2285E7620C79} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{46095426-1C85-40E9-A33A-C04FB9A13503}.exe [2014-11-06] ()
Task: {5A2B218A-3E6A-4E3E-884E-831548189BA6} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {6A6B14A0-6F1D-44ED-A632-A53EE5A212A1} - System32\Tasks\AdobeAAMUpdater-1.0-DPHENRY-dphenry => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {79D331EA-8DC4-4295-BB1C-9CE02FFFFE16} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{3676F502-0482-44D6-BBA6-189DE7EB66AF}.exe [2014-08-26] ()
Task: {7B8CC525-48CF-4E2E-B05C-7BF65D69BC23} - System32\Tasks\Norton Business Suite\Norton Error Processor => C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {85B331E4-EEC7-4EFA-8535-0B836076A3F6} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {85D96BC8-CFAE-4F70-BFDB-80B298F5D0ED} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{EEEA1D27-2575-4947-804F-CE9746B25A27}.exe [2014-12-08] ()
Task: {8EAB8391-F870-4C28-B66F-2AB6BE55730E} - System32\Tasks\AdobeAAMUpdater-1.0-EQUICK-equick => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {9157497F-A089-452A-82A1-C66A996F4617} - System32\Tasks\ParetoLogic Update Version3 => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {9441C7C3-0DEC-4FE6-9823-A468C5533B6E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9D65DE27-4A6B-4B2C-84D9-FF5346BBC7FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {9DAF450D-97B4-4FBA-8880-5ED317C88EFF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AAD1B6B0-836A-4760-A05D-2D8E053693B3} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {AC9E1AC5-63D9-462B-83D8-586A73D7C18E} - \RegCure Pro Startup No Task File <==== ATTENTION
Task: {B94C58ED-18A2-4C80-A761-D7B5587AC9AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {CC15D750-7AD9-4CCC-B2EE-6F053F98E5CD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CD84E34B-E258-473D-B4E0-4E82A251D814} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {D3506F82-217D-4423-9135-39FB4A45EB6C} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-23] (CyberLink)
Task: {DD9B87CE-1860-44C3-8939-4BB9D7A7E963} - System32\Tasks\4Team updater => C:\Program Files\4Team Corporation\4Team-Updater\4Team-Updater.exe
Task: {DDF74AF6-61E8-41E3-87F5-9CC6C90508FB} - System32\Tasks\Western Digital\SmartWare\____Volume_d7f9f5f8_5989_11e1_a40e_806e6f6e6963__dropbox_029d5e60_6d0c_472c_9a66_04d0cf8da15e_dropbox_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe
Task: {DDFB02C6-722D-4FA7-A913-B56872A3F603} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {E11E72A8-D6A9-4A42-AA5D-8F6995509640} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer A1PCCleaner\Popialert.exe
Task: {E1C092FF-CAA8-4C23-909A-5EB18541547E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {E2584199-3A53-4311-A18D-26E3D5E75C4B} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer A1PCCleaner\Probsalert.exe
Task: {E722D29B-B6DF-4994-AC1B-F38012A9E131} - System32\Tasks\Norton Business Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EEDF0933-1A49-41EB-BF36-671A50BFD2AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {F030352B-B751-4AC4-8EAB-BE0D937239CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {F5601148-AF3A-4164-8F40-F3A46A9D2007} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F88B48BC-3F87-40BE-BD96-6208EDABA560} - System32\Tasks\HPCeeScheduleForEQUICK$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {FA4E4D5A-09F2-4B7D-BAB8-18516FD5231E} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe
Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{4C6AF7EC-CEA6-43F6-85C2-907E3228F984}.exe
Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{3676F502-0482-44D6-BBA6-189DE7EB66AF}.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{46095426-1C85-40E9-A33A-C04FB9A13503}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{EEEA1D27-2575-4947-804F-CE9746B25A27}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFordphenry.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForEQUICK$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForequick.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-08-05 12:51 - 2015-02-03 14:32 - 00456504 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2015-02-11 15:13 - 2015-02-11 15:13 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-25 10:04 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-02-17 12:20 - 2010-11-29 00:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-25 10:25 - 2015-02-17 07:49 - 00232632 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\DashlanePlugin.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-04-10 10:58 - 2007-01-14 19:18 - 00286720 _____ () C:\Program Files (x86)\Axonic\Lookeen\Interop.Outlook.dll
2015-04-10 10:58 - 2007-01-14 19:18 - 00151552 _____ () C:\Program Files (x86)\Axonic\Lookeen\Interop.Office.dll
2013-02-15 03:36 - 2013-02-15 03:36 - 01554496 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 02858656 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\SendAsLinkX.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 05102240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\AdobePDFMakerX.dll
2014-11-25 10:25 - 2015-02-17 07:49 - 00227000 _____ () C:\Users\DPHENR~1.DPH\AppData\Roaming\Dashlane\Dashlane.exe
2015-04-10 10:58 - 2015-04-01 14:53 - 00120136 _____ () C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch64.exe
2015-04-10 10:58 - 2015-04-01 14:51 - 00009728 _____ () C:\Program Files (x86)\Axonic\Lookeen\LookeenEssentials.dll
2015-04-10 10:58 - 2015-04-01 14:51 - 00027648 _____ () C:\Program Files (x86)\Axonic\Lookeen\LSGatewaySupport.dll
2009-12-25 21:52 - 2009-12-25 21:52 - 00015360 _____ () C:\Windows\System32\KOAYTS_L.DLL
2009-12-25 21:52 - 2009-12-25 21:52 - 00015360 _____ () C:\Windows\System32\KOAYTJ_L.DLL
2009-12-25 21:52 - 2009-12-25 21:52 - 00015360 _____ () C:\Windows\System32\KOAYTA_L.DLL
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-01 18:34 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-01 18:34 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-01 18:34 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 05730488 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00442040 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00307384 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00418488 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 30961336 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 12115640 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00266936 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 02047672 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00183992 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.2.4.78888.dll
2014-04-18 16:08 - 2014-04-18 16:08 - 01298432 ____R () C:\Program Files (x86)\TechSmith\Snagit 11\PDFLib.dll
2014-04-18 16:14 - 2014-04-18 16:14 - 00134144 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\VideoRecording.dll
2014-04-18 16:13 - 2014-04-18 16:13 - 00113152 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\SDKRecorder.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00307384 _____ () C:\Users\DPHENR~1.DPH\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00418488 _____ () C:\Users\DPHENR~1.DPH\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00442040 _____ () C:\Users\DPHENR~1.DPH\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 30961336 _____ () C:\Users\DPHENR~1.DPH\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00266936 _____ () C:\Users\DPHENR~1.DPH\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 05730488 _____ () C:\Users\DPHENR~1.DPH\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 06726840 _____ () C:\Users\DPHENR~1.DPH\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.4.78888.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-216613731-740240614-3180958297-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\dphenry.DPHENRY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 11.lnk => C:\Windows\pss\Snagit 11.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^dphenry.DPHENRY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lookeen.lnk => C:\Windows\pss\Lookeen.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dashlane => "C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\dphenry.DPHENRY\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: MediaFire Tray => C:\Users\dphenry.DPHENRY\AppData\Local\MediaFire Desktop\mf_watch.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: updateMgr => "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-216613731-740240614-3180958297-500 - Administrator - Disabled)
dphenry (S-1-5-21-216613731-740240614-3180958297-1003 - Administrator - Enabled) => C:\Users\dphenry.DPHENRY
equick (S-1-5-21-216613731-740240614-3180958297-1002 - Administrator - Enabled) => C:\Users\equick
Guest (S-1-5-21-216613731-740240614-3180958297-501 - Limited - Disabled)
HP USER (S-1-5-21-216613731-740240614-3180958297-1001 - Administrator - Enabled) => C:\Users\HP USER
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 43%
Total physical RAM: 8080.02 MB
Available physical RAM: 4575.55 MB
Total Pagefile: 16158.22 MB
Available Pagefile: 12528.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:456.16 GB) (Free:184.13 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:9.5 GB) (Free:1.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8C67FAFA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Where from here please?
 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 18 April 2015 - 03:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/573123 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:07 PM

Posted 23 April 2015 - 03:15 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 AM

Posted 24 April 2015 - 08:44 AM

Greetings dphenry157 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not sure why there has been such a delay but if you still desire help I would like you to run FRST again, including Addition.txt and post the logs. I want to make sure we are acting on the most current state of you computer.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 AM

Posted 27 April 2015 - 05:56 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 dphenry157

dphenry157
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 28 April 2015 - 03:13 PM

Yes, still need help please, work keeps piling up, I will reply ASAP.

 

TY



#7 dphenry157

dphenry157
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 28 April 2015 - 03:42 PM

FURST:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by dphenry at 2015-04-28 16:22:45
Running from C:\Users\dphenry.DPHENRY\Desktop\Documents
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-216613731-740240614-3180958297-500 - Administrator - Disabled)
dphenry (S-1-5-21-216613731-740240614-3180958297-1003 - Administrator - Enabled) => C:\Users\dphenry.DPHENRY
equick (S-1-5-21-216613731-740240614-3180958297-1002 - Administrator - Enabled) => C:\Users\equick
Guest (S-1-5-21-216613731-740240614-3180958297-501 - Limited - Disabled)
HP USER (S-1-5-21-216613731-740240614-3180958297-1001 - Administrator - Enabled) => C:\Users\HP USER
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Business Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Business Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Business Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.0.74 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Muse CC 2014 (HKLM-x32\...\{F80BB030-D3E3-11E4-B787-F144E7411942}) (Version: 2014.3.2.11 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Dashlane (HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Dashlane) (Version: 3.2.4.78888 - Dashlane SAS)
Dell System Detect (HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\73f463568823ebbe) (Version: 6.0.0.18 - Dell)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
File Opener Pro (HKLM-x32\...\fileopenerpro) (Version:  - FileOpenerPro) <==== ATTENTION
Folder Marker Home (Giveaway Edition) (HKLM\...\Folder Marker Home (Giveaway Edition)_is1) (Version: 4.2 - ArcticLine Software)
Google Apps Migration For Microsoft Outlook® 3.3.25.50 (HKLM\...\{C810D017-F651-4DAB-9AA5-3C670F5A3D78}) (Version: 3.3.25.50 - Google, Inc.)
Google Apps Sync™ for Microsoft Outlook® 3.7.395.1040 (HKLM\...\{044CE495-0ECB-4F8A-B454-F35A7DC1F520}) (Version: 3.7.395.1040 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lookeen Search (HKLM-x32\...\6D7E910F-716D-41E2-98A4-29691C352C1A_is1) (Version: 10.0.1.5882 - Axonic)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MediaFire Desktop (HKLM-x32\...\MediaFire Desktop 1.2.2.10196) (Version: 1.4.17.10772 - MediaFire)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2002 Runtime (HKLM-x32\...\{901C0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{AAA936C2-46D5-401F-92E9-483616DDCCBD}) (Version: 8.05.2004 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x64) ENU  (HKLM\...\{A4E269C1-168D-40D3-9ABD-57FE4D4DB537}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x64) ENU  (HKLM\...\{1391A7DF-8A20-44C0-A4D8-0D23DDA1C627}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi PDF Converter version 5.2 (HKLM-x32\...\{43CF388F-EB3B-4AF2-9A3C-0E5A2013F598}_is1) (Version: 5.2 - Essex Software, LLC)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
Norton Business Suite (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF2PageTurn 1.3 (HKLM-x32\...\PDF2PageTurn100_is1) (Version: 1.3 - DNAML Pty Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PIDC Portfolio and Deal Tracking (HKLM-x32\...\PIDC Portfolio and Deal Tracking) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Snagit 11 (HKLM-x32\...\{90D0FC4B-D653-4F49-BB97-A48C74A52E71}) (Version: 11.4.3 - TechSmith Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{2CE74FD9-BD2F-4190-877C-5F8737C0A96E}) (Version: 2.15.0304 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{03C4C5F4-1893-444C-B8D8-002F0034DA92}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{11E2BC0C-5D4F-4E0C-B438-501FFE05A382}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{29AB7A12-B531-450E-8F7A-EA94C2F3C05F}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{37587889-FC28-4507-B6D3-8557305F7511}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{3E8E0584-1B63-46DF-8783-EAE6DB9859DD}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{4A5E947E-C407-4DCC-A0B5-5658E457153B}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{4FD5C4D3-6C15-4EA0-9EB9-EEE8FC74A91B}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{620D55B0-F2FB-464E-A278-B4308DB1DB2B}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{741BEEFD-AEC0-4AFF-84AF-4F61D15F5526}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{7A41359E-0407-470F-B3F7-7C6A0F7C449A}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{7C4A630A-DE98-4E3E-8093-E8F5E159BB72}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{7ED1E9B1-CB57-4FA0-84E8-FAE653FE8E6B}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{A6931B16-90FA-4D69-A49F-3ABFA2C04060}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{C3B05695-AE2C-4FD5-A191-2E4C782C03E0}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{C5AA36A1-8BD1-47E0-90F8-47E7239C6EA1}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{D46BA7B2-899F-4F60-85C7-4DF5713F6F18}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{ED323630-B4FD-4628-BC6A-D4CC44AE3F00}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
CustomCLSID: HKU\S-1-5-21-216613731-740240614-3180958297-1003_Classes\CLSID\{FA2CBAFB-F7B1-4F41-9B7A-73329A6C1CB7}\InprocServer32 -> C:\Program Files (x86)\Axonic\Lookeen\Redemption64.dll (Advanced Messaging Systems LLC)
 
==================== Restore Points  =========================
 
23-04-2015 00:00:01 Scheduled Checkpoint
28-04-2015 12:04:03 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
28-04-2015 12:04:21 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
28-04-2015 12:04:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
28-04-2015 12:05:50 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
28-04-2015 12:16:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
28-04-2015 12:16:28 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A489C7F-E3E1-4534-9DC2-1442AF3DF2FE} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer A1PCCleaner\updater.exe
Task: {116B49DD-AAB1-42CB-9D61-4A5DEEAA49ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {1A34F92C-149D-4677-BDC0-309C0AA984EE} - System32\Tasks\HPCeeScheduleForequick => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {1AD74C88-7070-4688-BEC3-325A0CBFCF6E} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe
Task: {2215D640-0A28-499D-A045-30C3D115150C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {23450103-389B-44D6-96D9-FD66CE093C92} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe
Task: {2777704A-BAB5-4352-96C5-1A2BFB2F1C5B} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{4C6AF7EC-CEA6-43F6-85C2-907E3228F984}.exe [2015-02-25] ()
Task: {311400C2-7A8F-48C1-AB85-68DC5B0F04F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {3511D43D-4E49-4E31-A114-A54DA8C7B7AA} - System32\Tasks\RegistrationAltF4 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {4810384F-6159-4CCE-A12E-C23ED842BE5A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {56DE50A9-F154-4244-8677-2285E7620C79} - System32\Tasks\1114tbUpdateInfo => C:\ProgramData\Avg_Update_1114tb\1114tb_{46095426-1C85-40E9-A33A-C04FB9A13503}.exe [2014-11-06] ()
Task: {5A2B218A-3E6A-4E3E-884E-831548189BA6} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {6A6B14A0-6F1D-44ED-A632-A53EE5A212A1} - System32\Tasks\AdobeAAMUpdater-1.0-DPHENRY-dphenry => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {79D331EA-8DC4-4295-BB1C-9CE02FFFFE16} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{3676F502-0482-44D6-BBA6-189DE7EB66AF}.exe [2014-08-26] ()
Task: {7B8CC525-48CF-4E2E-B05C-7BF65D69BC23} - System32\Tasks\Norton Business Suite\Norton Error Processor => C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {85B331E4-EEC7-4EFA-8535-0B836076A3F6} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {85D96BC8-CFAE-4F70-BFDB-80B298F5D0ED} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{EEEA1D27-2575-4947-804F-CE9746B25A27}.exe [2014-12-08] ()
Task: {8EAB8391-F870-4C28-B66F-2AB6BE55730E} - System32\Tasks\AdobeAAMUpdater-1.0-EQUICK-equick => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {9157497F-A089-452A-82A1-C66A996F4617} - System32\Tasks\ParetoLogic Update Version3 => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {9441C7C3-0DEC-4FE6-9823-A468C5533B6E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9D65DE27-4A6B-4B2C-84D9-FF5346BBC7FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {9DAF450D-97B4-4FBA-8880-5ED317C88EFF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AAD1B6B0-836A-4760-A05D-2D8E053693B3} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {AC9E1AC5-63D9-462B-83D8-586A73D7C18E} - \RegCure Pro Startup No Task File <==== ATTENTION
Task: {B94C58ED-18A2-4C80-A761-D7B5587AC9AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {CC15D750-7AD9-4CCC-B2EE-6F053F98E5CD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {CD84E34B-E258-473D-B4E0-4E82A251D814} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {D3506F82-217D-4423-9135-39FB4A45EB6C} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-23] (CyberLink)
Task: {DD9B87CE-1860-44C3-8939-4BB9D7A7E963} - System32\Tasks\4Team updater => C:\Program Files\4Team Corporation\4Team-Updater\4Team-Updater.exe
Task: {DDF74AF6-61E8-41E3-87F5-9CC6C90508FB} - System32\Tasks\Western Digital\SmartWare\____Volume_d7f9f5f8_5989_11e1_a40e_806e6f6e6963__dropbox_029d5e60_6d0c_472c_9a66_04d0cf8da15e_dropbox_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe
Task: {DDFB02C6-722D-4FA7-A913-B56872A3F603} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {E11E72A8-D6A9-4A42-AA5D-8F6995509640} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer A1PCCleaner\Popialert.exe
Task: {E1C092FF-CAA8-4C23-909A-5EB18541547E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-11] (Adobe Systems Incorporated)
Task: {E2584199-3A53-4311-A18D-26E3D5E75C4B} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer A1PCCleaner\Probsalert.exe
Task: {E722D29B-B6DF-4994-AC1B-F38012A9E131} - System32\Tasks\Norton Business Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {EEDF0933-1A49-41EB-BF36-671A50BFD2AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {F030352B-B751-4AC4-8EAB-BE0D937239CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {F5601148-AF3A-4164-8F40-F3A46A9D2007} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F88B48BC-3F87-40BE-BD96-6208EDABA560} - System32\Tasks\HPCeeScheduleForEQUICK$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {FA4E4D5A-09F2-4B7D-BAB8-18516FD5231E} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe
Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{4C6AF7EC-CEA6-43F6-85C2-907E3228F984}.exe
Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{3676F502-0482-44D6-BBA6-189DE7EB66AF}.exe
Task: C:\Windows\Tasks\1114tbUpdateInfo.job => C:\ProgramData\Avg_Update_1114tb\1114tb_{46095426-1C85-40E9-A33A-C04FB9A13503}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{EEEA1D27-2575-4947-804F-CE9746B25A27}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFordphenry.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForEQUICK$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForequick.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2009-12-25 21:52 - 2009-12-25 21:52 - 00015360 _____ () C:\Windows\System32\KOAYTS_L.DLL
2009-12-25 21:52 - 2009-12-25 21:52 - 00015360 _____ () C:\Windows\System32\KOAYTJ_L.DLL
2009-12-25 21:52 - 2009-12-25 21:52 - 00015360 _____ () C:\Windows\System32\KOAYTA_L.DLL
2011-04-26 00:22 - 2011-04-26 00:22 - 00683008 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOAYTJ_O.DLL
2014-10-25 13:25 - 2013-09-27 10:47 - 00002560 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\DLHLSZLT-1.XRS
2014-10-25 13:25 - 2013-09-27 10:47 - 00205824 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\DLHLSZLS-1.XRS
2014-08-05 12:51 - 2015-02-03 14:32 - 00456504 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
2012-02-17 12:20 - 2010-11-29 00:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-25 10:25 - 2015-02-17 07:49 - 00227000 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\Dashlane.exe
2014-11-25 10:25 - 2015-02-17 07:49 - 00232632 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\DashlanePlugin.exe
2015-04-10 10:58 - 2015-04-01 14:53 - 00120136 _____ () C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch64.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-04-16 17:42 - 2015-04-16 17:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-10 10:58 - 2015-04-01 14:51 - 00009728 _____ () C:\Program Files (x86)\Axonic\Lookeen\LookeenEssentials.dll
2015-04-10 10:58 - 2015-04-01 14:51 - 00027648 _____ () C:\Program Files (x86)\Axonic\Lookeen\LSGatewaySupport.dll
2015-04-10 10:58 - 2007-01-14 19:18 - 00286720 _____ () C:\Program Files (x86)\Axonic\Lookeen\Interop.Outlook.dll
2015-04-10 10:58 - 2007-01-14 19:18 - 00151552 _____ () C:\Program Files (x86)\Axonic\Lookeen\Interop.Office.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 05102240 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\AdobePDFMakerX.dll
2013-02-15 03:36 - 2013-02-15 03:36 - 01554496 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 02858656 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\PDFMaker\Common\X64\SendAsLinkX.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-16 17:41 - 2015-04-16 17:41 - 05842080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-02-17 07:48 - 2015-02-17 07:48 - 00307384 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00418488 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00442040 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 30961336 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00266936 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 05730488 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 06726840 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.4.78888.dll
2014-01-06 11:52 - 2014-01-06 11:52 - 03244032 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2014-04-18 16:08 - 2014-04-18 16:08 - 01298432 ____R () C:\Program Files (x86)\TechSmith\Snagit 11\PDFLib.dll
2014-04-18 16:14 - 2014-04-18 16:14 - 00134144 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\VideoRecording.dll
2014-04-18 16:13 - 2014-04-18 16:13 - 00113152 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\SDKRecorder.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-16 20:12 - 2015-04-13 17:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 20:12 - 2015-04-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 12115640 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 02047672 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.2.4.78888.dll
2015-02-17 07:48 - 2015-02-17 07:48 - 00183992 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.2.4.78888.dll
2015-04-16 20:12 - 2015-04-13 17:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
2015-04-20 07:16 - 2015-04-20 07:16 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2015-04-20 07:16 - 2015-04-20 07:16 - 00746672 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2015-04-20 07:16 - 2015-04-20 07:16 - 00136368 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-216613731-740240614-3180958297-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\dphenry.DPHENRY\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{10C4A4DC-DC10-4D70-8DEE-4B5D2B3B2248}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{CDFA1F17-C045-4E16-82E9-DD44BE321722}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{EE89009E-7BBC-4CB0-9CDA-F0F1A2B371FB}] => (Allow) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
FirewallRules: [{839964A3-4739-4840-9638-C912121A715A}] => (Allow) C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{3E9EB221-E303-4EC6-9B71-D42F7EE14B05}] => (Allow) C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
FirewallRules: [{47D3B979-BD7B-446E-B670-720AE0A77901}] => (Allow) C:\Program Files\Microsoft Office\Office14\outlook.exe
FirewallRules: [{E2E7934A-832C-4444-A218-2FA65C8BE966}] => (Allow) LPort=8298
FirewallRules: [{379F19F3-2451-4930-BF8E-DAE47C07B927}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09EF589A-2067-4D4E-BF03-E665C2C09D44}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EEA3FB67-A5EC-4851-A492-ABB6656D2D33}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99129AF6-6809-4B88-AE38-8716A4402BD3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F5D02BDF-98E6-4087-BCDE-9925FFEE167C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AA818EC1-D994-4F08-9CD8-D78BEA32769D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A321AC9B-85D4-42C0-B620-DCD22F5411C4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{74FE94C3-EC49-4C47-AEEE-8E791985D365}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A2565B6F-DDE1-4CD8-9F80-BE61559168E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 60%
Total physical RAM: 8080.02 MB
Available physical RAM: 3190.65 MB
Total Pagefile: 16158.22 MB
Available Pagefile: 10235.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:456.16 GB) (Free:185.88 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:9.5 GB) (Free:1.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:837.46 GB) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:465.66 GB) (Free:416.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8C67FAFA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: E0F1D0ED)
Partition 1: (Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 46DE89B4)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Further instructions please?


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 AM

Posted 28 April 2015 - 04:03 PM

Please post the FRST report which should be in the same location as Addition.txt.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 dphenry157

dphenry157
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 28 April 2015 - 04:05 PM

Is this better:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by dphenry (administrator) on DPHENRY on 28-04-2015 16:21:15
Running from C:\Users\dphenry.DPHENRY\Desktop\Documents
Loaded Profiles: dphenry (Available profiles: HP USER & equick & dphenry)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Users\dphenry.DPHENRY\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\n360.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\Dashlane.exe
(Google Inc.) C:\Users\dphenry.DPHENRY\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7233640 2011-06-14] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1851040 2015-03-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-04-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Run: [GoogleChromeAutoLaunch_D5032C95D0AFE1B632236545FA40F308] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Run: [Dashlane] => C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\Dashlane.exe [227000 2015-02-17] ()
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Run: [updateMgr] => "C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Run: [MediaFire Tray] => C:\Users\dphenry.DPHENRY\AppData\Local\MediaFire Desktop\mf_watch.exe [4002120 2015-02-03] ()
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Run: [Google+ Auto Backup] => C:\Users\dphenry.DPHENRY\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [867488 2015-03-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: H - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {1fda1161-7720-11e4-9b9b-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {1fda1293-7720-11e4-9b9b-082e5f2a15a9} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {2889da4b-4b05-11e4-be63-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {4d454c93-4961-11e4-9eac-082e5f2a15a9} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {56373f77-0120-11e4-b20e-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2015-04-13]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\dphenry.DPHENRY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lookeen.lnk [2015-04-13]
ShortcutTarget: Lookeen.lnk -> C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch.exe ()
Startup: C:\Users\dphenry.DPHENRY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lookeen.lnk [2015-04-13]
ShortcutTarget: Lookeen.lnk -> C:\Program Files (x86)\Axonic\Lookeen\LookeenDesktopSearch.exe ()
Startup: C:\Users\equick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-05-08]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] ()
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_0cca2.dll [2014-07-30] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_0cca2.dll [2014-07-30] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_0cca2.dll [2014-07-30] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_0cca2.dll [2014-07-30] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_0cca2.dll [2014-07-30] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-216613731-740240614-3180958297-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/19
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-216613731-740240614-3180958297-1003 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-216613731-740240614-3180958297-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Business Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-216613731-740240614-3180958297-1003 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-03-17] (Adobe Systems Incorporated)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-11] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-19] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-216613731-740240614-3180958297-1003: @citrixonline.com/appdetectorplugin -> C:\Users\dphenry.DPHENRY\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-21] (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-04-09]
FF HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}
FF Extension: Dashlane - C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane\3.2.4.78888\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-02-18]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2014-04-11] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-02]
CHR Extension: (Google Drive) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-02]
CHR Extension: (YouTube) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-02]
CHR Extension: (Google Search) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-02]
CHR Extension: (Google+) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-02-24]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-04-03]
CHR Extension: (Dashlane) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-12-11]
CHR Extension: (Save to Google Drive) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-02-24]
CHR Extension: (Norton Identity Safe) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-12-02]
CHR Extension: (No Name) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Gmail) - C:\Users\dphenry.DPHENRY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-08]
CHR HKU\S-1-5-21-216613731-740240614-3180958297-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [603312 2015-04-20] (Adobe Systems Incorporated)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MF NTFS Monitor; C:\Users\dphenry.DPHENRY\AppData\Local\MediaFire Desktop\MFUsnMonitorService.exe [456504 2015-02-03] ()
R2 N360; C:\Program Files (x86)\Norton Business Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-09] (Emsisoft GmbH)
R1 BHDrvx64; C:\Program Files (x86)\Norton Business Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150418.001\BHDrvx64.sys [1639128 2015-04-08] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-09] (Emsisoft GmbH)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Business Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150427.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-13] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-13] (Intel® Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-02-03] (Windows ® Win 7 DDK provider)
R3 NAVENG; C:\Program Files (x86)\Norton Business Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150427.039\ENG64.SYS [129752 2015-03-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Business Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150427.039\EX64.SYS [2137304 2015-03-23] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-02-17] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-28 16:21 - 2015-04-28 16:22 - 00029883 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\FRST.txt
2015-04-28 16:21 - 2015-04-28 16:21 - 02100736 _____ (Farbar) C:\Users\dphenry.DPHENRY\Desktop\Documents\FRST64.exe
2015-04-28 12:21 - 2015-04-28 12:21 - 00000986 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2015-04-28 11:35 - 2015-04-28 11:35 - 00665776 _____ (Adobe Systems Incorporated) C:\Users\dphenry.DPHENRY\Desktop\Documents\CreativeCloudSet-Up.exe
2015-04-27 14:59 - 2015-04-27 15:00 - 00027269 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\qrcode (1)_042715.jpeg
2015-04-24 09:33 - 2015-04-24 09:33 - 00347816 _____ (Microsoft Corporation) C:\Users\dphenry.DPHENRY\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-04-23 08:46 - 2015-04-23 08:46 - 00000611 _____ () C:\Users\dphenry.DPHENRY\Downloads\calendar.ics
2015-04-18 13:41 - 2015-04-18 13:41 - 00098304 _____ () C:\Users\dphenry.DPHENRY\Downloads\88365213-f22d-422b-948e-8d2be7c337ff (1).xls
2015-04-18 13:39 - 2015-04-18 13:39 - 00098304 _____ () C:\Users\dphenry.DPHENRY\Downloads\88365213-f22d-422b-948e-8d2be7c337ff.xls
2015-04-17 09:50 - 2015-04-17 09:50 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-04-17 09:50 - 2015-04-17 09:50 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\Deployment
2015-04-17 09:49 - 2015-04-17 09:49 - 00009352 _____ () C:\Users\dphenry.DPHENRY\Downloads\dellsystemdetect.application
2015-04-15 01:13 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 01:13 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 01:13 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 01:13 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 01:13 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 01:13 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 01:13 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 01:13 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 01:13 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 01:13 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 01:13 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 01:13 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 01:13 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 01:13 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 01:13 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 01:13 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 01:13 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 01:13 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 01:13 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 01:13 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 01:13 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 01:13 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 01:13 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 01:13 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 01:13 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 01:13 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 01:13 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 01:13 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 01:13 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 01:13 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 01:13 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 01:13 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 01:13 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 01:13 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 01:13 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 01:13 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 01:13 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 01:13 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 01:13 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 01:13 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 01:13 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 01:13 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 01:13 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 01:13 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 01:13 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 01:13 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 01:12 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 01:12 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 01:12 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 01:12 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 01:12 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 01:12 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 01:12 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 01:12 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 01:12 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 01:12 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 01:12 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 01:12 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 01:12 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 01:12 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 01:12 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 01:12 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 01:12 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 01:12 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 01:12 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 01:12 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 01:12 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 01:12 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 01:12 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 01:12 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 01:12 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 01:12 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 01:12 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 01:12 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 01:12 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 01:12 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 01:12 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 01:12 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 01:12 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 01:12 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 01:12 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 01:12 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 01:12 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 01:12 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 01:12 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 01:12 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 01:12 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 01:12 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 01:12 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 01:12 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 01:12 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 01:12 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 01:12 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 01:12 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 01:12 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 01:12 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 01:12 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 01:12 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 01:12 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 01:12 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 01:12 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 01:12 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 01:12 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 01:12 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 01:12 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 01:12 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 01:12 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 01:12 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 01:12 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 01:12 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 01:12 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 01:12 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 01:12 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 01:12 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 01:12 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 01:12 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 01:12 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 01:12 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 01:12 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 01:12 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 01:12 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 01:12 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 01:12 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 01:12 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 01:12 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 01:12 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 01:12 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 01:12 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 01:12 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 01:12 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 01:12 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 01:12 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-13 15:46 - 2015-04-13 16:02 - 00037211 _____ () C:\Users\dphenry.DPHENRY\Downloads\Addition.txt
2015-04-13 15:44 - 2015-04-13 15:53 - 00047028 _____ () C:\Users\dphenry.DPHENRY\Downloads\FRST.txt
2015-04-13 15:43 - 2015-04-28 16:21 - 00000000 ____D () C:\FRST
2015-04-13 14:52 - 2015-04-13 14:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-13 14:52 - 2015-04-13 14:57 - 00002049 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-13 11:38 - 2015-04-13 11:38 - 00408776 _____ (TweakBit) C:\Users\dphenry.DPHENRY\Downloads\fix-my-pc-setup.exe
2015-04-12 11:58 - 2015-04-12 11:58 - 05875301 _____ () C:\Users\dphenry.DPHENRY\Downloads\ccsetup504 (1).zip
2015-04-12 11:57 - 2015-04-12 11:57 - 05344528 _____ (Piriform Ltd) C:\Users\dphenry.DPHENRY\Downloads\ccsetup504.exe
2015-04-11 11:51 - 2015-04-15 08:32 - 00000392 _____ () C:\Windows\setupact.log
2015-04-11 11:51 - 2015-04-11 11:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 11:50 - 2015-04-13 16:35 - 00009450 _____ () C:\Windows\PFRO.log
2015-04-11 11:40 - 2015-04-11 11:40 - 05875301 _____ () C:\Users\dphenry.DPHENRY\Downloads\ccsetup504.zip
2015-04-10 12:40 - 2015-04-10 12:40 - 00000017 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\resmon.resmoncfg
2015-04-10 11:25 - 2015-04-10 11:25 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-04-10 10:58 - 2015-04-28 16:22 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\Lookeen
2015-04-10 10:58 - 2015-04-10 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lookeen
2015-04-10 10:58 - 2015-04-10 10:58 - 00000000 ____D () C:\Program Files (x86)\Axonic
2015-04-10 09:22 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-10 09:22 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-10 09:22 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-10 09:22 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-10 09:05 - 2015-04-10 09:05 - 00000000 ____D () C:\Users\dphenry.DPHENRY\Desktop\Documents\Add-in Express
2015-04-10 08:04 - 2015-04-10 08:04 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2015-04-10 08:04 - 2015-04-10 08:04 - 00002244 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\a2scan_150409-161818.txt
2015-04-10 08:04 - 2015-04-10 08:04 - 00000098 _____ () C:\Windows\system32\eamclean.dat
2015-04-09 14:38 - 2015-04-09 16:12 - 00000000 ____D () C:\EEK
2015-04-09 14:38 - 2015-04-09 14:38 - 00000745 _____ () C:\Users\dphenry.DPHENRY\Desktop\Start Emsisoft Emergency Kit.lnk
2015-04-09 14:36 - 2015-04-09 14:37 - 160793016 _____ () C:\Users\dphenry.DPHENRY\Downloads\EmsisoftEmergencyKit.exe
2015-04-09 14:08 - 2015-04-13 14:59 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-04-09 14:08 - 2015-04-13 14:59 - 00002039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2015-04-09 14:08 - 2015-04-13 14:59 - 00002016 _____ () C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2015-04-09 10:24 - 2015-04-09 10:25 - 26379904 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Downloads\Lookeen.10.0.1.5882.exe
2015-04-09 09:55 - 2015-04-09 09:55 - 00001045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-09 09:55 - 2015-04-09 09:55 - 00001033 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-09 09:54 - 2015-04-09 09:54 - 07928696 _____ (TeamViewer GmbH) C:\Users\dphenry.DPHENRY\Desktop\TeamViewer_Setup_en.exe
2015-04-09 09:26 - 2015-04-09 09:27 - 11260304 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Desktop\Lookeen.8.3.1.5156 (2).exe
2015-04-09 09:12 - 2015-04-09 09:12 - 11260304 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Desktop\Lookeen.8.3.1.5156 (1).exe
2015-04-08 16:59 - 2015-04-08 16:59 - 00347816 _____ (Microsoft Corporation) C:\Users\dphenry.DPHENRY\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.135195490320359.1.1.Run.exe
2015-04-08 16:52 - 2015-04-08 16:52 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\VS Revo Group
2015-04-08 16:52 - 2015-04-08 16:52 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-04-08 16:52 - 2015-04-08 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-04-08 16:52 - 2015-04-08 16:52 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-08 16:52 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-04-08 14:24 - 2015-04-14 10:29 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-08 14:24 - 2015-04-08 14:24 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-08 14:24 - 2015-04-08 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-08 14:24 - 2015-04-08 14:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-08 14:24 - 2015-04-08 14:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-08 14:24 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-08 14:24 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-08 14:24 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-08 14:20 - 2015-04-08 14:20 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\dphenry.DPHENRY\Desktop\mbam-setup-2.1.4.1018 (1).exe
2015-04-08 10:33 - 2015-04-08 10:33 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Business Suite
2015-04-07 16:34 - 2015-04-07 16:34 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DPHENRY-Windows-7-Professional-(64-bit).dat
2015-04-07 16:34 - 2015-04-07 16:34 - 00000000 ____D () C:\RegBackup
2015-04-07 14:39 - 2015-04-07 14:40 - 00248728 _____ (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\86709201.sys
2015-04-07 13:34 - 2015-04-28 15:35 - 01069819 _____ () C:\lm.log
2015-04-07 10:23 - 2015-04-07 11:54 - 00000000 ____D () C:\NPE
2015-04-07 10:06 - 2015-04-08 10:18 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\LogMeIn Rescue Applet
2015-04-03 10:38 - 2015-04-08 11:19 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\com.adobe.AdobeMuseCC.2014.3
2015-04-03 10:38 - 2015-04-03 10:38 - 00000986 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2014.lnk
2015-04-02 13:55 - 2015-04-08 11:16 - 00000000 ____D () C:\AdwCleaner
2015-03-31 14:04 - 2015-03-31 14:05 - 11260304 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Downloads\Lookeen.8.3.1.5156.exe
2015-03-31 14:02 - 2015-03-31 14:05 - 26360072 _____ (Axonic GmbH ) C:\Users\dphenry.DPHENRY\Downloads\Lookeen.10.0.1.5814.exe
2015-03-31 12:15 - 2015-04-13 12:23 - 00000000 ____D () C:\Users\dphenry.DPHENRY\Desktop\Documents\Outlook Files
2015-03-31 12:00 - 2015-04-13 19:15 - 00000000 ____D () C:\Windows\pss
2015-03-31 10:32 - 2015-03-31 10:32 - 00368214 _____ () C:\Users\dphenry.DPHENRY\Desktop\Documents\BICF Ads_033115.zip
2015-03-31 08:53 - 2015-03-31 08:53 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-31 08:53 - 2015-03-31 08:53 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-30 10:42 - 2015-03-30 10:42 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\RemEngine
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-28 15:06 - 2009-07-14 01:13 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-28 12:29 - 2013-11-27 16:20 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\Adobe
2015-04-28 12:22 - 2012-03-08 16:04 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-28 12:21 - 2013-11-27 16:19 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\Adobe
2015-04-28 12:21 - 2012-06-20 09:12 - 00000000 ____D () C:\Program Files\Adobe
2015-04-28 12:17 - 2012-03-06 10:52 - 01629031 _____ () C:\Windows\WindowsUpdate.log
2015-04-28 12:02 - 2013-12-10 13:08 - 00001311 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-04-28 12:02 - 2013-12-10 13:08 - 00001299 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-04-28 12:02 - 2013-11-27 16:19 - 00000000 ____D () C:\Users\dphenry.DPHENRY
2015-04-28 02:00 - 2013-11-27 16:19 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{89402C05-74CA-4BC0-88DB-B03F17572652}
2015-04-23 20:43 - 2014-10-15 11:55 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\Dashlane
2015-04-22 09:40 - 2012-02-17 12:34 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-19 01:28 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 01:28 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 09:50 - 2014-01-23 17:52 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\Apps\2.0
2015-04-17 08:30 - 2014-07-01 14:28 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\VERIZON
2015-04-15 17:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 09:22 - 2014-08-05 14:40 - 00000000 ___HD () C:\Users\dphenry.DPHENRY\.mediafire
2015-04-15 09:20 - 2013-12-19 13:27 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\CrashDumps
2015-04-15 08:39 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 03:21 - 2012-03-09 10:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:18 - 2011-02-11 16:29 - 00780914 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:16 - 2013-12-04 08:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:05 - 2012-03-09 10:54 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 03:02 - 2009-07-13 22:34 - 00000580 _____ () C:\Windows\win.ini
2015-04-13 15:00 - 2014-12-23 11:14 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-13 14:52 - 2012-03-08 16:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-12 11:58 - 2014-07-24 17:20 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-12 11:58 - 2014-07-24 17:20 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-12 11:56 - 2014-07-24 17:20 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-11 11:42 - 2011-02-11 16:13 - 00000000 ____D () C:\Windows\Panther
2015-04-10 12:07 - 2013-11-27 16:21 - 00110960 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-10 11:41 - 2009-07-14 00:45 - 05029200 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-10 11:25 - 2012-03-09 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-04-10 11:25 - 2012-03-09 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-04-10 11:24 - 2010-11-21 03:17 - 00000000 ____D () C:\Windows\ShellNew
2015-04-10 11:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-10 11:23 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-10 09:26 - 2014-12-11 04:31 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-10 09:26 - 2014-05-06 16:24 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-09 14:09 - 2012-06-20 09:13 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-04-09 11:06 - 2014-10-15 12:07 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-09 10:03 - 2014-10-15 12:07 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\TeamViewer
2015-04-08 11:52 - 2014-04-04 09:12 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\IrfanView
2015-04-08 10:18 - 2014-01-21 16:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Business Suite
2015-04-08 10:18 - 2014-01-21 12:23 - 00002442 _____ () C:\Users\Public\Desktop\Norton Business Suite.lnk
2015-04-08 10:18 - 2012-03-09 09:36 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-04-07 12:27 - 2014-07-18 16:26 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Local\NPE
2015-04-02 14:02 - 2014-05-30 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download-4-Free bundle
2015-03-31 16:25 - 2015-03-21 11:35 - 00000000 ____D () C:\Users\dphenry.DPHENRY\Desktop\Benjamins
2015-03-31 10:00 - 2013-12-10 12:58 - 00000000 ____D () C:\Program Files (x86)\GRETECH
2015-03-31 02:31 - 2013-11-27 15:59 - 00000000 ____D () C:\Users\administrator
2015-03-30 16:32 - 2014-07-01 14:34 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-30 16:32 - 2013-12-19 11:18 - 00000000 ____D () C:\Users\equick.PLANNING2
2015-03-30 16:32 - 2013-11-27 15:54 - 00000000 ____D () C:\Users\dphenry
2015-03-30 16:32 - 2012-03-08 15:54 - 00000000 ____D () C:\Users\equick
2015-03-30 16:32 - 2012-02-17 12:35 - 00000000 ____D () C:\ProgramData\Norton
2015-03-30 16:32 - 2012-02-17 12:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-30 16:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-30 16:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-03-30 12:51 - 2014-07-01 14:29 - 00000000 ____D () C:\ProgramData\Samsung
2015-03-30 11:43 - 2014-10-02 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-03-30 08:58 - 2014-07-01 14:29 - 00000000 ____D () C:\Users\dphenry.DPHENRY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
 
==================== Files in the root of some directories =======
 
2014-03-03 09:18 - 2014-06-02 08:33 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2015-03-18 09:33 - 2015-03-18 09:33 - 0000033 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\AdobeWLCMCache.dat
2013-12-04 09:32 - 2013-12-04 09:32 - 0022320 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-12-03 09:54 - 2014-10-01 14:55 - 0022526 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-05-30 14:20 - 2014-12-30 15:04 - 0000133 _____ () C:\Users\dphenry.DPHENRY\AppData\Roaming\WB.CFG
2014-09-20 14:10 - 2014-09-20 14:10 - 0003584 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-30 15:04 - 2014-12-30 15:04 - 0000010 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\DSI.DAT
2015-04-10 12:40 - 2015-04-10 12:40 - 0000017 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\resmon.resmoncfg
2015-03-12 10:10 - 2015-03-12 10:10 - 0017408 _____ () C:\Users\dphenry.DPHENRY\AppData\Local\WebpageIcons.db
 
Some content of TEMP:
====================
C:\Users\dphenry.DPHENRY\AppData\Local\Temp\IntResource64.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-08-02 09:02
 
==================== End Of Log ============================


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 AM

Posted 28 April 2015 - 05:00 PM

Yes, thank you.

Please move FRST.exe from the Documents folder to your Desktop.

Running from C:\Users\dphenry.DPHENRY\Desktop\Documents


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {1fda1161-7720-11e4-9b9b-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {1fda1293-7720-11e4-9b9b-082e5f2a15a9} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {2889da4b-4b05-11e4-be63-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {4d454c93-4961-11e4-9eac-082e5f2a15a9} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {56373f77-0120-11e4-b20e-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-216613731-740240614-3180958297-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [X]
Task: {AC9E1AC5-63D9-462B-83D8-586A73D7C18E} - \RegCure Pro Startup No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • If the Program will not run properly run it in Safe Mode
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • TFC results
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 dphenry157

dphenry157
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 29 April 2015 - 07:34 AM

fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015
Ran by dphenry at 2015-04-29 08:34:11 Run:1
Running from C:\Users\dphenry.DPHENRY\Desktop\Documents
Loaded Profiles: dphenry (Available profiles: HP USER & equick & dphenry)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {1fda1161-7720-11e4-9b9b-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {1fda1293-7720-11e4-9b9b-082e5f2a15a9} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {2889da4b-4b05-11e4-be63-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {4d454c93-4961-11e4-9eac-082e5f2a15a9} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-216613731-740240614-3180958297-1003\...\MountPoints2: {56373f77-0120-11e4-b20e-082e5f2a15a9} - G:\VZW_Software_upgrade_assistant.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-216613731-740240614-3180958297-1003 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [X]
Task: {AC9E1AC5-63D9-462B-83D8-586A73D7C18E} - \RegCure Pro Startup No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
*****************
 
"HKU\S-1-5-21-216613731-740240614-3180958297-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fda1161-7720-11e4-9b9b-082e5f2a15a9}" => Key deleted successfully.
HKCR\CLSID\{1fda1161-7720-11e4-9b9b-082e5f2a15a9} => Key not found. 
"HKU\S-1-5-21-216613731-740240614-3180958297-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fda1293-7720-11e4-9b9b-082e5f2a15a9}" => Key deleted successfully.
HKCR\CLSID\{1fda1293-7720-11e4-9b9b-082e5f2a15a9} => Key not found. 
"HKU\S-1-5-21-216613731-740240614-3180958297-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2889da4b-4b05-11e4-be63-082e5f2a15a9}" => Key deleted successfully.
HKCR\CLSID\{2889da4b-4b05-11e4-be63-082e5f2a15a9} => Key not found. 
"HKU\S-1-5-21-216613731-740240614-3180958297-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d454c93-4961-11e4-9eac-082e5f2a15a9}" => Key deleted successfully.
HKCR\CLSID\{4d454c93-4961-11e4-9eac-082e5f2a15a9} => Key not found. 
"HKU\S-1-5-21-216613731-740240614-3180958297-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56373f77-0120-11e4-b20e-082e5f2a15a9}" => Key deleted successfully.
HKCR\CLSID\{56373f77-0120-11e4-b20e-082e5f2a15a9} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-216613731-740240614-3180958297-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
NTI BackupNowEZSvr => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC9E1AC5-63D9-462B-83D8-586A73D7C18E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC9E1AC5-63D9-462B-83D8-586A73D7C18E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegCure Pro Startup" => Key deleted successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
 
==== End of Fixlog 08:34:13 ====


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 AM

Posted 29 April 2015 - 08:35 AM

Good Morning.

Did you run TFC?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 dphenry157

dphenry157
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 29 April 2015 - 10:21 AM

I did run TFC, no problem.  Where from here please?



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,142 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:07 AM

Posted 29 April 2015 - 10:25 AM

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 dphenry157

dphenry157
  • Topic Starter

  • Members
  • 229 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 29 April 2015 - 10:26 AM

Still seems slow, not as slow as before, but does seem to be laboring.  No what?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users