Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant freezing and crashing programs


  • This topic is locked This topic is locked
31 replies to this topic

#1 lafogg

lafogg

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 15 April 2015 - 10:13 PM

Hi,
 

I am desperate for help.  I have never had such an extreme problem with my computer.  At this point, I am not sure if the issue is malware or a Windows problem. 

My problems first started when my son downloaded Minecraft on my computer.  It started to go very slow with anything I tried to do.  I was having trouble going online.  I tried system restore to go back to a point prior to Mine craft being uploded.  After the restore, I still had long pauses with everything I tried to do.  Yesterday, I had a response that said 'illegal operperation of a registry key marked for deletion.'  I was also getting something saying process could not run, do I want to end process.  I manged to get to bleeping computer, so I ran TdssKiller and combo fix (sorry I jumped the gun.  It just takes so long to get anything done, so I seized the opportunity--the log is below) after long freezes. 

 

I shut my computer and could not get notepad or word to open to copy the results to post.  After trying and failing to get anything done I had to shut the computer to leave work.  I was going to try again to get the combo fix log, so I turned on the computer.  Before going to the homescreen, ckdsk ran so I let it finish scanning.  I saw it was deleting files and 'correcting errors'.  Well, I didn't think it could get worse: it took about 20 minutes to connect to the internet, I can't open anything and I got the following messages: 'the remote procedure call failed and did not execute' and a box that says: Intel Turbo Boost Technology Monitor 2.0 stopped working. Please try restarting Intel Turbo Boost Technology Monitor 2.0.

 
 
After starting this post, the internet connected and after an hour of trying, I was able to open chrome and get this post done.  Windows opened too after several minutes.  At this point, combo fix may be different, but I'll leave that to you experts.
 
Thank you in advance!!!!!!
 
 
Leslie
 
 
 
 
ComboFix 15-04-14.01 - Leslie 04/14/2015  15:33:17.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.4925 [GMT -4:00]
Running from: c:\users\Leslie\Downloads\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton 360 Premier Edition *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton 360 Premier Edition *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\PCDr\6584\AddOnDownloaded\3324fb70-b482-4ff5-9d0e-102981046ff0.dll
c:\programdata\PCDr\6584\AddOnDownloaded\459715e4-d2b9-4b1d-9abd-b72ddc2c69b1.dll
c:\programdata\PCDr\6584\AddOnDownloaded\9b6e4d67-f75b-40b4-bfb0-bc8d902f62eb.dll
c:\programdata\PCDr\6584\AddOnDownloaded\f734eac7-9571-411e-adab-5d97aa1cae00.dll
c:\programdata\Roaming
c:\users\Leslie\AppData\Roaming\Local
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Recent\Fogg.url
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-14 to 2015-04-14  )))))))))))))))))))))))))))))))
.
.
2015-04-14 19:43 . 2015-04-14 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-13 16:51 . 2015-04-13 16:51 -------- d-s---w- c:\windows\system32\GWX
2015-04-13 16:51 . 2015-04-13 16:51 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-12 19:17 . 2015-04-13 14:41 -------- d-----w- c:\program files (x86)\iTunes
2015-04-05 22:05 . 2015-04-05 22:05 -------- d-----w- c:\users\Leslie\AppData\Roaming\java
2015-04-05 22:05 . 2015-04-09 02:31 -------- d-----w- c:\users\Leslie\AppData\Roaming\.minecraft
2015-04-05 22:03 . 2015-04-13 14:41 -------- d-----w- c:\program files (x86)\Minecraft
2015-03-30 22:42 . 2015-03-30 22:42 -------- d-----w- c:\programdata\PC-Doctor for Windows
2015-03-30 22:42 . 2015-03-30 22:42 -------- d-----w- c:\program files\Dell Support Center
2015-03-30 13:12 . 2015-03-30 13:12 -------- d-----w- C:\found.004
2015-03-30 01:24 . 2015-03-30 01:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-03-24 19:49 . 2015-03-11 04:06 677888 ----a-w- c:\windows\system32\generaltel.dll
2015-03-24 19:49 . 2015-03-11 04:06 760832 ----a-w- c:\windows\system32\invagent.dll
2015-03-24 19:49 . 2015-03-11 04:06 943616 ----a-w- c:\windows\system32\appraiser.dll
2015-03-24 19:49 . 2015-03-11 04:05 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-24 19:49 . 2015-03-11 04:02 1107456 ----a-w- c:\windows\system32\aeinv.dll
2015-03-24 19:49 . 2015-03-11 04:06 414720 ----a-w- c:\windows\system32\devinv.dll
2015-03-24 19:49 . 2015-03-11 04:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-24 19:49 . 2015-03-11 04:05 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-19 14:31 . 2015-04-13 14:41 -------- d-----w- c:\windows\system32\drivers\N360x64\1507000.00B
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-14 19:32 . 2015-01-04 05:46 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 19:32 . 2015-01-04 05:46 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-30 01:23 . 2014-11-22 05:45 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-03-30 01:23 . 2014-06-27 19:29 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-12 19:13 . 2013-03-22 22:48 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-06 05:56 . 2015-03-12 15:06 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:56 . 2015-03-12 15:06 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:42 . 2015-03-12 15:06 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-12 15:06 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-12 15:06 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-12 15:06 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-12 15:06 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-12 15:06 28160 ----a-w- c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-12 15:06 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-12 15:06 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-12 15:06 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-12 15:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-12 15:06 22016 ----a-w- c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-12 15:06 31232 ----a-w- c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-12 15:06 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-12 15:06 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-12 15:06 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-12 15:06 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-12 15:06 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-12 15:06 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-12 15:06 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-12 15:06 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-12 15:06 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-12 15:06 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-12 15:06 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-12 15:06 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-12 15:06 50176 ----a-w- c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-12 15:06 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-12 15:06 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-12 15:06 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-12 15:06 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2015-02-26 03:25 . 2015-03-12 15:06 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 03:15 . 2015-03-12 15:06 389800 ----a-w- c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-12 15:06 25021440 ----a-w- c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-12 15:06 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-12 15:08 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-12 15:08 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-12 15:08 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-12 15:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-12 15:08 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-12 15:08 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-12 15:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-12 15:08 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-12 15:08 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-12 15:08 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-12 15:06 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-12 15:06 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-12 15:06 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-12 15:06 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-12 15:06 584192 ----a-w- c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-12 15:06 2886144 ----a-w- c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-12 15:06 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-12 15:06 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-12 15:06 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-12 15:06 633856 ----a-w- c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-12 15:06 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-12 15:06 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-12 15:06 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-12 15:06 6035456 ----a-w- c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-12 15:06 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-12 15:06 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-12 15:06 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-12 15:06 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-12 15:06 503296 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-12 15:06 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-12 15:06 199680 ----a-w- c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-12 15:06 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-12 15:06 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-12 15:06 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-12 15:06 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-12 15:06 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-12 15:06 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-12 15:06 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-12 15:06 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-12 15:06 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-12 15:06 14398976 ----a-w- c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-12 15:06 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-12 15:06 4300288 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-12 15:06 2358784 ----a-w- c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-12 15:06 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-12 15:06 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-12 15:06 1548288 ----a-w- c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-12 15:06 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-12 15:06 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2015-02-13 05:22 . 2015-03-12 15:07 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-10 10:36 . 2014-02-05 05:33 627912 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-02-04 03:16 . 2015-03-12 15:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-12 15:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-12 15:07 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-12 15:07 5554104 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-03 03:34 . 2015-03-12 15:07 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-12 15:07 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-12 15:07 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-12 15:07 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-12 15:07 229376 ----a-w- c:\windows\system32\wintrust.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6d300c09-bc15-4045-9d75-3f6d505cdf0e}]
2014-09-24 14:41 114016 ----a-w- c:\program files (x86)\sodapdftb\sodapdfDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6d300c09-bc15-4045-9d75-3f6d505cdf0e}"= "c:\program files (x86)\sodapdftb\sodapdfDx.dll" [2014-09-24 114016]
.
[HKEY_CLASSES_ROOT\clsid\{6d300c09-bc15-4045-9d75-3f6d505cdf0e}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 09:59 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 09:59 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 09:59 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"MusicManager"="c:\users\Leslie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2015-03-31 7475200]
"eFax 4.4"="c:\program files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" [2014-05-13 95232]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-30 6501656]
"GoogleChromeAutoLaunch_8E500A9E4AE736E17FD7A521B9D1D813"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-03-14 809288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-11-19 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-07-31 3084288]
"Search Protection"="c:\programdata\Search Protection\SearchProtection.exe" [2014-09-24 942432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{N360P21021-SHPD-FSD40014}"="c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe" [2012-12-05 143928]
.
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files (x86)\eFax Messenger 4.4\J2GTray.exe [2014-5-13 629760]
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-9-25 195240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys;c:\windows\SYSNATIVE\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbmdm_000.sys [x]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser_000.sys [x]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2_000.sys [x]
R3 PDF Architect 2;PDF Architect 2;c:\program files (x86)\PDF Architect 2\ws.exe;c:\program files (x86)\PDF Architect 2\ws.exe [x]
R3 pdfforge CrashHandler;pdfforge CrashHandler;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 2\crash-handler-ws.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1507000.00B\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1507000.00B\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20150321.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [x]
S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\ccSetx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20150410.001_1b9\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20150410.001_1b9\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1507000.00B\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1507000.00B\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe;c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.7.0.11\N360.exe;c:\program files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [x]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [x]
S2 PDF Architect 2 Creator;PDF Architect 2 Creator;c:\program files (x86)\PDF Architect 2\creator-ws.exe;c:\program files (x86)\PDF Architect 2\creator-ws.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0;PCDSRVC{3B54B31B-D06B6431-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell\supportassist\pcdsrvc_x64.pkms;c:\program files\dell\supportassist\pcdsrvc_x64.pkms [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PCDSRVC{3B54B31B-D06B6431-06020200}_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-14 18:46 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-04 19:32]
.
2015-04-13 c:\windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
- c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19 19:25]
.
2015-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27 15:36]
.
2015-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27 15:36]
.
2015-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650139341-1082784151-2184992052-1000Core.job
- c:\users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23 19:09]
.
2015-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650139341-1082784151-2184992052-1000UA.job
- c:\users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23 19:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d300c09-bc15-4045-9d75-3f6d505cdf0e}]
2014-09-24 14:41 129888 ----a-w- c:\program files (x86)\sodapdftb\sodapdfDx64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d300c09-bc15-4045-9d75-3f6d505cdf0e}"= "c:\program files (x86)\sodapdftb\sodapdfDx64.dll" [2014-09-24 129888]
.
[HKEY_CLASSES_ROOT\CLSID\{6d300c09-bc15-4045-9d75-3f6d505cdf0e}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-14 6629480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-05 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-05 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-05 416024]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://webmailb.netzero.net/webmail/new/5?session_redirect=true&userinfo=0e2cf851f5084d98880e183a5db4fa12&count=1423235155&cf=SP2&randid=1741503062
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_cc&mn=0
mSearchAssistant = hxxp://search.netzero.net/search?action=minisearch&source=minisearch_cc&mn=0
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: LastPass - file://c:\users\Leslie\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Leslie\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2a45q0jn.default\
FF - prefs.js: browser.startup.homepage - netzero.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20130624,19857,0,67,0&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-iTunesHelper - c:\program files (x86)\iTunes\iTunesHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MCLIENT]
"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.7.0.11\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.7.0.11\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3B54B31B-D06B6431-06020200}_0]
"ImagePath"="\??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.7.0.11;c:\program files (x86)\Norton 360\Engine64\21.7.0.11"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-14  15:47:03
ComboFix-quarantined-files.txt  2015-04-14 19:47
.
Pre-Run: 519,962,583,040 bytes free
Post-Run: 520,080,535,552 bytes free
.
- - End Of File - - DC1D8CD7E81D858732484B42FE5C8039
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 20 April 2015 - 07:33 PM

Greetings Leslie and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me. If necessary, boot into Safe Mode with Networking to get it to run.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 lafogg

lafogg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 22 April 2015 - 01:08 PM

Hi Gary,

 

Thank you for your help!  

 

I tried to attach the compressed summary file but I got an error response that the file is too big.  It is 212 KB and I see it says below up to 102.04 KB can be attached. 

 

Below are the frst and addition logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by Leslie (administrator) on LESLIE-PC on 19-04-2015 16:07:43
Running from C:\Users\Leslie\Downloads
Loaded Profiles: Leslie (Available profiles: Leslie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(j2 Global, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(j2 Global, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LULU Software Limited) C:\ProgramData\Search Protection\SearchProtection.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Leslie\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Search Protection] => C:\ProgramData\Search Protection\SearchProtection.exe [942432 2014-09-24] (LULU Software Limited)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\...\Run: [MusicManager] => C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95232 2014-05-13] (j2 Global, Inc.)
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\...\Run: [GoogleChromeAutoLaunch_8E500A9E4AE736E17FD7A521B9D1D813] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Norton Download Manager{N360P21021-SHPD-FSD40014}] => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk [2014-10-27]
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global, Inc.)
Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2011-12-07]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-03-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-06] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmailb.netzero.net/webmail/new/5?session_redirect=true&userinfo=0e2cf851f5084d98880e183a5db4fa12&count=1423235155&cf=SP2&randid=1741503062
SearchScopes: HKLM -> DefaultScope {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> DefaultScope {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL = 
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://yahoo.mystart.com/results.php?pr=soda&id=sodapdftb&v=1_0&idate=2015-01-29&gen=sodapdf&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL = 
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> {FDD5A704-6EDC-4772-8B7C-4E25F73407ED} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130624,19854,0,67,0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Soda PDF Online Toolbar -> {6d300c09-bc15-4045-9d75-3f6d505cdf0e} -> C:\Program Files (x86)\sodapdftb\sodapdfDx64.dll [2014-09-24] ()
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-11-07] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Soda PDF Online Toolbar -> {6d300c09-bc15-4045-9d75-3f6d505cdf0e} -> C:\Program Files (x86)\sodapdftb\sodapdfDx.dll [2014-09-24] ()
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-11-07] (LastPass)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-11-07] (LastPass)
Toolbar: HKLM - Soda PDF Online Toolbar - {6d300c09-bc15-4045-9d75-3f6d505cdf0e} - C:\Program Files (x86)\sodapdftb\sodapdfDx64.dll [2014-09-24] ()
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-11-07] (LastPass)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Soda PDF Online Toolbar - {6d300c09-bc15-4045-9d75-3f6d505cdf0e} - C:\Program Files (x86)\sodapdftb\sodapdfDx.dll [2014-09-24] ()
Toolbar: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> No Name - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} -  No File
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2a45q0jn.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: netzero.net
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20130624,19857,0,67,0&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-19] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-07] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn64.dll [2011-12-01] (Musicnotes, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-07] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-02-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files (x86)\Musicnotes\npmusicn.dll [2011-12-01] (Musicnotes, Inc.)
FF Plugin-x32: @Sibelius.com/Scorch Plugin -> C:\Program Files (x86)\Musicnotes\npsibelius.dll [2010-04-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-3650139341-1082784151-2184992052-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3650139341-1082784151-2184992052-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-3650139341-1082784151-2184992052-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Leslie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-01-10] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-03-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-03-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2009-10-05] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-03-11] (Citrix Systems, Inc.)
FF Extension: LastPass - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2a45q0jn.default\Extensions\support@lastpass.com [2015-03-16]
FF Extension: Soda PDF Online Toolbar - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2a45q0jn.default\Extensions\{042739e7-c748-40da-ac54-7a17f8fdc939} [2015-01-29]
FF Extension: Add to Amazon Wish List Button - C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\2a45q0jn.default\Extensions\amznUWL2@amazon.com.xpi [2011-12-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn [2015-04-16]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-10-22]
 
Chrome: 
=======
CHR Profile: C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-23]
CHR Extension: (Google Drive) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-23]
CHR Extension: (Google Search) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-23]
CHR Extension: (Bookmark Manager) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-11-22]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2014-05-23]
CHR Extension: (Norton Identity Safe) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-23]
CHR Extension: (Gmail) - C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S2 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-06] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-14] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20150410.001_1b9\IDSvia64.sys [671448 2015-04-10] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20150412.022\ENG64.SYS [129752 2015-04-12] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20150412.022\EX64.SYS [2137304 2015-04-12] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-22] ()
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 16:07 - 2015-04-19 16:13 - 00036886 _____ () C:\Users\Leslie\Downloads\FRST.txt
2015-04-19 16:00 - 2015-04-19 16:07 - 00000000 ____D () C:\FRST
2015-04-19 15:56 - 2015-04-19 15:56 - 02098176 _____ (Farbar) C:\Users\Leslie\Downloads\FRST64 (2).exe
2015-04-19 15:56 - 2015-04-19 15:56 - 02098176 _____ (Farbar) C:\Users\Leslie\Downloads\FRST64 (1).exe
2015-04-15 21:20 - 2015-04-15 21:20 - 00003224 ____N () C:\bootsqm.dat
2015-04-15 11:53 - 2015-04-15 12:02 - 01756194 _____ () C:\Users\Leslie\Downloads\FRST64.exe
2015-04-14 15:51 - 2015-04-14 15:51 - 00050477 _____ () C:\Users\Leslie\Downloads\Defogger.exe
2015-04-14 15:47 - 2015-04-14 15:47 - 00041642 _____ () C:\ComboFix.txt
2015-04-14 15:30 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-14 15:30 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-14 15:30 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-14 15:30 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-14 15:30 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-14 15:30 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-14 15:30 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-14 15:27 - 2015-04-14 15:47 - 00000000 ____D () C:\Qoobox
2015-04-14 15:26 - 2015-04-14 15:45 - 00000000 ____D () C:\Windows\erdnt
2015-04-14 14:54 - 2015-04-14 14:54 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Leslie\Downloads\tdsskiller.exe
2015-04-14 14:46 - 2015-04-14 14:46 - 05618457 ____R (Swearware) C:\Users\Leslie\Downloads\ComboFix.exe
2015-04-13 12:51 - 2015-04-13 12:51 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-13 12:51 - 2015-04-13 12:51 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-12 15:17 - 2015-04-13 10:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-06 19:33 - 2015-04-06 19:33 - 00000022 _____ () C:\Users\Leslie\Downloads\Disney-2015-04-06.zip
2015-04-05 18:05 - 2015-04-08 22:31 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\.minecraft
2015-04-05 18:05 - 2015-04-05 18:05 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\java
2015-04-05 18:03 - 2015-04-13 10:41 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-03-30 18:42 - 2015-04-13 11:12 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-30 18:42 - 2015-03-30 18:42 - 00004034 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-03-30 18:42 - 2015-03-30 18:42 - 00003222 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-03-30 18:42 - 2015-03-30 18:42 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-03-30 18:42 - 2015-03-30 18:42 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-03-30 09:12 - 2015-03-30 09:12 - 00000000 ____D () C:\found.004
2015-03-29 21:32 - 2015-03-29 21:32 - 00011741 _____ () C:\Users\Leslie\Downloads\Fwd_ Winter Athletics Survey_03192015.eml
2015-03-28 18:47 - 2015-04-13 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-24 16:17 - 2015-03-24 16:17 - 05274390 _____ () C:\Users\Leslie\Downloads\IMG_0609 (2).MOV
2015-03-24 16:13 - 2015-03-24 16:13 - 05274390 _____ () C:\Users\Leslie\Downloads\IMG_0609 (1).MOV
2015-03-24 16:02 - 2015-03-24 16:02 - 04839607 _____ () C:\Users\Leslie\Downloads\Grade_1_Class_Photo_0.zip
2015-03-24 15:49 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 15:49 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 15:49 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 15:49 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 15:49 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 15:49 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 15:49 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 15:49 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 11:25 - 2015-03-24 11:25 - 00012228 _____ () C:\Users\Leslie\Downloads\NVSearchNG(4).application
2015-03-20 13:41 - 2015-03-20 13:41 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-19 16:11 - 2011-10-24 13:40 - 01412378 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 15:58 - 2013-03-23 15:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650139341-1082784151-2184992052-1000UA.job
2015-04-19 15:56 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 15:56 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 15:50 - 2015-01-04 01:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-19 15:50 - 2015-01-04 01:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-19 15:50 - 2015-01-04 01:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-19 15:50 - 2015-01-04 01:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-19 15:49 - 2015-02-27 11:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-19 15:48 - 2011-10-24 12:16 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-04-19 15:40 - 2011-10-24 12:25 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-04-19 15:40 - 2011-10-24 12:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-04-19 15:31 - 2015-02-27 11:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 15:30 - 2014-11-21 08:31 - 00006892 _____ () C:\Windows\setupact.log
2015-04-19 15:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 11:04 - 2014-11-21 08:30 - 00577084 _____ () C:\Windows\PFRO.log
2015-04-14 15:43 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-14 15:09 - 2015-02-27 11:37 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-13 11:14 - 2015-02-11 16:29 - 00000426 _____ () C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-04-13 10:44 - 2011-12-07 20:51 - 00000000 ____D () C:\Users\Leslie
2015-04-13 10:43 - 2015-03-07 14:40 - 00000000 ____D () C:\Program Files\iTunes
2015-04-13 10:41 - 2015-03-07 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-13 10:41 - 2015-03-07 14:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-13 10:41 - 2015-02-27 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-13 10:41 - 2013-03-23 15:09 - 00000000 ____D () C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2015-04-13 10:41 - 2012-04-26 18:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-13 10:41 - 2011-12-27 12:36 - 00000000 ____D () C:\ProgramData\Norton
2015-04-13 10:41 - 2011-12-07 22:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-13 10:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-04-13 10:40 - 2015-03-07 14:40 - 00000000 ____D () C:\Program Files\iPod
2015-04-12 14:32 - 2012-06-10 16:59 - 00000000 ____D () C:\Users\Leslie\AppData\Local\CrashDumps
2015-04-10 18:14 - 2015-02-25 14:42 - 00000000 ____D () C:\Users\Leslie\Documents\Retainer Agreements
2015-04-10 18:13 - 2013-08-07 22:51 - 00000000 ____D () C:\Users\Leslie\Documents\Outlook Files
2015-04-10 17:11 - 2014-01-17 10:28 - 00000000 ____D () C:\Users\Leslie\Documents\Work
2015-04-08 23:25 - 2012-02-16 22:56 - 00000000 ____D () C:\Users\Leslie\Documents\Disney
2015-04-07 10:48 - 2013-02-28 00:36 - 00951808 ___SH () C:\Users\Leslie\Downloads\Thumbs.db
2015-03-31 12:52 - 2013-03-23 15:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650139341-1082784151-2184992052-1000Core.job
2015-03-30 18:42 - 2011-10-24 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-30 11:16 - 2015-01-29 13:43 - 00000000 ____D () C:\ProgramData\Search Protection
2015-03-29 21:25 - 2014-06-11 22:52 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-29 21:25 - 2011-10-24 12:00 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-29 21:23 - 2014-11-22 01:45 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-29 21:23 - 2014-06-27 15:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-29 21:23 - 2011-10-24 12:00 - 00000000 ____D () C:\Program Files\Java
2015-03-27 16:46 - 2015-01-06 15:55 - 00000000 ____D () C:\Program Files (x86)\Browny02
2015-03-27 11:26 - 2014-08-12 00:49 - 00000000 ____D () C:\Users\Leslie\Documents\SBS
2015-03-26 20:06 - 2012-04-02 16:43 - 00000000 ____D () C:\Users\Leslie\Documents\Kids
2015-03-25 12:45 - 2015-01-06 15:56 - 00000349 _____ () C:\Windows\BRRBCOM.INI
2015-03-24 18:37 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-24 18:34 - 2014-12-14 13:22 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 18:34 - 2014-05-06 23:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 10:24 - 2012-03-13 08:56 - 00000000 ____D () C:\Users\Leslie\AppData\Local\Deployment
2015-03-20 13:35 - 2012-08-02 17:44 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-03-20 13:35 - 2011-12-27 12:54 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-03-20 13:34 - 2013-10-15 20:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-03-20 13:34 - 2011-12-27 12:54 - 00002321 _____ () C:\Users\Public\Desktop\Norton 360.lnk
 
==================== Files in the root of some directories =======
 
2013-11-07 23:25 - 2013-11-07 23:25 - 12752384 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2011-12-18 01:03 - 2013-06-14 16:01 - 0017408 _____ () C:\Users\Leslie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-29 21:29 - 2013-06-29 21:29 - 0002264 _____ () C:\Users\Leslie\AppData\Local\IWDAudHelper.20130629.212957.txt
2013-06-22 21:04 - 2013-06-22 21:04 - 0001549 _____ () C:\Users\Leslie\AppData\Local\PDLSetup.20130622.210439.txt
2013-06-29 20:58 - 2013-06-29 20:58 - 0001549 _____ () C:\Users\Leslie\AppData\Local\PDLSetup.20130629.205806.txt
2013-06-29 21:28 - 2013-06-29 21:30 - 0036406 _____ () C:\Users\Leslie\AppData\Local\WiDiSetupLog.20130629.212845.txt
2011-12-27 13:02 - 2011-12-27 13:02 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-05 22:33
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01
Ran by Leslie at 2015-04-19 16:14:36
Running from C:\Users\Leslie\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier Edition (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier Edition (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.222 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9130CW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CalcuPak 1 HE 4.0 version 4.0 (HKLM-x32\...\{8D7FECB3-7FE5-4BD9-8294-055A9C80564B}_is1) (Version: 4.0 - School Made Simple)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.0.55844 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.46 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.3.556 - j2 Global)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{896667C8-53F8-47B8-B6B0-B113B10F05BC}) (Version: 1.20.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Remote Print Uninstall (HKLM\...\EPSON Remote Print) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3530 Series Printer Uninstall (HKLM\...\EPSON WF-3530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
FaceFilter Studio Brother Edition (HKLM-x32\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 1.0 - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 4.2.11.15696 - LeapFrog) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\...\MusicManager) (Version:  - Google, Inc.)
Musicnotes Software Suite 1.7.2 (HKLM-x32\...\Musicnotes Combined Installer_is1) (Version: 1.7.2 - Musicnotes Inc.)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Norton Management (HKLM-x32\...\MCLIENT) (Version: 3.2.2.12 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.41.17507 - pdfforge GmbH)
PDF Architect 2 Create Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (x32 Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6353 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.106 - Skype Technologies S.A.)
Soda PDF Online Toolbar (HKLM-x32\...\sodapdftb) (Version: 1.0.0.11 - LULU Software Limited)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Unity Web Player (HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Verizon Mobile Broadband Drivers (HKLM-x32\...\{F19553C5-F843-4C27-BF9F-9DE4D901B895}) (Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless USB760 Firmware Updates (HKLM-x32\...\{CAC2CF93-B532-4A88-81FE-110750C3E4BA}) (Version: 1.0.5 - Smith Micro Software, Inc.)
VZAccess Manager (HKLM-x32\...\{780F9A1C-6BFE-4691-83A9-095D859E3052}) (Version: 7.3.13.1 - Smith Micro Software Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-04-14 15:43 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AAD55A5-2AD2-4C57-A387-4025943232DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0F5ADB89-16E5-4357-89B5-E570419283FC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {154D22A2-0632-4A70-972F-369B04BBC43A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2EF1E350-4B98-4B0F-B243-C8240AE2362E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-06] (Microsoft)
Task: {554AC407-78A0-457B-BE10-EF5BF61F8864} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {575DCCC5-59A0-47D8-B17B-A95F5D19E2DD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {71BF7512-1C2A-4D5A-9D2C-CB1D5C9F8FDD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {787E3FBE-E778-43D2-BC6C-B5F933FD2FDE} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {7EBD6BF0-774F-4A27-93E6-AE798BD4E911} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650139341-1082784151-2184992052-1000UA => C:\Users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {8DECD951-2CD4-4577-8C76-B91E220EF944} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {94934F7C-8651-416F-804B-9AB29BFD208B} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A45F8962-F715-4413-9AC7-0951540ECABB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {A78EC9AA-FACB-41F9-A3B3-8A6A22E9710E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-19] (Adobe Systems Incorporated)
Task: {AC051FB6-C2D4-4B3D-8AC8-287DCBB5268B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3650139341-1082784151-2184992052-1000Core => C:\Users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {AE76B292-C01C-4FFE-9711-752DAEB50236} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {B0DF0DC5-0457-4CC3-BDBD-17D0FB341D26} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B78A8040-5893-418E-BF62-AC07A97A9A5D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BD392240-9FE3-44AD-809E-91EF3AD9AAB5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {C7A63D1B-7C10-4C85-9C52-763466C58D13} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-03-20] (PC-Doctor, Inc.)
Task: {CA311C6C-B61C-4C22-9341-B143CC7C804E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {DD06B469-6DEA-4335-A02D-C50F434257AA} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {E1B04A6B-7F09-430E-9AA4-8D84CC384ED5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EA1CFD5F-A2EC-4DAC-ACD8-126B61A0F7FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {F86ABFD5-9330-4FDE-A41E-2C3D90147CA5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {F964E56B-E6B5-44A2-A7BA-444CED25E12E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650139341-1082784151-2184992052-1000Core.job => C:\Users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3650139341-1082784151-2184992052-1000UA.job => C:\Users\Leslie\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-02-26 17:48 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-11-10 23:53 - 2010-11-10 23:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2011-10-24 13:13 - 2011-07-20 09:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-02-01 12:50 - 2012-02-01 12:50 - 02195824 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-16 21:22 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-02-01 12:50 - 2012-02-01 12:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2012-02-01 12:50 - 2012-02-01 12:50 - 01850224 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
2014-01-06 21:33 - 2005-04-22 00:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2011-10-24 12:17 - 2011-08-18 12:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2015-02-26 17:48 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 10683392 _____ () C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 07741952 _____ () C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 02248192 _____ () C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 01681408 _____ () C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00117248 _____ () C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00231936 _____ () C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00253440 _____ () C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00344064 _____ () C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 00026624 _____ () C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2015-04-14 14:57 - 2015-04-13 17:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-14 14:57 - 2015-04-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-01-06 15:55 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Leslie\Downloads\Fwd_ Winter Athletics Survey_03192015.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => C:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Windows Mobile Device Center => C:\Windows\WindowsMobile\wmdc.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3650139341-1082784151-2184992052-500 - Administrator - Disabled)
Guest (S-1-5-21-3650139341-1082784151-2184992052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3650139341-1082784151-2184992052-1003 - Limited - Enabled)
Leslie (S-1-5-21-3650139341-1082784151-2184992052-1000 - Administrator - Enabled) => C:\Users\Leslie
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/19/2015 03:49:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/16/2015 06:44:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/15/2015 11:04:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 42.0.2311.90 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9dc
 
Start Time: 01d077e3ea160911
 
Termination Time: 19
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: f31d5738-e3e4-11e4-9714-ac7289f38e04
 
Error: (04/15/2015 10:11:25 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\NlsData0009.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Notepad because of this error.
 
Program: Notepad
File: C:\Windows\System32\NlsData0009.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C00000B5
Disk type: 3
 
Error: (04/15/2015 10:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: notepad.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc9b3
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xc0000006
Fault offset: 0x000000000000940d
Faulting process id: 0x16f4
Faulting application start time: 0xnotepad.exe0
Faulting application path: notepad.exe1
Faulting module path: notepad.exe2
Report Id: notepad.exe3
 
Error: (04/15/2015 10:02:10 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft Word: Accepted Safe Mode action : Word couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?.
Accepted Safe Mode action : Microsoft Word.
 
Error: (04/15/2015 09:55:21 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f
 
Error: (04/15/2015 09:55:21 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0x80072EFD
 
Error: (04/15/2015 09:52:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/15/2015 11:19:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: N360.exe, version: 12.11.4.4, time stamp: 0x53f531a0
Faulting module name: isDataPr.dll, version: 21.7.0.11, time stamp: 0x54fa887e
Exception code: 0xc0000005
Fault offset: 0x00095007
Faulting process id: 0xe00
Faulting application start time: 0xN360.exe0
Faulting application path: N360.exe1
Faulting module path: N360.exe2
Report Id: N360.exe3
 
 
System errors:
=============
Error: (04/19/2015 03:49:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDF Architect 2 Creator service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/19/2015 03:39:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell SupportAssist Agent service failed to start due to the following error: 
%%1053
 
Error: (04/19/2015 03:39:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.
 
Error: (04/19/2015 03:36:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton 360 service failed to start due to the following error: 
%%1053
 
Error: (04/19/2015 03:36:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Norton 360 service to connect.
 
Error: (04/19/2015 03:34:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error: 
%%1053
 
Error: (04/19/2015 03:34:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
 
Error: (04/19/2015 03:32:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (04/19/2015 03:32:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (04/19/2015 03:30:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:27:44 PM on ‎4/‎19/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (04/19/2015 03:49:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/16/2015 06:44:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/15/2015 11:04:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe42.0.2311.909dc01d077e3ea16091119C:\Program Files (x86)\Google\Chrome\Application\chrome.exef31d5738-e3e4-11e4-9714-ac7289f38e04
 
Error: (04/15/2015 10:11:25 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\NlsData0009.dllNotepadC00000B53
 
Error: (04/15/2015 10:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: notepad.exe6.1.7600.163854a5bc9b3KERNELBASE.dll6.1.7601.184095315a05ac0000006000000000000940d16f401d077e9a3f10affC:\Windows\system32\notepad.exeC:\Windows\system32\KERNELBASE.dlle2151a83-e3dd-11e4-9714-ac7289f38e04
 
Error: (04/15/2015 10:02:10 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: )
Description: Microsoft WordWord couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode.
 
Do you want to start in safe mode?
 
Error: (04/15/2015 09:55:21 PM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
Description: hr=0x80072EFD66c92734-d682-4d71-983e-d6ec3f16059f
 
Error: (04/15/2015 09:55:21 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: hr=0x80072EFD00010001(0x00000000, 21:55:09:759 - http://go.microsoft.com/fwlink/?LinkId=151642)
00020001(0x00000000, 21:55:09:759)
00030001(0x00000000, 21:55:09:759 - http://go.microsoft.com)
00030002(0x00000000, 21:55:09:759 - 0)
00040001(0x00000000, 21:55:09:759 - http://go.microsoft.com)
00040002(0x00000000, 21:55:09:774 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 21:55:21:071 - <NULL>)
00040006(0x00000000, 21:55:21:071 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 21:55:21:071 - 0)
00020007(0x80072EFD, 21:55:21:102)
00010002(0x80072EFD, 21:55:21:102 - <NULL>)
00010003(0x80072EFD, 21:55:21:102)
 
Error: (04/15/2015 09:52:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/15/2015 11:19:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: N360.exe12.11.4.453f531a0isDataPr.dll21.7.0.1154fa887ec000000500095007e0001d0778db3cc41ceC:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exeC:\Program Files (x86)\Norton 360\Engine\21.7.0.11\isDataPr.dlld1c427ba-e382-11e4-8585-ac7289f38e04
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-14 15:42:55.442
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-14 15:42:55.393
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-16 13:48:10.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-16 13:48:10.642
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-16 13:46:31.868
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-16 13:46:31.852
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-16 13:46:31.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-08-16 13:46:31.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8086.17 MB
Available physical RAM: 5438.67 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 13212.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:484.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=576.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 22 April 2015 - 09:49 PM

Hi Leslie. I apologize for the delay, I was not notified you replied.

This is how I would like to start.

Please cut and paste FRST.exe from your Downloads folder onto your Desktop.

Running from C:\Users\Leslie\Downloads


===================================================

Managing Attachments

----------
  • Navigate to the top of this post
  • In the upper right hand corner you will see your screen name
  • Left click on that and a drop down list will appear
  • Select My Settings
  • On the left hand side under General Settings click on Manage Attachments
  • To the very right on the blue bar just above the first entry click on the open check box
  • All of the checkboxes should now be checked
  • Click Delete Selected
  • Your should now see You have used 0bytes of 250K
  • Attach the System Summary report to your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> DefaultScope {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL = 
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://yahoo.mystart.com/results.php?pr=soda&id=sodapdftb&v=1_0&idate=2015-01-29&gen=sodapdf&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL = 
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> {FDD5A704-6EDC-4772-8B7C-4E25F73407ED} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130624,19854,0,67,0
Toolbar: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> No Name - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Attached System Summary file
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 lafogg

lafogg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 23 April 2015 - 02:14 PM

Hi Gary,

 

Thanks again for your help.

 

The computer is still running slow.  Opening programs takes a while.  After running adware, chrome seems to not open and the computer won't start in safe mode.  Correction (I am editing my observations): now chrome has opened and it seems to be running fine.  The computer seems ok now but a little slow.

 

Attached is the system summary file and below are the pasted logs:

 

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015 01
Ran by Leslie at 2015-04-23 12:12:13 Run:1
Running from C:\Users\Leslie\Desktop
Loaded Profiles: Leslie (Available profiles: Leslie)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> DefaultScope {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL =
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://yahoo.mystart.com/results.php?pr=soda&id=sodapdftb&v=1_0&idate=2015-01-29&gen=sodapdf&ent=ch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> {EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} URL =
SearchScopes: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> {FDD5A704-6EDC-4772-8B7C-4E25F73407ED} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130624,19854,0,67,0
Toolbar: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000 -> No Name - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Leslie\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}" => Key deleted successfully.
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
"HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFEB67B1-4F6C-4CCD-87E5-0358C2283F59}" => Key deleted successfully.
HKCR\CLSID\{EFEB67B1-4F6C-4CCD-87E5-0358C2283F59} => Key not found.
"HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FDD5A704-6EDC-4772-8B7C-4E25F73407ED}" => Key deleted successfully.
HKCR\CLSID\{FDD5A704-6EDC-4772-8B7C-4E25F73407ED} => Key not found.
HKU\S-1-5-21-3650139341-1082784151-2184992052-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8E613EAF-E16E-415C-BD39-F71D6A3B5518} => value deleted successfully.
HKCR\CLSID\{8E613EAF-E16E-415C-BD39-F71D6A3B5518} => Key not found.
catchme => Service deleted successfully.
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Service deleted successfully.
"HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-3650139341-1082784151-2184992052-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

==== End of Fixlog 12:12:13 ====

 

 

Adware log:

 

# AdwCleaner v4.201 - Logfile created 23/04/2015 at 12:35:03
# Updated 08/04/2015 by Xplode
# Database : 2015-04-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Leslie - LESLIE-PC
# Running from : C:\Users\Leslie\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\Users\Leslie\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Leslie\AppData\Roaming\Strongvault
Folder Deleted : C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Folder Deleted : C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta.com_0.localstorage
File Deleted : C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Search Protection]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20B9C05C-99C9-4BAB-B596-FB0C0E1C9F55}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B0-0409-0000-0000000FF1CE}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl []

-\\ Mozilla Firefox v37.0 (x86 en-US)


-\\ Google Chrome v42.0.2311.90

[C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
[C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [3125 bytes] - [23/04/2015 12:27:59]
AdwCleaner[S0].txt - [2930 bytes] - [23/04/2015 12:35:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2989  bytes] ##########
 

 

Junkware:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.1 (04.23.2015:1)
OS: Windows 7 Home Premium x64
Ran by Leslie on Thu 04/23/2015 at 13:58:37.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6d300c09-bc15-4045-9d75-3f6d505cdf0e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d300c09-bc15-4045-9d75-3f6d505cdf0e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6d300c09-bc15-4045-9d75-3f6d505cdf0e}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{1022487E-A572-4A39-B5FD-065D42DCB2FD}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{13CB2138-9E8C-4B1D-B5A3-B843AF5D0461}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{18AA0EDB-B07D-457A-9EA5-A548CC44FAA6}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{3D779463-610C-4571-ABDD-DBE84E23857B}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{4514B6D1-7C51-41C8-858B-A45C952CA563}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{51009CAF-9277-4220-A95A-B5FB68E22495}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{54A0A537-21A4-4B63-9815-DF63C290D654}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{64CD029D-E058-4446-AD19-4ED33D7BCA9E}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{6A45AD80-E6E5-48A6-B395-C671D11DC9A0}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{83C2E3C8-CF2B-4999-9BDB-F7F91051A99D}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{994E8973-554A-42DB-A7BB-610EFD1DFA65}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{9E8F1C84-C9A0-45CA-BC4A-BB32F1B797E4}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{AB0A41A6-ED2B-41A2-9DAE-46D05A37E428}
Successfully deleted: [Empty Folder] C:\Users\Leslie\appdata\local\{F1D5C5AC-2B8F-44EF-9C61-CE171A910B27}
Successfully deleted: [Folder] C:\ai_recyclebin
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Leslie\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin



~~~ FireFox

Emptied folder: C:\Users\Leslie\AppData\Roaming\mozilla\firefox\profiles\2a45q0jn.default\minidumps [226 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/23/2015 at 14:06:24.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attached Files


Edited by lafogg, 23 April 2015 - 02:25 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 23 April 2015 - 02:54 PM

Thanks for the update. Can you now boot into Safe Mode?

Let's do this now.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

WhatInStartup

-------------------
  • Download WhatInStartup for 64 bit computers and save it to your desktop
  • Unzip the folder onto your desktop
  • Double click the icon to run the program
  • Left click on the top entry to highlight it
  • Hold down the Shift key and left click the last item, thereby highlighting all the lines
  • Click File, then Save Selected Items
  • Save the file as WhatInStartup
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode?
  • Fixlog
  • WhatInStartup report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 lafogg

lafogg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 23 April 2015 - 04:31 PM

Hi Gary,

 

I thought Chrome was ok, but everything started to go slow.  I started to get corrupt file notices for frst and a plugin.  It still does not start in safe mode--it stalls while loading files; says please wait but does not move.  The last file listed is: Windows\system32\drivers\classpnp.sys.  Also, whenever I restart, it says ckdsk needs to run.  I stopped it because I wasn't sure if you wanted me to let it run.  I got these pop ups as well: 1) The file system structure on the disk is corrupt and unusable.  Please run the Chkdsk utility on the volume C:.  2) Intel Turbo Boost Technology Monitor 2.0 stopped working. Please try restarting Intel Turbo Boost Technology Monitor 2.0.

 

Here are the logs:

 

FIXLOG:

 

EmptyTemp: => Removed 658.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:49:00 ====

 

 

WHATINSTARTUP:

 

  ==================================================
Name              :
Type              : Registry -> Machine Run (WOW64)
Command Line      :
Disabled          : No
Product Name      :
File Version      :
Product Description:
Company           :
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      :
File Created Time :
File Modified Time:
File Attributes   :
File Size         :
Process Created On:
==================================================

==================================================
Name              : AccuWeatherWidget
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
Disabled          : No
Product Name      : accuweather
File Version      : 1.7.209.0
Product Description: AccuWeather.com desktop weather widget
Company           :
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
File Created Time : 2/1/2012 12:50:58 PM
File Modified Time: 2/1/2012 12:50:58 PM
File Attributes   : A
File Size         : 968,048
Process Created On: 4/23/2015 4:53:42 PM
==================================================

==================================================
Name              : Adobe ARM
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Disabled          : No
Product Name      : Adobe Reader and Acrobat Manager
File Version      : 1.701.8.0051
Product Description: Adobe Reader and Acrobat Manager
Company           : Adobe Systems Incorporated
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
File Created Time : 9/12/2014 5:43:06 AM
File Modified Time: 9/12/2014 5:43:06 AM
File Attributes   : A
File Size         : 959,176
Process Created On: 4/23/2015 4:54:00 PM
==================================================

==================================================
Name              : Apoint
Type              : Registry -> Machine Run
Command Line      : C:\Program Files\DellTPad\Apoint.exe
Disabled          : No
Product Name      : Alps Pointing-device Driver
File Version      : 7.3.101.97
Product Description: Alps Pointing-device Driver
Company           : Alps Electric Co., Ltd.
Location          : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files\DellTPad\Apoint.exe
File Created Time : 10/24/2011 1:14:29 PM
File Modified Time: 4/12/2011 7:19:54 PM
File Attributes   : A
File Size         : 609,144
Process Created On: 4/23/2015 4:53:28 PM
==================================================

==================================================
Name              : BrStsMon00
Type              : Registry -> Machine Run (WOW64)
Command Line      : C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
Disabled          : No
Product Name      : Status Monitor Application
File Version      : 1, 5, 5, 0
Product Description: Status Monitor Application
Company           : Brother Industries, Ltd.
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
File Created Time : 1/6/2015 3:55:48 PM
File Modified Time: 7/31/2012 3:29:18 PM
File Attributes   : R
File Size         : 3,084,288
Process Created On: 4/23/2015 4:54:04 PM
==================================================

==================================================
Name              : BTMTrayAgent
Type              : Registry -> Machine Run
Command Line      : rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
Disabled          : No
Product Name      : Microsoft® Windows® Operating System
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Product Description: Windows host process (Rundll32)
Company           : Microsoft Corporation
Location          : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Windows\system32\rundll32.exe
File Created Time : 7/13/2009 7:57:20 PM
File Modified Time: 7/13/2009 9:39:31 PM
File Attributes   : A
File Size         : 45,568
Process Created On: 4/23/2015 4:53:30 PM
==================================================

==================================================
Name              : CCleaner Monitoring
Type              : Registry -> User Run
Command Line      : "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Disabled          : No
Product Name      : CCleaner
File Version      : 4, 19, 00, 4867
Product Description: CCleaner
Company           : Piriform Ltd
Location          : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files\CCleaner\CCleaner64.exe
File Created Time : 10/30/2014 10:45:50 AM
File Modified Time: 10/30/2014 10:45:50 AM
File Attributes   : A
File Size         : 6,501,656
Process Created On: 4/23/2015 4:55:22 PM
==================================================

==================================================
Name              : ControlCenter4
Type              : Registry -> Machine Run (WOW64)
Command Line      : C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
Disabled          : No
Product Name      : Brother ControlCenter
File Version      : 4, 1, 35, 1
Product Description: ControlCenter Launcher
Company           : Brother Industries, Ltd.
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
File Created Time : 1/6/2015 3:55:42 PM
File Modified Time: 11/19/2012 5:25:14 PM
File Attributes   :
File Size         : 143,360
Process Created On:
==================================================

==================================================
Name              : DellStage
Type              : Registry -> Machine Run
Command Line      : "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
Disabled          : No
Product Name      : stage_primary
File Version      : 1.7.209.0
Product Description: Dell Stage
Company           :
Location          : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
File Created Time : 2/1/2012 12:50:02 PM
File Modified Time: 2/1/2012 12:50:02 PM
File Attributes   : A
File Size         : 2,195,824
Process Created On:
==================================================

==================================================
Name              : eFax 4.4
Type              : Registry -> User Run
Command Line      : "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
Disabled          : No
Product Name      : eFax Messenger ™
File Version      : 4.4.0.556
Product Description: eFax Messenger - DLL Command Utility
Company           : j2 Global, Inc.
Location          : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
File Created Time : 5/13/2014 4:48:28 PM
File Modified Time: 5/13/2014 4:48:28 PM
File Attributes   : A
File Size         : 95,232
Process Created On: 4/23/2015 4:53:35 PM
==================================================

==================================================
Name              : eFax 4.4
Type              : Startup Folder -> User
Command Line      : "C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe"
Disabled          : No
Product Name      : eFax Messenger ™
File Version      : 4.4.0.556
Product Description: eFax Messenger - Tray
Company           : j2 Global, Inc.
Location          : C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Process Path      : C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
File Created Time : 5/13/2014 4:49:55 PM
File Modified Time: 5/13/2014 4:49:55 PM
File Attributes   : A
File Size         : 629,760
Process Created On: 4/23/2015 4:53:44 PM
==================================================

==================================================
Name              : FUFAXRCV
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
Disabled          : No
Product Name      : EPSON PC-FAX SOFTWARE
File Version      : 2,0,0,16
Product Description: Fax Reception
Company           : SEIKO EPSON CORPORATION
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
File Created Time : 2/2/2014 4:10:41 PM
File Modified Time: 7/9/2012 5:01:10 PM
File Attributes   : A
File Size         : 502,952
Process Created On: 4/23/2015 4:53:54 PM
==================================================

==================================================
Name              : FUFAXSTM
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
Disabled          : No
Product Name      : EPSON PC-FAX SOFTWARE
File Version      : 2,0,0,16
Product Description: Fax Transmission
Company           : SEIKO EPSON CORPORATION
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
File Created Time : 2/2/2014 4:10:41 PM
File Modified Time: 7/9/2012 5:01:12 PM
File Attributes   : A
File Size         : 863,400
Process Created On: 4/23/2015 4:53:55 PM
==================================================

==================================================
Name              : GoogleChromeAutoLaunch_8E500A9E4AE736E17FD7A521B9D1D813
Type              : Registry -> User Run
Command Line      : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
Disabled          : No
Product Name      : Google Chrome
File Version      : 42.0.2311.90
Product Description: Google Chrome
Company           : Google Inc.
Location          : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Created Time : 2/27/2015 11:37:38 AM
File Modified Time: 4/13/2015 5:55:42 PM
File Attributes   : A
File Size         : 812,872
Process Created On: 4/23/2015 5:10:27 PM
==================================================

==================================================
Name              : HotKeysCmds
Type              : Registry -> Machine Run
Command Line      : C:\Windows\system32\hkcmd.exe
Disabled          : No
Product Name      : Intel® Common User Interface
File Version      : 8.15.10.2455
Product Description: hkcmd Module
Company           : Intel Corporation
Location          : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Windows\system32\hkcmd.exe
File Created Time : 10/24/2011 1:13:54 PM
File Modified Time: 8/5/2011 4:47:48 AM
File Attributes   : A
File Size         : 392,472
Process Created On: 4/23/2015 4:53:28 PM
==================================================

==================================================
Name              : iCloudServices
Type              : Registry -> User Run
Command Line      : C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Disabled          : No
Product Name      : iCloud
File Version      : 3.2.23.1
Product Description: iCloud
Company           : Apple Inc.
Location          : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
File Created Time : 10/17/2014 4:24:20 PM
File Modified Time: 10/17/2014 4:24:20 PM
File Attributes   : A
File Size         : 43,816
Process Created On: 4/23/2015 4:53:31 PM
==================================================

==================================================
Name              : IgfxTray
Type              : Registry -> Machine Run
Command Line      : C:\Windows\system32\igfxtray.exe
Disabled          : No
Product Name      : Intel® Common User Interface
File Version      : 8.15.10.2455
Product Description: igfxTray Module
Company           : Intel Corporation
Location          : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Windows\system32\igfxtray.exe
File Created Time : 10/24/2011 1:14:01 PM
File Modified Time: 8/5/2011 4:48:46 AM
File Attributes   : A
File Size         : 167,704
Process Created On: 4/23/2015 4:53:28 PM
==================================================

==================================================
Name              : IndexSearch
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
Disabled          : No
Product Name      : PaperPort
File Version      : 11.2
Product Description: PaperPort IndexSearch
Company           : Nuance Communications, Inc.
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
File Created Time : 7/10/2008 12:05:10 AM
File Modified Time: 7/10/2008 12:05:10 AM
File Attributes   : A
File Size         : 46,368
Process Created On:
==================================================

==================================================
Name              : Intel® Turbo Boost Technology Monitor 2.0
Type              : Startup Folder -> User
Command Line      : "C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe"
Disabled          : No
Product Name      : Intel® Turbo Boost Technology Monitor 2.0
File Version      : 2.1.23.0
Product Description: Intel® Turbo Boost Technology Monitor 2.0
Company           : Intel® Corporation
Location          : C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Process Path      : C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
File Created Time : 11/29/2010 4:01:00 PM
File Modified Time: 11/29/2010 4:01:00 PM
File Attributes   : A
File Size         : 204,288
Process Created On: 4/23/2015 4:53:44 PM
==================================================

==================================================
Name              : IntelPAN
Type              : Registry -> Machine Run
Command Line      : "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
Disabled          : No
Product Name      : Intel® PROSet/Wireless
File Version      : 14, 2, 0, 0
Product Description: Intel® PROSet/Wireless Framework
Company           : Intel® Corporation
Location          : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
File Created Time : 7/27/2011 9:51:58 PM
File Modified Time: 7/27/2011 9:51:58 PM
File Attributes   : A
File Size         : 1,935,120
Process Created On: 4/23/2015 4:53:29 PM
==================================================

==================================================
Name              : IntelTBRunOnce
Type              : Registry -> Machine Run
Command Line      : wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
Disabled          : No
Product Name      : Microsoft ® Windows Script Host
File Version      : 5.8.7600.16385
Product Description: Microsoft ® Windows Based Script Host
Company           : Microsoft Corporation
Location          : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Windows\system32\wscript.exe
File Created Time : 12/11/2013 5:53:42 PM
File Modified Time: 10/11/2013 9:33:26 PM
File Attributes   : A
File Size         : 168,960
Process Created On:
==================================================

==================================================
Name              : LTCM Client
Type              : Registry -> Machine Run (WOW64)
Command Line      : C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
Disabled          : No
Product Name      : LTCM Communications Client
File Version      : 1.18
Product Description: LTCM Communications Client
Company           : Leader Technologies Inc.
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\LTCM Client\ltcmClient.exe
File Created Time : 8/5/2009 1:36:18 PM
File Modified Time: 8/5/2009 1:36:18 PM
File Attributes   : A
File Size         : 1,596,096
Process Created On:
==================================================

==================================================
Name              : Monitor
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
Disabled          : No
Product Name      : Monitor Application
File Version      : 4,2,9,0
Product Description: Monitor Application
Company           : LeapFrog Enterprises, Inc.
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
File Created Time : 9/28/2012 2:42:08 PM
File Modified Time: 9/28/2012 2:42:08 PM
File Attributes   : A
File Size         : 298,376
Process Created On: 4/23/2015 4:53:43 PM
==================================================

==================================================
Name              : MusicManager
Type              : Registry -> User Run
Command Line      : "C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
Disabled          : No
Product Name      : Music Manager
File Version      : 1, 0, 182, 3607
Product Description: Music Manager
Company           : Google Inc.
Location          : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Users\Leslie\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
File Created Time : 3/31/2015 6:54:34 PM
File Modified Time: 3/31/2015 6:54:34 PM
File Attributes   : A
File Size         : 7,475,200
Process Created On: 4/23/2015 4:53:32 PM
==================================================

==================================================
Name              : PaperPort PTD
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
Disabled          : No
Product Name      : PaperPort
File Version      : 11.2
Product Description: PaperPort Print to Desktop for NT
Company           : Nuance Communications, Inc.
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
File Created Time : 7/10/2008 12:07:00 AM
File Modified Time: 7/10/2008 12:07:00 AM
File Attributes   : A
File Size         : 29,984
Process Created On: 4/23/2015 4:53:48 PM
==================================================

==================================================
Name              : Persistence
Type              : Registry -> Machine Run
Command Line      : C:\Windows\system32\igfxpers.exe
Disabled          : No
Product Name      : Intel® Common User Interface
File Version      : 8.15.10.2455
Product Description: persistence Module
Company           : Intel Corporation
Location          : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Windows\system32\igfxpers.exe
File Created Time : 10/24/2011 1:13:58 PM
File Modified Time: 8/5/2011 4:48:02 AM
File Attributes   : A
File Size         : 416,024
Process Created On: 4/23/2015 4:53:28 PM
==================================================

==================================================
Name              : PPort11reminder
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
Disabled          : No
Product Name      : SSEreg
File Version      : 5, 2, 0, 0
Product Description: Ereg
Company           : Nuance Communications, Inc.
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe
File Created Time : 8/31/2007 10:01:58 AM
File Modified Time: 8/31/2007 10:01:58 AM
File Attributes   : A
File Size         : 328,992
Process Created On:
==================================================

==================================================
Name              : QuickTime Task
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Disabled          : No
Product Name      : QuickTime
File Version      : 7.7.6 (1680.95.31)
Product Description: QuickTime Task
Company           : Apple Inc.
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\QuickTime\QTTask.exe
File Created Time : 10/2/2014 2:23:12 PM
File Modified Time: 10/2/2014 2:23:12 PM
File Attributes   : A
File Size         : 421,888
Process Created On:
==================================================

==================================================
Name              : RoxWatchTray
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
Disabled          : No
Product Name      : CommonSDK
File Version      : 12.2.1.47
Product Description: RoxMMTrayApp Module
Company           : Sonic Solutions
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
File Created Time : 11/25/2010 6:33:58 AM
File Modified Time: 11/25/2010 6:33:58 AM
File Attributes   : A
File Size         : 240,112
Process Created On:
==================================================

==================================================
Name              : RTHDVCPL
Type              : Registry -> Machine Run
Command Line      : C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
Disabled          : No
Product Name      : Realtek HD Audio Manager
File Version      : 1.0.0.104
Product Description: Realtek HD Audio Manager
Company           : Realtek Semiconductor
Location          : HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
File Created Time : 10/24/2011 1:14:22 PM
File Modified Time: 4/14/2011 7:01:08 PM
File Attributes   : A
File Size         : 6,629,480
Process Created On: 4/23/2015 4:53:28 PM
==================================================

==================================================
Name              : Send to OneNote
Type              : Startup Folder -> User
Command Line      : "C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE" /tsr
Disabled          : No
Product Name      : Microsoft OneNote
File Version      : 15.0.4645.1000
Product Description: Send to OneNote Tool
Company           : Microsoft Corporation
Location          : C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Process Path      : C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
File Created Time : 9/25/2014 6:53:26 PM
File Modified Time: 9/25/2014 6:53:26 PM
File Attributes   : A
File Size         : 195,240
Process Created On:
==================================================

==================================================
Name              : SSBkgdUpdate
Type              : Registry -> Machine Run (WOW64)
Command Line      : "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
Disabled          : No
Product Name      : SSBkgdUpdate
File Version      : 5,2,0,0
Product Description: SSBkgdUpdate
Company           : Nuance Communications, Inc.
Location          : HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Process Path      : C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
File Created Time : 10/25/2006 10:03:38 AM
File Modified Time: 10/25/2006 10:03:38 AM
File Attributes   : A
File Size         : 210,472
Process Created On:
==================================================

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 23 April 2015 - 04:44 PM

Thanks Leslie,

I will be away from my computer for several hours but would like you to run this.

===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CheckDisk report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 lafogg

lafogg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 23 April 2015 - 05:39 PM

Thanks, Gary!

 

Under the dirty bit column was: IS DIRTY

 

Here is the log:

 

Checkdisk of C: (Read only mode) started !

Started on : 2015/04/23 18:33:28

The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is OS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
Attribute record (128, "") from file record segment 72621
is corrupt.
Attribute record (128, "") from file record segment 75416
is corrupt.
Attribute record (128, "") from file record segment 75421
is corrupt.
Attribute record (128, "") from file record segment 75724
is corrupt.
Attribute record (128, "") from file record segment 75762
is corrupt.
Attribute record (128, "") from file record segment 76627
is corrupt.
Attribute record (128, "") from file record segment 102411
is corrupt.
Attribute record (128, "") from file record segment 102878
is corrupt.
Attribute record (128, "") from file record segment 102879
is corrupt.
Attribute record (128, "") from file record segment 102896
is corrupt.
Attribute record (128, "") from file record segment 102898
is corrupt.
Attribute record (128, "") from file record segment 102942
is corrupt.
Attribute record (128, "") from file record segment 299174
is corrupt.
  1225472 file records processed.
File verification completed.
  1507 large file records processed.
Errors found. CHKDSK cannot continue in read-only mode.

Checkdisk of C: (Read only mode) completed !

Ended on : 2015/04/23 18:33:53

Time elapsed : 25 seconds
 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 23 April 2015 - 08:22 PM

Thanks, please do this now.

===================================================

CheckDiskGUI Fix and Recover

--------------------
  • Launch CheckDiskGUI
  • Place a check mark in the C: drive box
  • Click Fix and Recover
  • Check Yes to schedule the volume to be checked on the next system restart and allow the computer to reboot
  • Launch CheckDiskGUI
  • Place a check mark in the C: drive
  • Click the Options tab
  • Place a check mark in Rescan all clusters for errors
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as Rerunchkdsk
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CheckDisk log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 lafogg

lafogg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 23 April 2015 - 09:47 PM

Hi Gary,

 

On restart, ckdsk tried to start again, but I canceled.

 

Here is the log--it did not indicate dirty this time:

 

Checkdisk of C: (Read only mode) started !
 
Started on : 2015/04/23 22:39:10
 
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no cor
ruption is present.
Volume label is OS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
Attribute record (128, "") from file record segment 62209
is corrupt.
Attribute record (128, "") from file record segment 72621
is corrupt.
Attribute record (128, "") from file record segment 75416
is corrupt.
Attribute record (128, "") from file record segment 75421
is corrupt.
Attribute record (128, "") from file record segment 75724
is corrupt.
Attribute record (128, "") from file record segment 75762
is corrupt.
Attribute record (128, "") from file record segment 76627
is corrupt.
Attribute record (128, "") from file record segment 102411
is corrupt.
Attribute record (128, "") from file record segment 102878
is corrupt.
Attribute record (128, "") from file record segment 102879
is corrupt.
Attribute record (128, "") from file record segment 102896
is corrupt.
Attribute record (128, "") from file record segment 102898
is corrupt.
Attribute record (128, "") from file record segment 102942
is corrupt.
Attribute record (128, "") from file record segment 183472
is corrupt.
Attribute record (128, "") from file record segment 299174
is corrupt.
  1225472 file records processed. 
File verification completed.
  1506 large file records processed. 
Errors found. CHKDSK cannot continue in read-only mode.
 
Checkdisk of C: (Read only mode) completed !
 
Ended on : 2015/04/23 22:40:02
 
Time elapsed : 52 seconds

Edited by lafogg, 23 April 2015 - 09:49 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 23 April 2015 - 10:01 PM

Hi Leslie,

Please do this.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 lafogg

lafogg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 23 April 2015 - 10:42 PM

Gary, I am not sure I did this correctly.  It installed in the program files and there were 2 drives found one was unknown.  I chose the other labeled as: WDC WD6400BPVT-75HXZT3

 

Thanks!

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Western Digital Scorpio Blue Serial ATA (Adv. Format)
Device Model:     WDC WD6400BPVT-75HXZT3
Serial Number:    WD-WX41E81MYJ05
LU WWN Device Id: 5 0014ee 601bd192f
Firmware Version: 03.01A03
User Capacity:    640,135,028,736 bytes [640 GB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Thu Apr 23 23:34:47 2015 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      ( 121) The previous self-test completed having
the read element of the test failed.
Total time to complete Offline 
data collection:  (15300) seconds.
Offline data collection
capabilities:   (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time:   (   2) minutes.
Extended self-test routine
recommended polling time:   ( 151) minutes.
Conveyance self-test routine
recommended polling time:   (   5) minutes.
SCT capabilities:         (0x7035) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   199   199   051    Pre-fail  Always       -       18891
  3 Spin_Up_Time            0x0027   176   176   021    Pre-fail  Always       -       2200
  4 Start_Stop_Count        0x0032   098   098   000    Old_age   Always       -       2873
  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x002e   200   200   000    Old_age   Always       -       0
  9 Power_On_Hours          0x0032   091   091   000    Old_age   Always       -       6974
 10 Spin_Retry_Count        0x0032   100   100   000    Old_age   Always       -       0
 11 Calibration_Retry_Count 0x0032   100   100   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   098   098   000    Old_age   Always       -       2801
191 G-Sense_Error_Rate      0x0032   001   001   000    Old_age   Always       -       6719
192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       -       244
193 Load_Cycle_Count        0x0032   198   198   000    Old_age   Always       -       6278
194 Temperature_Celsius     0x0022   102   084   000    Old_age   Always       -       45
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       1
198 Offline_Uncorrectable   0x0030   100   253   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0008   100   253   000    Old_age   Offline      -       0
240 Head_Flying_Hours       0x0032   091   091   000    Old_age   Always       -       6906
241 Total_LBAs_Written      0x0032   200   200   000    Old_age   Always       -       24117300060
242 Total_LBAs_Read         0x0032   200   200   000    Old_age   Always       -       25651875809
254 Free_Fall_Sensor        0x0032   200   200   000    Old_age   Always       -       0
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed: read failure       90%      6974         45810344
# 2  Short offline       Completed without error       00%      6652         -
# 3  Short offline       Completed without error       00%      6377         -
# 4  Short offline       Completed without error       00%      6116         -
# 5  Short offline       Completed without error       00%      5994         -
# 6  Short offline       Aborted by host               10%      5822         -
# 7  Short offline       Completed without error       00%      5624         -
# 8  Short offline       Completed without error       00%      5472         -
# 9  Short offline       Completed without error       00%      5460         -
#10  Short offline       Completed without error       00%      5415         -
#11  Short offline       Completed without error       00%      5073         -
#12  Short offline       Completed without error       00%      4650         -
#13  Short offline       Completed without error       00%      4602         -
#14  Short offline       Completed without error       00%      4538         -
#15  Short offline       Interrupted (host reset)      80%      4515         -
#16  Short offline       Completed without error       00%      4322         -
#17  Short offline       Aborted by host               10%      4087         -
#18  Short offline       Aborted by host               10%      3567         -
#19  Short offline       Completed without error       00%      3297         -
#20  Short offline       Completed without error       00%      3093         -
#21  Short offline       Completed without error       00%      1932         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#14 lafogg

lafogg
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 23 April 2015 - 10:55 PM

Gary, I tried again to launch from the desktop and here are those results:
 
 
smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Western Digital Scorpio Blue Serial ATA (Adv. Format)
Device Model:     WDC WD6400BPVT-75HXZT3
Serial Number:    WD-WX41E81MYJ05
LU WWN Device Id: 5 0014ee 601bd192f
Firmware Version: 03.01A03
User Capacity:    640,135,028,736 bytes [640 GB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Thu Apr 23 23:51:12 2015 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      ( 120) The previous self-test completed having
the read element of the test failed.
Total time to complete Offline 
data collection:  (15300) seconds.
Offline data collection
capabilities:   (0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time:   (   2) minutes.
Extended self-test routine
recommended polling time:   ( 151) minutes.
Conveyance self-test routine
recommended polling time:   (   5) minutes.
SCT capabilities:         (0x7035) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   199   199   051    Pre-fail  Always       -       18891
  3 Spin_Up_Time            0x0027   176   176   021    Pre-fail  Always       -       2200
  4 Start_Stop_Count        0x0032   098   098   000    Old_age   Always       -       2873
  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x002e   200   200   000    Old_age   Always       -       0
  9 Power_On_Hours          0x0032   091   091   000    Old_age   Always       -       6974
 10 Spin_Retry_Count        0x0032   100   100   000    Old_age   Always       -       0
 11 Calibration_Retry_Count 0x0032   100   100   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   098   098   000    Old_age   Always       -       2801
191 G-Sense_Error_Rate      0x0032   001   001   000    Old_age   Always       -       6719
192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       -       244
193 Load_Cycle_Count        0x0032   198   198   000    Old_age   Always       -       6278
194 Temperature_Celsius     0x0022   103   084   000    Old_age   Always       -       44
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       1
198 Offline_Uncorrectable   0x0030   100   253   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0008   100   253   000    Old_age   Offline      -       0
240 Head_Flying_Hours       0x0032   091   091   000    Old_age   Always       -       6906
241 Total_LBAs_Written      0x0032   200   200   000    Old_age   Always       -       24117529330
242 Total_LBAs_Read         0x0032   200   200   000    Old_age   Always       -       25651911071
254 Free_Fall_Sensor        0x0032   200   200   000    Old_age   Always       -       0
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed: read failure       80%      6974         45810344
# 2  Short offline       Completed: read failure       90%      6974         45810344
# 3  Short offline       Completed without error       00%      6652         -
# 4  Short offline       Completed without error       00%      6377         -
# 5  Short offline       Completed without error       00%      6116         -
# 6  Short offline       Completed without error       00%      5994         -
# 7  Short offline       Aborted by host               10%      5822         -
# 8  Short offline       Completed without error       00%      5624         -
# 9  Short offline       Completed without error       00%      5472         -
#10  Short offline       Completed without error       00%      5460         -
#11  Short offline       Completed without error       00%      5415         -
#12  Short offline       Completed without error       00%      5073         -
#13  Short offline       Completed without error       00%      4650         -
#14  Short offline       Completed without error       00%      4602         -
#15  Short offline       Completed without error       00%      4538         -
#16  Short offline       Interrupted (host reset)      80%      4515         -
#17  Short offline       Completed without error       00%      4322         -
#18  Short offline       Aborted by host               10%      4087         -
#19  Short offline       Aborted by host               10%      3567         -
#20  Short offline       Completed without error       00%      3297         -
#21  Short offline       Completed without error       00%      3093         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:50 AM

Posted 24 April 2015 - 07:52 AM

Hi Leslie,

Can you tell me if you have backed up all your data? If not, I would suggest doing so just to be safe.

I would like to run another hard drive test. Please do this.

===================================================

Data Lifeguard Diagnostic for Windows

-------------------
  • Download Digital Data Lifeguard Diagnostic for Windows from this page (scroll down to the Download button on the left side) and save it to your desktop
  • Unzip the file onto your desktop
  • Right click on WinDlg.exe and select Run as Administrator
  • Check I accept this License Agreement then click Next
  • Left click on your Western Digital hard drive in the upper half of the screen
  • Just above that link click on the small icon where it says Click to run tests
  • Select EXTENDED TEST then click Start
  • Once completed you will be notified whether the hard drive passed or failed
  • Please copy and paste that information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Hard drive test results?

Edited by Oh My!, 24 April 2015 - 08:12 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users