Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something seems to be eating my files


  • This topic is locked This topic is locked
52 replies to this topic

#1 Kayza

Kayza

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 19 July 2015 - 04:43 PM

About a week ago noticed a new file in several directories. Each file is <name of the directory>.exe So if the directory is named PicturesFromTheWedding the file is PicturesFromTheWedding.exe. I also seem to be missing some files, but I'm not sure of the extent. All of the problems I have been seeing are on a NAS drive.
 
There are 3 computers that definitely access this NAS drive, and one that this on the network, but I don't think it accesses the NAS. I disconnected that computer from the network today. in the unlikely even that this is the problem computer, I'll deal with the need to connect when (and if) it comes up.
 
I ran NIS (which also runs in the background) and Malwarebytes on the other three coputers and they did not turn anything up. One computer is a desktop running XP, #2 is a laptop running Windows 7, and the third one is a deskotp running WIndows 7 as well. It does not have the latest patches, as they would not install properly. This is also the computer with the most constant connection to the NAS, so I'm assuming that this is the problem computer and the one I ran the FRST software on.
================================================================================================================================================
 
FRST.txt File
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Mommee (administrator) on MOMMEE-HP on 19-07-2015 17:00:29
Running from C:\Users\Mommee\Downloads
Loaded Profiles: Mommee (Available Profiles: Mommee & Girls & Boys & FreidKids)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\nf.exe
(Dell Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\tampmon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Esna Technologies Inc) C:\Program Files (x86)\iLink Pro\TAPI\UCTAPI.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\nf.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeChat\LifeChat.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Eye-Fi, Inc.) C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
(Google Inc.) C:\Users\Mommee\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Flux Software LLC) C:\Users\Mommee\AppData\Local\FluxSoftware\Flux\flux.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Spotify Ltd) C:\Users\Mommee\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\conathstnf.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
Failed to access process -> firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(2BrightSparks Pte Ltd) C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Logitech, Inc.) C:\Users\Mommee\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Mommee\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Piriform Ltd) C:\Program Files\Recuva\recuva64.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [LifeChat] => C:\Program Files\Microsoft LifeChat\LifeChat.exe [371712 2009-09-24] (Microsoft Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-21] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-12-16] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [DellNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1293824 2014-01-08] (Dell Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKLM\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [Google Update] => C:\Users\Mommee\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [Eye-Fi] => C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe [3961464 2011-12-22] (Eye-Fi, Inc.)
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [MusicManager] => C:\Users\Mommee\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7646208 2015-05-29] (Google Inc.)
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [UCClient25] => C:\Program Files (x86)\iLink Pro\UCCM_NG.exe [4321280 2013-06-04] (Esna Technologies Inc)
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [Google+ Auto Backup] => "C:\Users\Mommee\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [f.lux] => C:\Users\Mommee\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [GoogleChromeAutoLaunch_0A4DB44DDFCC3508C0B13C96E2BBF458] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [Spotify Web Helper] => C:\Users\Mommee\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-06-16] (Spotify Ltd)
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [Spotify] => "C:\Users\Mommee\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-03-22] (AMD)
HKU\S-1-5-18\...\RunOnce: [] => [X]
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2012-08-08]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-12-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-12-09]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2012-08-08]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Boys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-12-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (No File)
Startup: C:\Users\Mommee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-07-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\buShell.dll [2015-06-06] (Symantec Corporation)
GroupPolicyUsers\S-1-5-21-3765875806-1913735774-2595009715-1003\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3765875806-1913735774-2595009715-1002\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NS&pvid=22.5.0.124
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-05-23] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-17] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-12-09] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine64\3.2.1.34\coIEPlg.dll [2015-06-24] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-05-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-12-09] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\coIEPlg.dll [2015-06-24] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-12-09] (LastPass)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-12-09] (LastPass)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\coIEPlg.dll [2015-06-05] (Symantec Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0DE3EDDA-8611-4B95-85C1-87661A5542C3} http://s3-us-west-1.amazonaws.com/file.intangi.net/env/envision.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ingrammicro.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\Root\Office15\MSOSB.DLL [2014-04-13] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8458C55A-24E2-44BC-BE23-767491B2691C}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{9AA1D4A5-E196-4041-A0A3-D8BF6A77897B}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{BD4C5E95-971B-4FEC-841B-7D6E443ECD0D}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-12-09] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-12-09] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3765875806-1913735774-2595009715-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Mommee\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-3765875806-1913735774-2595009715-1001: @kaseya.com/LiveConnect63 -> C:\Users\Mommee\AppData\Local\Mozilla\Plugins No File
FF Plugin HKU\S-1-5-21-3765875806-1913735774-2595009715-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mommee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3765875806-1913735774-2595009715-1001: @talk.google.com/O1DPlugin -> C:\Users\Mommee\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3765875806-1913735774-2595009715-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3765875806-1913735774-2595009715-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mommee\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mommee\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Xmarks - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\foxmarks@kei.com [2015-06-02]
FF Extension: LastPass - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\support@lastpass.com [2015-07-02]
FF Extension: No Name - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\trash [2015-07-07]
FF Extension: IE Tab - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2015-06-02]
FF Extension: PrefBar - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754} [2015-06-05]
FF Extension: Shareaholic - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\firefox-extension@shareaholic.com.xpi [2015-04-15]
FF Extension: Share on Twitter - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\jid1-SmvuJ9Cq3Cx13w@jetpack.xpi [2015-02-12]
FF Extension: Session Manager - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-12-10]
FF Extension: Adblock Plus - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-10]
FF Extension: Tab Mix Plus - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-12-10]
FF Extension: DownThemAll! - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-06-18]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.1.0.10\coFFFw
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.1.0.10\coFFFw [2015-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.2.0.31\coFFPlgn [2015-06-29]

Chrome:
=======
CHR Profile: C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-12-08]
CHR Extension: (Google Docs) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-23]
CHR Extension: (Google Drive) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-23]
CHR Extension: (Session Manager) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2015-01-11]
CHR Extension: (YouTube) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-23]
CHR Extension: (Adblock Plus) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-02]
CHR Extension: (Pushbullet) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-12-30]
CHR Extension: (Norton Security Toolbar) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-05-26]
CHR Extension: (Google Search) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-23]
CHR Extension: (SocialBa! 2.0 ( Publish Sync )) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dabddpakolmhhlcblnooeacilidlbblh [2013-11-22]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2014-07-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-12-08]
CHR Extension: (IE Tab) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-03-19]
CHR Extension: (Tabman Tabs Manager) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmnkflcjcohihpdcniifjbafcdelhlm [2015-01-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-26]
CHR Extension: (Live Connect) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfgnpeijmldmjbigmlbjnkjlifodjfmm [2013-08-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Skype Click to Call) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (No Name) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2013-06-23]
CHR Extension: (Google Wallet) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-23]
CHR Extension: (SocialBa! ( Publish Sync )) - C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pminglaclldhniegaaacebbaojlkiipf [2013-07-19]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-06-25]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\Extensions\Chrome.crx [2015-07-02]
CHR HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mommee\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-02]
CHR HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfgnpeijmldmjbigmlbjnkjlifodjfmm] - C:\Users\Mommee\AppData\Local\Kaseya\LiveConnect\LiveConnect-6-3.crx [2013-08-04]
CHR HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\Exts\Chrome.crx [2015-06-25]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\Extensions\Chrome.crx [2015-07-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477056 2012-01-31] (Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-08-08] (Macrovision Europe Ltd.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S4 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-21] () [File not signed]
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\NS.exe [282016 2015-06-17] (Symantec Corporation)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\NF.exe [362320 2015-06-24] (Symantec Corporation)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [594944 2014-01-08] (Dell Inc.)
R2 TampMon; C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\TampMon.exe [306488 2015-06-24] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 UCTAPIClient; C:\Program Files (x86)\iLink Pro\TAPI\UCTAPI.exe [200704 2013-06-04] (Esna Technologies Inc) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150625.001\BHDrvx64.sys [1648880 2015-06-16] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1605000.07C\ccSetx64.sys [165080 2015-03-26] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0302010.022\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 ghsandroid; C:\Windows\System32\Drivers\ghsandroid.sys [38424 2011-03-30] (Google Inc)
S3 ghsdiagMDM; C:\Windows\System32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150630.001\IDSvia64.sys [692984 2015-06-20] (Symantec Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [348944 2011-06-15] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [70928 2011-06-15] (Intel® Corporation)
S4 LMIRfsClientNP; No ImagePath
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-21] (McAfee, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150630.020\ENG64.SYS [138488 2015-06-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\VirusDefs\20150630.020\EX64.SYS [2146040 2015-06-23] (Symantec Corporation)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2011-07-28] (SonicWALL Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-06-18] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1605000.07C\SRTSP64.SYS [917720 2015-06-04] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1605000.07C\SRTSPX64.SYS [42200 2015-03-26] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1605000.07C\SYMEFASI64.SYS [1611992 2015-06-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102616 2015-06-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1605000.07C\Ironx64.SYS [288984 2015-06-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1605000.07C\SYMNETS.SYS [567512 2015-06-04] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\System32\Drivers\NSMx64\0302010.022\SymRdrS.SYS [245976 2014-10-02] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zghsser; C:\Windows\System32\DRIVERS\zghsser.sys [131976 2012-10-31] (ZTE Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 RTL8192cu; system32\DRIVERS\WNA1000M.sys [X]
U0 sr; No ImagePath
U2 V2iMount; No ImagePath
S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [X]
S3 zgwhsmdm; system32\DRIVERS\zgwhsmdm.sys [X]
S3 zgwhsnmea; system32\DRIVERS\zgwhsnmea.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 17:00 - 2015-07-19 17:01 - 00046408 _____ C:\Users\Mommee\Downloads\FRST.txt
2015-07-19 17:00 - 2015-07-19 17:00 - 00000000 ____D C:\FRST
2015-07-19 16:59 - 2015-07-19 16:59 - 02134528 _____ (Farbar) C:\Users\Mommee\Downloads\FRST64.exe
2015-07-19 13:26 - 2015-07-19 13:26 - 00000000 ____D C:\VideoClips
2015-07-06 08:29 - 2015-07-06 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-07-04 22:59 - 2015-07-04 22:59 - 00001847 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-04 22:59 - 2015-07-04 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-04 22:59 - 2015-07-04 22:59 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-02 23:15 - 2015-07-02 23:15 - 00000000 ____D C:\Users\Mommee\Documents\TomTom
2015-07-02 23:15 - 2015-07-02 23:15 - 00000000 ____D C:\Users\Mommee\AppData\Roaming\TomTom
2015-07-02 23:15 - 2015-07-02 23:15 - 00000000 ____D C:\Users\Mommee\AppData\Local\TomTom
2015-07-02 23:15 - 2015-07-02 23:15 - 00000000 ____D C:\ProgramData\TomTom
2015-07-02 23:12 - 2015-07-02 23:12 - 31111104 _____ C:\Users\Mommee\Downloads\TomTomHOME2winlatest.exe
2015-06-29 00:40 - 2015-06-29 00:41 - 00000000 ____D C:\Users\Mommee\AppData\Local\NPE
2015-06-28 23:05 - 2015-07-14 23:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-28 23:04 - 2015-06-28 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-28 23:04 - 2015-06-28 23:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-28 23:04 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-28 23:04 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-25 19:30 - 2015-06-25 19:31 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2015-06-21 11:54 - 2015-06-21 11:54 - 00000000 ____D C:\Windows\Downloaded Installations
2015-06-21 11:45 - 2015-06-21 12:05 - 00000000 ____D C:\Users\Mommee\Downloads\NETGEAR
2015-06-19 14:33 - 2015-06-21 10:57 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D41202D5-CCDD-40DD-8FF4-3341A3D0DE3B}
2015-06-19 14:32 - 2015-06-21 12:35 - 00000000 ____D C:\Users\TEMP.Mommee-HP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 16:52 - 2012-08-29 21:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-19 16:35 - 2012-09-01 20:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-19 16:19 - 2014-07-11 10:05 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3765875806-1913735774-2595009715-1001.job
2015-07-19 16:17 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-19 16:17 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-19 16:12 - 2012-07-03 23:09 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765875806-1913735774-2595009715-1001UA.job
2015-07-19 15:12 - 2012-07-03 23:09 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765875806-1913735774-2595009715-1001Core.job
2015-07-19 15:07 - 2015-05-30 06:05 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3765875806-1913735774-2595009715-1001.job
2015-07-19 14:50 - 2012-07-03 22:58 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DC010E60-61B4-433A-B4E3-99265DDEA782}
2015-07-19 11:29 - 2012-07-03 22:57 - 01487853 _____ C:\Windows\WindowsUpdate.log
2015-07-18 19:35 - 2012-09-01 20:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-17 16:59 - 2012-08-22 23:55 - 00002296 ____H C:\Users\Mommee\Documents\Default.rdp
2015-07-17 00:54 - 2014-01-04 23:05 - 00000000 ____D C:\Program Files\Recuva
2015-07-17 00:46 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-17 00:43 - 2009-07-14 00:51 - 00246170 _____ C:\Windows\setupact.log
2015-07-16 15:37 - 2012-09-01 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-16 10:21 - 2012-07-19 21:03 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-15 19:30 - 2012-09-01 20:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 19:30 - 2012-09-01 20:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 18:47 - 2013-07-09 21:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-15 15:07 - 2012-07-03 23:09 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3765875806-1913735774-2595009715-1001UA
2015-07-15 15:07 - 2012-07-03 23:09 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3765875806-1913735774-2595009715-1001Core
2015-07-14 23:13 - 2014-05-10 21:54 - 00000000 ____D C:\Users\Mommee\AppData\Local\CrashDumps
2015-07-14 23:11 - 2013-08-25 16:33 - 00000000 ____D C:\Users\Mommee\AppData\Roaming\UCCM_NG
2015-07-14 23:10 - 2012-07-08 17:09 - 00000000 ____D C:\Users\Mommee\AppData\Local\Eye-Fi
2015-07-14 23:10 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-14 23:10 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 13:31 - 2013-06-23 15:36 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 03:29 - 2012-10-11 07:22 - 00000000 ____D C:\ProgramData\Recovery
2015-07-14 01:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-13 23:46 - 2014-12-09 18:53 - 00000000 ____D C:\Users\Mommee\AppData\Local\Xmarks
2015-07-13 23:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-13 23:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2015-07-13 22:22 - 2012-07-03 23:28 - 00000000 ____D C:\ProgramData\Apple
2015-07-12 21:48 - 2015-04-20 22:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 21:48 - 2014-12-10 00:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-12 21:48 - 2010-11-20 23:47 - 01826164 _____ C:\Windows\PFRO.log
2015-07-12 11:57 - 2014-07-04 09:16 - 00000000 ____D C:\Users\Mommee\AppData\Local\Adobe
2015-07-12 11:57 - 2012-08-29 21:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-12 11:57 - 2012-06-18 13:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-12 11:57 - 2012-06-18 13:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 21:21 - 2015-05-30 06:05 - 00003694 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3765875806-1913735774-2595009715-1001
2015-07-10 21:21 - 2014-07-11 10:05 - 00003598 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3765875806-1913735774-2595009715-1001
2015-07-09 23:25 - 2012-07-10 00:26 - 00000000 ____D C:\Temp
2015-07-04 23:03 - 2015-05-31 01:30 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-07-03 09:41 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-07-02 23:12 - 2012-07-10 00:06 - 00000000 ____D C:\Users\Mommee\AppData\Local\Downloaded Installations
2015-07-02 13:18 - 2014-10-26 02:38 - 00000000 ____D C:\Windows\system32\Drivers\NSMx64
2015-07-02 13:18 - 2014-10-26 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Family
2015-07-02 13:18 - 2014-07-29 08:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Family
2015-07-01 00:20 - 2015-02-22 21:16 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2015-07-01 00:09 - 2014-11-16 20:35 - 00000000 __SHD C:\Users\Mommee\AppData\Local\EmieBrowserModeList
2015-07-01 00:09 - 2014-04-24 22:28 - 00000000 __SHD C:\Users\Mommee\AppData\Local\EmieUserList
2015-07-01 00:09 - 2014-04-24 22:28 - 00000000 __SHD C:\Users\Mommee\AppData\Local\EmieSiteList
2015-06-30 00:13 - 2014-12-08 02:29 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-30 00:13 - 2014-12-08 02:29 - 00000961 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-06-29 00:41 - 2015-02-03 11:49 - 00000000 ____D C:\Program Files (x86)\Pidgin
2015-06-29 00:40 - 2012-07-04 11:14 - 00000000 ____D C:\ProgramData\Norton
2015-06-28 23:06 - 2012-07-03 23:28 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-28 23:04 - 2013-04-20 21:02 - 00000000 ____D C:\Users\Mommee\AppData\Roaming\Malwarebytes
2015-06-28 23:04 - 2012-07-03 23:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-28 22:33 - 2009-07-14 00:45 - 00559840 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-28 22:30 - 2015-05-10 23:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-28 22:30 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-28 22:29 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-25 23:47 - 2013-08-23 13:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-25 23:45 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-06-25 23:38 - 2012-07-03 23:36 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-25 23:02 - 2012-06-18 13:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-25 19:24 - 2015-05-26 21:27 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2015-06-25 19:23 - 2015-05-26 21:31 - 00003218 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-06-25 19:22 - 2015-05-26 21:29 - 00002305 _____ C:\Users\Public\Desktop\Norton Security.LNK
2015-06-25 19:22 - 2015-05-26 21:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2015-06-25 17:55 - 2012-07-08 22:55 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{603D4AEC-2576-4D11-8703-3BF0AD52F2A6}
2015-06-25 00:31 - 2012-07-04 11:23 - 00102616 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-06-25 00:31 - 2012-07-04 11:23 - 00008166 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-06-21 15:16 - 2012-07-05 22:47 - 00000000 ____D C:\Users\Mommee\AppData\Local\CutePDF Writer
2015-06-21 12:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-19 08:35 - 2012-07-09 23:02 - 00000000 ____D C:\Users\Mommee\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2014-12-09 18:26 - 2014-12-09 19:15 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-06-30 20:15 - 2013-06-30 20:15 - 0012358 _____ () C:\Users\Mommee\AppData\Roaming\PFP100JCM.{PB
2013-06-30 20:15 - 2013-06-30 20:15 - 0061678 _____ () C:\Users\Mommee\AppData\Roaming\PFP100JPR.{PB
2012-09-14 16:39 - 2012-09-14 16:39 - 0003584 _____ () C:\Users\Mommee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 21:59 - 2014-12-07 21:59 - 0000017 _____ () C:\Users\Mommee\AppData\Local\resmon.resmoncfg
2014-11-09 20:10 - 2014-11-11 11:24 - 0000000 _____ () C:\Users\Mommee\AppData\Local\{2A3ECC77-94BB-4174-A783-1A05579F573B}
2014-11-10 20:10 - 2014-11-10 20:10 - 0000000 _____ () C:\Users\Mommee\AppData\Local\{98DF985F-432A-4A77-8283-C9D178261DBA}
2012-11-30 14:01 - 2012-11-30 14:47 - 0005688 _____ () C:\ProgramData\LUUnInstall.LiveUpdate

Some files in TEMP:
====================
C:\Users\Mommee\AppData\Local\Temp\xuninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.


LastRegBack: 2015-07-13 01:51

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Mommee at 2015-07-19 17:01:43
Running from C:\Users\Mommee\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3765875806-1913735774-2595009715-500 - Administrator - Disabled)
Boys (S-1-5-21-3765875806-1913735774-2595009715-1003 - Limited - Enabled) => C:\Users\Boys
FreidKids (S-1-5-21-3765875806-1913735774-2595009715-1006 - Limited - Enabled) => C:\Users\FreidKids
Girls (S-1-5-21-3765875806-1913735774-2595009715-1002 - Limited - Enabled) => C:\Users\Girls
Guest (S-1-5-21-3765875806-1913735774-2595009715-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3765875806-1913735774-2595009715-1005 - Limited - Enabled)
Mommee (S-1-5-21-3765875806-1913735774-2595009715-1001 - Administrator - Enabled) => C:\Users\Mommee

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader for ScanSnap ™ 4.1 (HKLM-x32\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe Acrobat 9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{65C71432-369D-9883-6E6E-ED0887E6B2C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Dell SonicWALL Junk Button for Outlook (HKLM-x32\...\{9286A2D0-739A-4BE9-BCB1-40096B61EB7A}) (Version: 8.0.0 - SonicWALL)
Dell SonicWALL NetExtender (HKLM-x32\...\Dell SonicWALL NetExtender) (Version: 7.5.215 - Dell)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.0.0.4 - Hewlett-Packard Company)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
f.lux (HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Flux) (Version: - )
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.0.306 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
GoToMeeting 7.2.3.3019 (HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\GoToMeeting) (Version: 7.2.3.3019 - CitrixOnline)
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A02B03 - )
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden
iLink Pro (HKLM-x32\...\{7C68C33E-3086-42BF-A119-77D1AB6BDC9C}) (Version: 9.0.13.1604 - Esna Technologies Inc)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Network Connections 16.8.45.1 (HKLM\...\PROSetDX) (Version: 16.8.45.1 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
ISO Recorder (HKLM\...\{2D7ED2A0-9553-412B-939F-D6E0AEB2ABE1}) (Version: 3.1.0 - Alex Feinman)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java™ 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
join.me (HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\JoinMe) (Version: 1.20.0.125 - LogMeIn, Inc.)
Kaseya Remote Control (HKLM-x32\...\{F3BF13F0-FFE8-45AF-A97E-E358C8F98CB1}) (Version: 8.0.5395.34972 - Kaseya)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LibreOffice 4.2 Help Pack (English (United States)) (HKLM-x32\...\{8C6A5AF9-5A6F-4E24-AEA0-4921D832FE70}) (Version: 4.2.0.4 - The Document Foundation)
LibreOffice 4.4.1.2 (HKLM-x32\...\{4A754DA6-6E12-40AF-BAF0-B7D60C6BE005}) (Version: 4.4.1.2 - The Document Foundation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
LiveConnect (HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\{5A85FD2D-9D1C-43C1-A3F8-EA2703BBC12F}) (Version: 6.3.0.0 - Live Connect)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access 2013 - en-us (HKLM\...\AccessRetail - en-us) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft LifeChat (HKLM\...\{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}) (Version: 1.40.224.0 - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 en-US)) (Version: 31.4.0 - Mozilla)
MSRedist (x32 Version: 9.0.30729.4148 - Symantec Corporation) Hidden
MSRedx64 (x32 Version: 9.0.30729.4148 - Symantec Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\MusicManager) (Version: - Google, Inc.)
MyFreeCodec (HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\MyFreeCodec) (Version: - )
Norton Family (HKLM-x32\...\NSM) (Version: 3.2.1.34 - Symantec Corporation)
Norton Security (HKLM-x32\...\NS) (Version: 22.5.0.124 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.862 - Hewlett-Packard Company)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
R:BASE eXtreme 9.5 (32) (HKLM-x32\...\{04DC9AE6-1922-4994-9A2D-EE163623DB2D}) (Version: 9.5.2.11115 - R:BASE Technologies, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6582 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5119 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RJJ Digital Collection (HKLM-x32\...\{983FD420-6F3C-4C9A-94AE-09CD4E17F8F6}) (Version: 1.0 - Rabbi Jacob Joseph School)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
ScanSnap (x32 Version: 5.0.21.1 - PFU Limited) Hidden
ScanSnap (x32 Version: 5.1.62.2 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L61 - PFU)
ScanSnap Organizer (x32 Version: 4.1.11.3 - PFU LIMITED) Hidden
ScanSnap Organizer (x32 Version: 4.1.50.8 - PFU LIMITED) Hidden
ScanSnap Organizer (x32 Version: 4.1.61.1 - PFU LIMITED) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sharepod 4.0.3.0 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBackSE (HKLM-x32\...\SyncBackSE_is1) (Version: 6.5.49.0 - 2BrightSparks)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software)
TweetDeck (HKLM-x32\...\{B2F34D92-C5CF-4801-90CB-D04A5634B334}) (Version: 1.5.3 - Twitter, Inc.)
VIP Access SDK (1.1.0.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.2 - Symantec Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VNC Viewer 5.2.2 (HKLM\...\{FF0D75AD-1856-4170-95CE-556CC3B0E36C}) (Version: 5.2.2 - RealVNC Ltd)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
WordPerfect Office 2002 OEM (HKLM-x32\...\WordPerfect Office 2002 OEM) (Version: - )
WordPerfect Office 2002 OEM (x32 Version: 10 - Corel) Hidden
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version: - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

06-07-2015 08:27:46 Installed Evernote v. 5.8.13
12-07-2015 21:57:52 Windows Update
12-07-2015 22:13:22 Windows Update
13-07-2015 21:54:51 Windows Update
13-07-2015 22:18:56 Removed Apple Application Support (32-bit)
13-07-2015 22:20:58 Removed Apple Application Support (64-bit)
13-07-2015 22:22:38 Removed Apple Mobile Device Support
13-07-2015 22:23:11 Removed Apple Mobile Device Support
13-07-2015 22:25:54 Removed Apple Software Update
13-07-2015 22:26:49 Removed Communication Assistant.
13-07-2015 22:31:47 Removed iTunes
13-07-2015 22:36:19 Removed TomTom HOME.
13-07-2015 22:37:19 Removed TomTom HOME Visual Studio Merge Modules
13-07-2015 22:38:22 Removed Xmarks for IE
13-07-2015 22:40:42 Windows Update
13-07-2015 23:39:46 Removed BlueJ
13-07-2015 23:45:49 Removed Xmarks for IE

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {035B0A1F-A341-46A1-9F57-F7E555F056D3} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {2C0A5CED-A13A-4D74-A8E1-3EFF97ECDA12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3765875806-1913735774-2595009715-1001Core => C:\Users\Mommee\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {2EC6EB90-FE91-450A-90D6-0084A8454AEB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\Root\Office15\msoia.exe [2014-05-23] (Microsoft Corporation)
Task: {321B25AF-7AAA-4B82-AC76-A6AE9F9E4669} - System32\Tasks\2BrightSparks\SyncBack\Mommee-HP-Mommee\SyncBackSE GoogleBackup => C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe [2014-10-13] (2BrightSparks Pte Ltd)
Task: {5842E24B-49FB-40B2-A5FF-2876F1070597} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {59FEA50A-0303-477A-BE02-6D0BF37CCC42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01] (Google Inc.)
Task: {5CACABBC-6A34-454A-80ED-958CD0F12636} - System32\Tasks\2BrightSparks\SyncBack\Mommee-HP-Mommee\SyncBackSE MainS => C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe [2014-10-13] (2BrightSparks Pte Ltd)
Task: {5F8953C0-C9A3-4D62-8481-014865776843} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {6AFDA8FA-674D-4D28-A084-A1E29263A3F6} - System32\Tasks\G2MUpdateTask-S-1-5-21-3765875806-1913735774-2595009715-1001 => C:\Users\Mommee\AppData\Local\Citrix\GoToMeeting\3019\g2mupdate.exe [2015-07-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6EB3B095-1D78-4A86-B1F5-54BE2152EC32} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {73873D89-A54A-4AD5-AA0F-9CE352C7ECD2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\Root\Office15\msoia.exe [2014-05-23] (Microsoft Corporation)
Task: {73E84774-6B2D-46EC-AABD-5D9C5476DD9D} - System32\Tasks\{31AFD407-A8B6-4CFD-9F59-9CFDED05E753} => pcalua.exe -a C:\Users\Mommee\Downloads\iview435_setup.exe -d C:\Users\Mommee\Downloads
Task: {7AC29424-C264-4F6B-954C-FBCDB33830E7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3765875806-1913735774-2595009715-1001UA => C:\Users\Mommee\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {9EC3BB53-4686-48EE-B8BC-77A1BD5F1CCE} - System32\Tasks\LIFECHAT_MSN_MESSENGER_INSTALL_WEB_PAGE => Rundll32.exe url.dll,OpenURL http://go.microsoft.com/fwlink/?linkId=57777&amp;clcid=0x409
Task: {9FB9F150-CA0A-4E66-81D8-3C980FEDB863} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {A44E36E7-C15F-4281-996C-38B7672859D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01] (Google Inc.)
Task: {A8985E20-6E05-4064-B6F7-BCD3E0B095D4} - System32\Tasks\{46E9B0EC-A3C1-418D-986A-6B9B08E8624F} => pcalua.exe -a C:\Users\Mommee\Downloads\irfanview_plugins_435_setup.exe -d C:\Users\Mommee\Downloads
Task: {A94B5BFB-C3B3-43E5-9B37-33227EECDAEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-12] (Adobe Systems Incorporated)
Task: {AAD841AA-7B7C-4F1A-A3B9-43DFB5D25CA9} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {AAEE0756-80BB-469A-8DD3-24520286777D} - System32\Tasks\{31D9D969-B23E-4FCE-8958-303CA5EBF650} => pcalua.exe -a "C:\WorkRelated\HOCS\HP0-J73-Prep\pass4suresENGINE.com HP-HP0-J73-setup.exe" -d C:\WorkRelated\HOCS\HP0-J73-Prep
Task: {AD793137-CB68-4AB7-B896-404E813AB63B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {ADB4336A-EA74-4645-BB4B-D9270DB1AECB} - System32\Tasks\2BrightSparks\SyncBack\Mommee-HP-Mommee\SyncBackSE ScannerBackup => C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe [2014-10-13] (2BrightSparks Pte Ltd)
Task: {AE21AC12-B3B5-46E7-8E91-4FE2CE4878DB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\WSCStub.exe [2015-06-17] (Symantec Corporation)
Task: {B87C5889-1434-4D9A-9C77-336F13D89B8E} - System32\Tasks\G2MUploadTask-S-1-5-21-3765875806-1913735774-2595009715-1001 => C:\Users\Mommee\AppData\Local\Citrix\GoToMeeting\3019\g2mupload.exe [2015-07-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BDD3D259-DEE7-46DA-B843-E2089EA057D8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {C9D981A9-48C5-4C2F-B621-F5D3888D99FE} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe [2009-09-24] (Microsoft Corporation)
Task: {E9C1D02F-C9F3-49B8-9A44-250BAA955107} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.5.0.124\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {EA5A9D5D-DBB7-44CE-A735-DA12A56B8683} - System32\Tasks\2BrightSparks\SyncBack\Mommee-HP-Mommee\SyncBackSE BoxBackup => C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe [2014-10-13] (2BrightSparks Pte Ltd)
Task: {EAA94FA3-40C0-4EC8-8ED4-245E33CAEFB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3765875806-1913735774-2595009715-1001.job => C:\Users\Mommee\AppData\Local\Citrix\GoToMeeting\3019\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3765875806-1913735774-2595009715-1001.job => C:\Users\Mommee\AppData\Local\Citrix\GoToMeeting\3019\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765875806-1913735774-2595009715-1001Core.job => C:\Users\Mommee\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765875806-1913735774-2595009715-1001UA.job => C:\Users\Mommee\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-03-21 19:14 - 2012-03-21 19:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2012-03-21 18:34 - 2012-03-21 18:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2012-07-03 23:15 - 2012-03-11 14:56 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-11-02 17:03 - 2011-11-02 17:03 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-22 13:56 - 2012-03-22 13:56 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-23 03:59 - 2014-05-23 03:59 - 08889512 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-02 09:18 - 2013-08-20 22:06 - 00723272 ____R () C:\Program Files (x86)\Norton Family\Engine\3.2.1.34\cfi.dll
2011-12-21 23:59 - 2011-12-21 23:59 - 00133120 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libexif.dll
2011-12-21 23:56 - 2011-12-21 23:56 - 00209408 _____ () C:\Program Files (x86)\Eye-Fi\Helper\libopenraw.dll
2015-05-29 16:04 - 2015-05-29 16:04 - 00117248 _____ () C:\Users\Mommee\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-05-29 16:04 - 2015-05-29 16:04 - 00234496 _____ () C:\Users\Mommee\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-05-29 16:04 - 2015-05-29 16:04 - 00253440 _____ () C:\Users\Mommee\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-05-29 16:04 - 2015-05-29 16:04 - 00344064 _____ () C:\Users\Mommee\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2014-04-30 00:20 - 2012-01-18 16:35 - 00385024 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-04-30 00:20 - 2011-12-14 21:49 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2012-08-08 20:30 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-04-30 00:20 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-07-14 13:30 - 2015-07-13 17:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 13:30 - 2015-07-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-01 22:50 - 2015-07-01 22:50 - 01020928 _____ () C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2012-06-18 13:14 - 2012-02-21 16:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-07-14 13:30 - 2015-07-13 17:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll
2015-07-16 15:37 - 2015-07-16 15:37 - 00098816 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32api.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00110080 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\pywintypes27.dll
2015-07-16 15:37 - 2015-07-16 15:37 - 00364544 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\pythoncom27.dll
2015-07-16 15:37 - 2015-07-16 15:37 - 00045568 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\_socket.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 01161216 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\_ssl.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00320512 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32com.shell.shell.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00713216 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\_hashlib.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 01175040 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\wx._core_.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00805888 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\wx._gdi_.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00811008 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\wx._windows_.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 01062400 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\wx._controls_.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00735232 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\wx._misc_.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00682496 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\pysqlite2._sqlite.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00087552 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\_ctypes.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00119808 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32file.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00108544 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32security.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00007168 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\hashobjs_ext.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00068096 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\usb_ext.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00167936 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32gui.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00018432 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32event.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00128512 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\_elementtree.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00127488 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\pyexpat.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00013824 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\common.time34.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00036864 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\_psutil_windows.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00038912 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32inet.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00011264 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32crypt.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00070656 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\wx._html2.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00027136 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\_multiprocessing.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00020480 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\_yappi.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00035840 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32process.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00686080 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\unicodedata.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00122368 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\wx._wizard.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00024064 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32pipe.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00010240 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\select.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00025600 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32pdh.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00525640 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\windows._lib_cacheinvalidation.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00017408 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32profile.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00022528 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\win32ts.pyd
2015-07-16 15:37 - 2015-07-16 15:37 - 00078336 _____ () C:\Users\Mommee\AppData\Local\Temp\_MEI159362\wx._animate.pyd
2015-07-01 17:35 - 2015-07-01 17:35 - 21121032 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2015-07-01 17:36 - 2015-07-01 17:36 - 00212488 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00988696 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00138776 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2015-07-01 17:35 - 2015-07-01 17:35 - 00195096 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mommee\Desktop\email.shorefrontjcc.org:4433.lnk

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25840458.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TampMon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25840458.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TampMon => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mommee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{46A965C9-7CDE-4C20-8AA3-BFFE677F9BFB}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{51553850-D434-4398-95D9-4EE516A2C36F}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{C12F3D76-AC48-4B68-9DCC-9473AF5052C7}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{2CEA8546-E62A-4E10-B604-16319228163C}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{B8D81FCB-F81F-4E7A-A767-CD368CDA0304}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7A85CC9F-ADF5-457C-BA86-CB08BB5FE2EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8D3C42E9-1B29-4439-BCF5-1ABD2F512481}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{45136704-D256-427F-B4F5-5BF56AB6F0FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6B214E93-C3E6-423C-BC81-DDC4A48D0FE7}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A1818105-DFA7-4622-BB68-8C9D3BD84BF4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{BA9371E4-3C2F-453E-8F1D-0C07048F8249}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{8452D177-A84B-455A-9513-F1A3D98577A0}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{51A467AF-FA67-400D-A353-7C9CFE99F7B9}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [{3224D2EE-F53F-452A-9024-193DCE83003F}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.com
FirewallRules: [{95E2F750-BBB5-4161-88E2-1A5A2EB426A1}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\WinWrapIDE.exe
FirewallRules: [{8B2DB280-873E-43FD-86DC-28A56B460B6E}] => (Allow) C:\Program Files (x86)\SPSSInc\PASWStatistics18\paswstat.exe
FirewallRules: [TCP Query User{142E4E3B-CCB1-4AE2-B7B0-41C453F55448}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{1AF20AC6-C928-4E9C-94E1-314D1825C257}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [TCP Query User{4375CDDD-D894-4488-8E2C-50B3630F0B10}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Block) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{7CC62C23-2D5A-44A1-A783-FE7DA0B885FA}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Block) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [TCP Query User{2A33F3B6-302A-4014-BA04-AFF6C5E5134B}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe] => (Allow) C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe
FirewallRules: [UDP Query User{6B933FE8-DC8B-470F-86CA-6CCC3D459B9C}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe] => (Allow) C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe
FirewallRules: [TCP Query User{F381A3A5-AE1B-40EA-AE2A-B59F5D85BC82}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe] => (Allow) C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe
FirewallRules: [UDP Query User{CDA6EA32-67BA-4FE9-B3D3-F5A8CA815C39}C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe] => (Allow) C:\program files (x86)\ringcentral\ringcentral call controller\rcui.exe
FirewallRules: [{A575177A-87EB-4AAF-80F4-4839F5A76DCA}] => (Allow) C:\Users\Mommee\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{4BD52B29-E82F-46FD-9CB2-D16263C8CF51}] => (Allow) C:\Users\Mommee\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{90317BA6-CF55-4176-A10C-42745D309291}C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe] => (Block) C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe
FirewallRules: [UDP Query User{7CD39712-C898-4F95-B875-FB8789C9E273}C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe] => (Block) C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe
FirewallRules: [{BE938523-7AE2-4A6F-A2E8-7C5793CA9A60}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6FE8CF09-8E3B-4F2A-ABE8-F34B86CC44BC}] => (Allow) C:\Users\Mommee\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{5C2E39E4-25C1-46D7-AD59-3FF159B6C785}] => (Allow) C:\Users\Mommee\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{196A7639-8A50-497C-AB06-1927E47C25D4}C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe] => (Allow) C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe
FirewallRules: [UDP Query User{74F9ABBE-B359-44C5-8398-175DD02F266C}C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe] => (Allow) C:\program files (x86)\ringcentral\ringcentral softphone\rcui.exe
FirewallRules: [TCP Query User{D3175305-7A97-4EF0-BC0F-ACD3C40EEA6F}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{A18AFA3A-BD5C-401F-A207-26A3384D6C52}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Block) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [TCP Query User{26B92C94-BF8C-41B0-A2D3-217FB80FA46A}C:\users\mommee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mommee\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D2DC637B-5F5D-4008-BCCA-9690CB60349E}C:\users\mommee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mommee\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F67AFE20-8E9D-49B3-8B69-9AD672AC107A}] => (Block) C:\users\mommee\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1CA85956-FA10-4B9D-AFA1-C3A991220F7D}] => (Block) C:\users\mommee\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7A2E2040-1B47-4C5A-ACE0-5D7F8C4C0512}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{B9EEEAEC-3AE3-4AB9-A48B-23C017C748C9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0190E5DA-C1F8-480F-AF20-C6D28A6710D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{530A0377-C8F4-4743-9F1E-E560E258B113}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{14E7D31D-0C90-442A-BD05-8ED4F028F787}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BFB22509-30C3-4B99-B720-41F142933000}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{103A13E2-00EB-4E6F-B91F-ECB7E9B4AB4D}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{BABA711A-62A4-4C6E-97F4-5996DF923FA1}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{77CCC09A-31C2-4970-BD5D-E7D5E7CAA020}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{0D11CAB3-3424-4F00-98D7-12CC29B4C9BC}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{1755813E-4014-4E55-BF6B-76C1EDF6E615}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{A537047F-5F46-405B-B8E9-F37F81ECED20}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{EC1B1E6E-86E2-412B-872E-32E17DFA5CCD}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{A65ED2D8-CF7B-4665-9839-674E331208A8}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{BACA2D5A-FEF9-4C5A-A6D1-6A4CBB0A990E}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{000D0E79-A5B5-461D-A2F1-B065077CF9C3}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{AF06F9EC-31E5-43D5-86A1-4F81F3C9FF27}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{14AF1DC3-DEC3-41BD-823B-12879F110752}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{D325A639-EC0D-49FD-A54B-E935F6FCE132}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{A61B7828-63AD-45B6-BF66-3D83EDF0A820}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{F67D6563-A6B2-4D50-BA3A-677D33B36045}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{95071EB4-E492-4506-BE9E-EF290D16F5FB}] => (Allow) C:\Program Files (x86)\Nero\Nero 2014\Nero BackItUp\NBService\NBService.exe
FirewallRules: [{AD1D9546-6B68-422E-9167-6665C67248D1}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{33C4143A-70AF-4734-BEE5-59E9C328BE38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{60C68F76-7465-481A-BA5E-B59B01B22184}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DF408D38-1E4F-4782-B31D-6B9932F4B5D0}] => (Allow) C:\Program Files (x86)\Kaseya Remote Control\Kaseya Remote Control.exe
FirewallRules: [{EAB45133-1F7D-41DE-BA2C-0655404A3D4C}] => (Allow) C:\Program Files (x86)\Kaseya Remote Control\Kaseya.AdminEndpoint.exe
FirewallRules: [{09BE5D9D-F412-4E38-A981-0B3782A33798}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{551C9F10-E403-4E3A-A41E-7E9AFBEE897E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E0CA6D70-F630-4206-8241-7F072672365A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6A42AC63-3B9A-48BC-926F-E8F7C298C624}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6537B388-D471-4C58-9B1F-6F3BE2B126DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7DBD6434-709D-4456-9FB4-D82F7B424FB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CCE2DD17-5662-4287-A5A5-8673B9D5F1F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1C28134F-3728-4619-8984-D2E6605E65E8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{20643A9F-7578-4EB1-BE4C-E93782640DD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 11:13:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace4e7
Exception code: 0xc0000005
Fault offset: 0x000000000001e1ac
Faulting process id: 0xd84
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/13/2015 11:45:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {df115414-0723-4088-a3a5-e19f2b4eedf7}

Error: (07/13/2015 11:39:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {877b3480-1073-4882-a159-24cb6291308e}

Error: (07/13/2015 10:40:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d381548f-5aa8-48bf-ba15-77adaf96122c}

Error: (07/13/2015 10:38:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d381548f-5aa8-48bf-ba15-77adaf96122c}

Error: (07/13/2015 10:37:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d381548f-5aa8-48bf-ba15-77adaf96122c}

Error: (07/13/2015 10:36:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d381548f-5aa8-48bf-ba15-77adaf96122c}

Error: (07/13/2015 10:31:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {b175550e-3e5e-47d7-9daa-e02fd474dc9c}

Error: (07/13/2015 10:26:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {67512c42-38fd-4e93-93e0-7d221f358c83}

Error: (07/13/2015 10:25:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {67512c42-38fd-4e93-93e0-7d221f358c83}


System errors:
=============
Error: (07/17/2015 02:38:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/17/2015 02:38:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/17/2015 02:37:59 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/17/2015 02:33:02 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/17/2015 02:33:01 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/17/2015 02:30:40 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/17/2015 02:30:40 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/17/2015 02:30:39 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/17/2015 02:25:44 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/17/2015 02:25:43 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


Microsoft Office:
=========================
Error: (07/14/2015 11:13:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4MSVCR90.dll9.0.30729.61614dace4e7c0000005000000000001e1acd8401d0beabd16c928fC:\Windows\Explorer.EXEC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\MSVCR90.dll7f77d9b6-2a9f-11e5-aadb-534e57000000

Error: (07/13/2015 11:45:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {df115414-0723-4088-a3a5-e19f2b4eedf7}

Error: (07/13/2015 11:39:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {877b3480-1073-4882-a159-24cb6291308e}

Error: (07/13/2015 10:40:42 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d381548f-5aa8-48bf-ba15-77adaf96122c}

Error: (07/13/2015 10:38:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d381548f-5aa8-48bf-ba15-77adaf96122c}

Error: (07/13/2015 10:37:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d381548f-5aa8-48bf-ba15-77adaf96122c}

Error: (07/13/2015 10:36:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d381548f-5aa8-48bf-ba15-77adaf96122c}

Error: (07/13/2015 10:31:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {b175550e-3e5e-47d7-9daa-e02fd474dc9c}

Error: (07/13/2015 10:26:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {67512c42-38fd-4e93-93e0-7d221f358c83}

Error: (07/13/2015 10:25:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: IVssAsrWriterBackup::GetDiskComponents0x80070057, The parameter is incorrect.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {67512c42-38fd-4e93-93e0-7d221f358c83}


CodeIntegrity Errors:
===================================
Date: 2013-02-19 19:27:28.298
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-19 19:27:28.283
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-19 19:27:26.230
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-19 19:27:26.213
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-19 19:27:24.108
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-19 19:27:24.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-19 19:27:22.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-19 19:27:22.015
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-19 19:27:19.947
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-19 19:27:19.927
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 73%
Total physical RAM: 8134.95 MB
Available physical RAM: 2178.28 MB
Total Virtual: 16268.11 MB
Available Virtual: 6565.61 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.42 GB) (Free:605.67 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:8.89 GB) (Free:1 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (SHAREDMEDIA) (Fixed) (Total:42.28 GB) (Free:6.79 GB) FAT32
Drive h: (KAYZAS_DATA) (Fixed) (Total:19.14 GB) (Free:2.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8CD3129E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=922.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 6ECCDF8F)
Partition 1: (Not Active) - (Size=42.3 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=19.2 GB) - (Type=0C)
Partition 3: (Active) - (Size=171.4 GB) - (Type=OF Extended)

==================== End of log ============================

Attached Files


Edited by Oh My!, 23 July 2015 - 02:14 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:14 AM

Posted 23 July 2015 - 02:27 PM

Greetings Kayza and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Though you are having issues with multiple computers, we can obviously only address this one in this Topic.

Did you create this User Profile?

C:\Users\TEMP.Mommee-HP

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKLM\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-18\...\RunOnce: [] => [X]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (No File)
GroupPolicyUsers\S-1-5-21-3765875806-1913735774-2595009715-1003\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3765875806-1913735774-2595009715-1002\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin HKU\S-1-5-21-3765875806-1913735774-2595009715-1001: @kaseya.com/LiveConnect63 -> C:\Users\Mommee\AppData\Local\Mozilla\Plugins No File
FF Extension: No Name - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\trash [2015-07-07]
S4 LMIRfsClientNP; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 RTL8192cu; system32\DRIVERS\WNA1000M.sys [X]
U0 sr; No ImagePath
U2 V2iMount; No ImagePath
S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [X]
S3 zgwhsmdm; system32\DRIVERS\zgwhsmdm.sys [X]
S3 zgwhsnmea; system32\DRIVERS\zgwhsnmea.sys [X]
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
C:\Users\Mommee\AppData\Local\Temp\_MEI159362
AlternateDataStreams: C:\Users\Mommee\Desktop\email.shorefrontjcc.org:4433.lnk
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Create User Profile?
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Kayza

Kayza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 23 July 2015 - 08:57 PM

Thank you for your help. I totally understand that we can only deal with one computer at a time. I'll probably wind up wiping 2 of the other computers anyway as neither have any data or programs that I care about, do worst case I'll only need to come back for one other computer.

 

Feel free to call me Kayza.

 

I did not knowingly create any profile that starts with TEMP.

 

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:14 AM

Posted 23 July 2015 - 08:59 PM

Thank you Kayza, go ahead and complete the listed steps and we will go from there.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Kayza

Kayza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 23 July 2015 - 09:09 PM

AdwCleaner results:

 

# AdwCleaner v4.208 - Logfile created 23/07/2015 at 22:02:58
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Mommee - MOMMEE-HP
# Running from : C:\Users\Mommee\Downloads\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Mommee\AppData\Roaming\download Manager
Folder Deleted : C:\Users\Mommee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
File Deleted : C:\Users\Boys\AppData\Roaming\Mozilla\Firefox\Profiles\sto3v80r.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
[x] Not Deleted : HKCU\Software\Myfree Codec
[x] Not Deleted : HKLM\SOFTWARE\Myfree Codec
[x] Not Deleted : [x64] HKCU\Software\Myfree Codec
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)

[sto3v80r.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ggfc_14_40_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DtDtB0CyByCzztCyDyCyBtN0D0Tzu0StCtDtDzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytD[...]
[sto3v80r.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ggfc_14_40_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DtDtB0CyByCzztCyDyCyBtN0D0Tzu0StCtDtDzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzy[...]
[sto3v80r.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[sto3v80r.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[sto3v80r.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ggfc_14_40_ff&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DtDtB0CyByCzztCyDyCyBtN0D0Tzu0StCtDtDzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtB[...]

-\\ Google Chrome v44.0.2403.89

[C:\Users\Boys\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Boys\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4155 bytes] - [23/07/2015 21:59:13]
AdwCleaner[S0].txt - [3947 bytes] - [23/07/2015 22:02:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4006  bytes] ##########
 



#6 Kayza

Kayza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 23 July 2015 - 09:24 PM

JTR.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Professional x64
Ran by Mommee on Thu 07/23/2015 at 22:13:08.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_0A4DB44DDFCC3508C0B13C96E2BBF458



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files

Successfully deleted: [File] C:\Users\Mommee\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0.localstorage
Successfully deleted: [File] C:\Users\Mommee\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0.localstorage-journal



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\DIGITA~1
Successfully deleted: [Folder] C:\Users\Mommee\Appdata\Local\DIGITA~1
Successfully deleted: [Folder] C:\Users\Mommee\AppData\Roaming\DIGITA~1



~~~ FireFox

Emptied folder: C:\Users\Mommee\AppData\Roaming\mozilla\firefox\profiles\9u8a2dfy.default\minidumps [11 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Mommee\Appdata\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla

[C:\Users\Mommee\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Mommee\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ajpgkpeckebdhofmmjfgcjjiiejpodla

[C:\Users\Mommee\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Mommee\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ajpgkpeckebdhofmmjfgcjjiiejpodla
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/23/2015 at 22:20:56.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#7 Kayza

Kayza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 23 July 2015 - 09:35 PM

I created the fixlist.txt file on the desktop. I then tried to run frst, but got an error message. Rather than try to fix the problem, I am attaching a copy of it and waiting for your response.

 

Thank you!

 

 

 


Edited by Oh My!, 23 July 2015 - 09:54 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:14 AM

Posted 23 July 2015 - 09:38 PM

Please move FRST.exe onto your Desktop and try it again.

 

Running from C:\Users\Mommee\Downloads

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Kayza

Kayza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 23 July 2015 - 10:18 PM

I rebooted as instructed by the program.

 

Here is the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Mommee at 2015-07-23 23:12:45 Run:1
Running from C:\Users\Mommee\Desktop
Loaded Profiles: Mommee (Available Profiles: Mommee & Girls & Boys & FreidKids)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKLM\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-18\...\RunOnce: [] => [X]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (No File)
GroupPolicyUsers\S-1-5-21-3765875806-1913735774-2595009715-1003\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3765875806-1913735774-2595009715-1002\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin HKU\S-1-5-21-3765875806-1913735774-2595009715-1001: @kaseya.com/LiveConnect63 -> C:\Users\Mommee\AppData\Local\Mozilla\Plugins No File
FF Extension: No Name - C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\trash [2015-07-07]
S4 LMIRfsClientNP; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 RTL8192cu; system32\DRIVERS\WNA1000M.sys [X]
U0 sr; No ImagePath
U2 V2iMount; No ImagePath
S3 zgwhsdiag; system32\DRIVERS\zgwhsdiag.sys [X]
S3 zgwhsmdm; system32\DRIVERS\zgwhsmdm.sys [X]
S3 zgwhsnmea; system32\DRIVERS\zgwhsnmea.sys [X]
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mommee\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
C:\Users\Mommee\AppData\Local\Temp\_MEI159362
AlternateDataStreams: C:\Users\Mommee\Desktop\email.shorefrontjcc.org:4433.lnk
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ => value removed successfully
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3765875806-1913735774-2595009715-1003\User => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3765875806-1913735774-2595009715-1002\User => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\SOFTWARE\Policies\Google => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKU\S-1-5-21-3765875806-1913735774-2595009715-1001\Software\MozillaPlugins\@kaseya.com/LiveConnect63" => key removed successfully
FF Plugin HKU\S-1-5-21-3765875806-1913735774-2595009715-1001: @kaseya.com/LiveConnect63 -> C:\Users\Mommee\AppData\Local\Mozilla\Plugins No File not found.
C:\Users\Mommee\AppData\Roaming\Mozilla\Firefox\Profiles\9u8a2dfy.default\Extensions\trash not found.
LMIRfsClientNP => Service removed successfully
LMIInfo => Service removed successfully
massfilter_hs => Service removed successfully
RTL8192cu => Service removed successfully
sr => Service removed successfully
V2iMount => Service removed successfully
zgwhsdiag => Service removed successfully
zgwhsmdm => Service removed successfully
zgwhsnmea => Service removed successfully
"HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-3765875806-1913735774-2595009715-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"C:\Users\Mommee\AppData\Local\Temp\_MEI159362" => File/Folder not found.
C:\Users\Mommee\Desktop\email.shorefrontjcc.org => ":4433.lnk" ADS removed successfully.


The system needed a reboot..

==== End of Fixlog 23:12:45 ====



#10 Kayza

Kayza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 23 July 2015 - 10:24 PM

I'm attaching the system summary file.

 

The drives that were showing problems are currently disconnected from the network. On Sunday, I'm going to either wipe or detach the computer I didn't check and the XP one. At that point, if nothing serious shows up on this computer, I'll probably re-attach one of the drives and see how it goes.

 

 

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:14 AM

Posted 23 July 2015 - 10:24 PM

Could you provide an update regarding the state and performance of your computer?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:14 AM

Posted 26 July 2015 - 09:08 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Kayza

Kayza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 27 July 2015 - 07:18 AM

Sorry I missed this yesterday.

 

As I noted in my last message, I have not reconnected the drives that were losing files. When I posted that I was going to wipe the drives on the other machines and see if I can reconnect the drives on Sunday, I forgot that it was not going to be practical to do that.

 

My computer itself does not seem to be behaving any differently than it has been before running the progrograms you reccommended.

 

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:14 AM

Posted 27 July 2015 - 09:37 AM

Can you describe what problems you are noticing on the computer we are working on here, if any?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Kayza

Kayza
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 27 July 2015 - 07:34 PM

The one thing I can say for certain is that I can't get the Windows update to fishish properly. I just tried it now. It told me that there were 25 important updates, and apparently downloaded them all. It started installing then told me I needed to reboot, which I did. I then had to reboot multiple times because one of the updates failed, so it had to roll back and then reboot the system. It's kb3033929, which I see has had problems, so I don't know if it's my computer or the patch.

 

There was one odd behavior that I got intermittently, and I was not able to find a pattern, but it has not happened since I followed your instructions. What would happen is that my computer would start acting as though something was sitting on the keyboard, and whatever window I was in would start flickering. If I could use the mouse to go to a different window, that one would start flickering. And, the keyboard was effectively useless. The only way I could get it to stop was by restarting the computer. This was definitely intermittent, and I could fo several days without seeing it, so I am still not sure if that has stopped happening.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users