1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I have a browser hijacking malware in Chrome, IE and FireFox

Discussion in 'Virus & Other Malware Removal' started by EeeDeeRN, Apr 3, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    I noticed it in FireFox and happened shortly after installing FileZilla. I changed browsers and its everywhere. Multiple pop ups and the search is sponsored by "SUPRIZE" Its a mess. Below is my System Info.

    Thanks for your time.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz, Intel64 Family 6 Model 26 Stepping 5
    Processor Count: 8
    RAM: 12279 Mb
    Graphics Card: AMD Radeon HD 6570, 1024 Mb
    Hard Drives: C: Total - 942296 MB, Free - 669699 MB; D: Total - 11469 MB, Free - 1659 MB; E: Total - 953867 MB, Free - 953702 MB;
    Motherboard: PEGATRON CORPORATION, TRUCKEE
    Antivirus: Norton 360 Premier Edition, Updated and Enabled

    Deb
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi EedeeRN,
    You may have downloaded Filezilla from one of the sites that bundles adware with Free programs.
    (CNET, Softonic, Download.com, BrotherSoft.com)
    Source Forge is safer.

    Let's find whatever is on there and get rid of it.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  3. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Deb (administrator) on DEB-NEWPC on 04-04-2015 19:47:58
    Running from C:\Users\Deb\Desktop
    Loaded Profiles: Deb (Available profiles: Deb & Deb-Admin & DefaultAppPool)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Elo Touchsystems ) C:\Windows\SysWOW64\EloSrvce.exe
    (Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    () C:\Program Files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Microsoft) C:\Users\Deb\AppData\Local\Apps\2.0\YTJXGKAB.7YB\RY5GQVRH.T0E\yamm..tion_c3bce3770c238a49_0001.0000_8f8f769bd7f5f38b\Yammer.Notifier.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2331\g2mstart.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2331\g2mcomm.exe
    (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2331\g2mlauncher.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
    (Dropbox, Inc.) C:\Users\Deb\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\groove.exe
    (salesforce.com) C:\Users\Deb\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
    HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
    HKLM\...\Run: [HP Input Device Main Program] => C:\Program Files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exe [530432 2008-10-17] ()
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
    HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-03-10] (AMD)
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [Yammer Notifier] => C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation\Yammer\Yammer Notifier.appref-ms silent
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [Google Update] => C:\Users\Deb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-06] (Google Inc.)
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [GoToMeeting] => C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2331\g2mstart.exe [44400 2015-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-18\...\Run: [20090604] => C:\Program Files (x86)\The Print Shop 2.0 Professional\RegApp\encore_reg.exe [102522 2009-08-19] (DataLode, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk
    ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
    ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk
    ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Salesforce for Outlook.lnk
    ShortcutTarget: Salesforce for Outlook.lnk -> C:\Users\Deb\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe (salesforce.com)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&...tGtD0Fzyzz0EtD0AyD0AyD0F0A2Q&cr=877867768&ir=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://cp.appriver.com/services/exg2007/default.aspx
    URLSearchHook: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 - (No Name) - {81e93b9c-1052-4697-aafe-b40cd69c1d22} - No File
    SearchScopes: HKLM -> DefaultScope {45CB5A5D-389E-4392-AC11-0A354FC0ADAE} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {45CB5A5D-389E-4392-AC11-0A354FC0ADAE} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM -> {AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> DefaultScope value is missing.
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {45CB5A5D-389E-4392-AC11-0A354FC0ADAE} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> DefaultScope {F985F611-5C95-4CFE-8519-84B74EF2E464} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyByDyCtAyD0FzyzytG0BtBtBtDtGyDyBtA0AtGtAtA0ByCtGtB0B0DtBzy0CzztD0ByB0AyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0B0CtC0Ezz0EtGyB0F0DyEtG0ByBzz0DtGtDtCzzyCtGtD0Fzyzz0EtD0AyD0AyD0F0A2Q&cr=877867768&ir=
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> {45CB5A5D-389E-4392-AC11-0A354FC0ADAE} URL =
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> {AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA} URL =
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> {F985F611-5C95-4CFE-8519-84B74EF2E464} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyByDyCtAyD0FzyzytG0BtBtBtDtGyDyBtA0AtGtAtA0ByCtGtB0B0DtBzy0CzztD0ByB0AyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0B0CtC0Ezz0EtGyB0F0DyEtG0ByBzz0DtGtDtCzzyCtGtD0Fzyzz0EtD0AyD0AyD0F0A2Q&cr=877867768&ir=
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: No Name -> {11111111-1111-1111-1111-110411901174} -> No File
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-11] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-11] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    Toolbar: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> No Name - {81E93B9C-1052-4697-AAFE-B40CD69C1D22} - No File
    DPF: HKLM-x32 {1663ED61-23EB-11D2-B92F-008048FDD814} https://www.emscharts.com/cab/ScriptX.cab
    DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: HKLM-x32 {8D21CA5F-0C80-11D4-B888-005004D36D41} https://www.emscharts.com/cab/iDT.CAB
    DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} https://carelink.minimed.com/plugin/jinstall-6u16-windows-i586.cab
    DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
    DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://netscreen.upmc.com/dana-cached/sc/JuniperSetupClient.cab
    DPF: HKLM-x32 {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} http://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live Demo/nvUnifiedControl.ocx
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-20] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-16] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-16] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @movenetworks.com/Quantum Media Player -> C:\Users\Deb\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-09-30] (Move Networks)
    FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Deb\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [2012-07-30] ()
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-06-18] (globalUpdate)
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-06-18] (globalUpdate)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Deb\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-15] (Citrix Online)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Deb\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-09-30] (Move Networks)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Deb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-22] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Deb\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Deb\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-10-19] (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\CgpCore.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\confmgr.dll [2009-08-14] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2009-08-14] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\ctxmui.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\icafile.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\icalogon.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\msvcm80.dll [2007-03-16] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\msvcp80.dll [2007-03-16] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\msvcr80.dll [2007-03-16] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\npicaN.dll [2009-08-14] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2009-08-14] (Citrix Systems, Inc.)
    FF SearchPlugin: C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867\searchplugins\binkiland.xml [2015-02-27]
    FF Extension: suprize - C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867\Extensions\[email protected] [2015-04-01]
    FF Extension: tinyjsdebuggerenigmailnet - C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867\Extensions\[email protected] [2015-04-01]
    FF Extension: Pin It Button - C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867\Extensions\[email protected] [2015-02-16]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-23]
    FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-03-23]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-04]
    FF HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Deb\AppData\Roaming\Move Networks
    FF Extension: Move Media Player - C:\Users\Deb\AppData\Roaming\Move Networks [2010-09-30]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_frg01_15_09&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0StCtCyDtAtN1L2XzutAtFzztFtAtFtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0DtB0DyBtB0C0FtG0C0FtB0CtGtByC0EzytGtCyB0DyBtGyCyD0F0CyB0AtC0D0D0B0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0BzzyE0A0CyCtG0C0A0DtCtGyEzy0BzytGzyyB0FtAtG0ByCyByBtDyC0E0AtCtAzytA2Q&cr=597617453&ir=
    CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_frg01_15_09&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0StCtCyDtAtN1L2XzutAtFzztFtAtFtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0DtB0DyBtB0C0FtG0C0FtB0CtGtByC0EzytGtCyB0DyBtGyCyD0F0CyB0AtC0D0D0B0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0BzzyE0A0CyCtG0C0A0DtCtGyEzy0BzytGzyyB0FtAtG0ByCyByBtDyC0E0AtCtAzytA2Q&cr=597617453&ir=", "hxxp://www.emscharts.com/pub/", "hxxp://www.livestrong.com/myplate/#food/crunchmaster/multi-seed-crackers-original/", "hxxp://www.aol.com/", "https://login.salesforce.com/?ec=302&startURL=%2Fhome%2Fhome.jsp", "https://emscharts.ilinc.com/perl/ilinc/lms/event.pl", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_13_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyByDyCtAyD0FzyzytG0BtBtBtDtGyDyBtA0AtGtAtA0ByCtGtB0B0DtBzy0CzztD0ByB0AyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0B0CtC0Ezz0EtGyB0F0DyEtG0ByBzz0DtGtDtCzzyCtGtD0Fzyzz0EtD0AyD0AyD0F0A2Q&cr=877867768&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3314759&octid=EB_ORIGINAL_CTID&ISID=M7234E580-1EC3-4AC1-87A9-C9DF14AD30F5&SearchSource=55&CUI=&UM=5&UP=SPC15D6791-8956-424F-9D59-6A506EC089F0&SSPV="
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2014-08-01]
    CHR Extension: (Add to Amazon Wish List) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-09-13]
    CHR Extension: (Color Changer for Facebook) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheljpcbhldkdiabdemaflamgfnbpnkd [2013-06-07]
    CHR Extension: (Pin It Button) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-05-03]
    CHR Extension: (The weDownload Manager) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2014-06-22]
    CHR Extension: (hnldbiikfjheppkbnjbnkgimnfejifpf) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf [2015-04-01]
    CHR Extension: (iGive Button) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\igcjdamjhkmdccbmbilbpabpofenchge [2013-04-05]
    CHR Extension: (iPiccy Photo Editor) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2014-05-03]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-03]
    CHR Extension: (Facebook Album & Photo Manager) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2014-05-03]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-04-02]
    CHR Extension: (Google Wallet) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR HKLM\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - No Path Or update_url value
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-02]
    CHR HKLM-x32\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-02]
    StartMenuInternet: Google Chrome.JIY73426TWYQYIWA6USF3FPIA4 - C:\Users\Deb\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-25] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-03-25] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
    R2 EloSystemService; C:\Windows\SysWOW64\EloSrvce.exe [45056 2009-01-19] (Elo Touchsystems ) [File not signed]
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-18] (globalUpdate) [File not signed]
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-18] (globalUpdate) [File not signed]
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]
    R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2010-02-04] ( ) [File not signed]
    R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
    R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
    R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-04-30] (Ralink Technology, Corp.)
    R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-04-30] (Ralink Technology, Corp.)
    S3 scan; C:\Program Files\Immunet Protect\tetra\scan.dll [409088 2010-11-29] (Immunet) [File not signed]
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
    R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-03-21] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-04-01] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-04-01] (Symantec Corporation)
    R3 HidUsb; C:\Windows\SysWOW64\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed]
    S3 HpStkm01; C:\Windows\System32\DRIVERS\HpStkm01.SYS [14336 2008-08-29] (Primax Electronics Ltd.)
    R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150401.001\IDSvia64.sys [671448 2015-04-01] (Symantec Corporation)
    R3 mouclass; C:\Windows\SysWOW64\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
    R3 mouhid; C:\Windows\SysWOW64\DRIVERS\mouhid.sys [12160 2008-04-14] (Microsoft Corporation) [File not signed]
    R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150403.002\ENG64.SYS [129752 2015-04-01] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150403.002\EX64.SYS [2137304 2015-04-01] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-04-02] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
    R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2011-06-01] (Jungo)
    S3 getbus; \??\C:\Users\Deb\AppData\Local\Temp\getbus.sys [X]
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-04 19:47 - 2015-04-04 19:48 - 00046112 _____ () C:\Users\Deb\Desktop\FRST.txt
    2015-04-04 19:47 - 2015-04-04 19:48 - 00000000 ____D () C:\FRST
    2015-04-04 19:46 - 2015-04-04 19:46 - 02095616 _____ (Farbar) C:\Users\Deb\Desktop\FRST64.exe
    2015-04-03 17:07 - 2015-04-03 17:07 - 00000000 ____D () C:\Users\Deb\AppData\Local\{C9011DE7-7CB8-4304-8000-D3865F97C22F}
    2015-04-02 16:07 - 2015-04-02 16:07 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-04-02 16:07 - 2015-04-02 16:07 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-04-02 16:07 - 2015-04-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-02 15:15 - 2015-04-02 15:15 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
    2015-04-02 08:35 - 2015-04-02 15:10 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
    2015-04-02 08:35 - 2015-04-02 08:35 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2015-04-02 08:35 - 2015-04-02 08:35 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2015-04-02 08:35 - 2015-04-02 08:35 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2015-04-02 08:34 - 2015-04-02 15:10 - 00002281 _____ () C:\Users\Public\Desktop\Norton 360.lnk
    2015-04-02 08:34 - 2015-04-02 15:10 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
    2015-04-02 08:33 - 2015-04-02 15:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    2015-04-02 08:33 - 2015-04-02 08:34 - 00000000 ____D () C:\Program Files (x86)\Norton 360
    2015-04-02 08:20 - 2015-04-02 09:01 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-04-01 16:31 - 2015-04-02 09:11 - 00000000 ____D () C:\Program Files (x86)\suprize
    2015-03-31 14:26 - 2015-04-03 20:27 - 00000550 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1012019336-4294157242-4255772918-1000.job
    2015-03-31 14:26 - 2015-04-01 15:40 - 00003574 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1012019336-4294157242-4255772918-1000
    2015-03-31 14:26 - 2015-04-01 15:40 - 00002260 _____ () C:\Users\Deb\Desktop\GoToWebinar.lnk
    2015-03-31 14:26 - 2015-04-01 15:40 - 00001412 _____ () C:\Users\Deb\Desktop\GoToMeeting.lnk
    2015-03-31 14:26 - 2015-03-31 14:26 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
    2015-03-31 04:14 - 2015-03-31 04:14 - 00005655 _____ () C:\Users\Deb\AppData\Roaming\jOB6gafuc
    2015-03-31 04:14 - 2015-03-31 04:14 - 00004387 _____ () C:\Users\Deb\AppData\Roaming\dRGOIE2mLJ5D3Rv3Yi6LYhNL
    2015-03-26 10:28 - 2015-03-26 10:28 - 06208736 _____ (Tim Kosse) C:\Users\Deb\Downloads\FileZilla_3.10.2_win32-setup.exe
    2015-03-26 10:07 - 2015-03-26 10:08 - 00000000 ___RD () C:\Users\Deb\Desktop\EMS Guidelines
    2015-03-26 10:03 - 2015-04-02 08:33 - 00001308 _____ () C:\Users\Deb\Desktop\Norton Installation Files.lnk
    2015-03-25 10:19 - 2015-03-25 11:11 - 00000000 ____D () C:\Users\Deb\Downloads\Tx Protocols
    2015-03-25 02:06 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-03-25 02:06 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-03-25 02:06 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-03-25 02:06 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-03-25 02:06 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-03-25 02:06 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-03-25 02:06 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-03-25 02:06 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-03-24 13:45 - 2015-03-24 13:45 - 00000000 ____D () C:\Users\Deb\AppData\Local\{876A2B7B-E4EC-47CC-85D1-C0DE767231CB}
    2015-03-23 21:25 - 2015-04-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-23 09:12 - 2015-03-23 09:13 - 00000000 ____D () C:\Users\Deb\AppData\Local\{FB844EF7-98E9-4047-9493-18088D49B2D2}
    2015-03-19 08:41 - 2015-03-19 08:41 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
    2015-03-19 08:41 - 2015-03-19 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2015-03-18 15:45 - 2015-03-18 15:45 - 33980416 _____ () C:\Users\Deb\Downloads\ESOSuite(4).msi
    2015-03-18 15:41 - 2015-03-18 15:41 - 33980416 _____ () C:\Users\Deb\Downloads\ESOSuite(3).msi
    2015-03-17 09:35 - 2015-03-18 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESO Suite Pro
    2015-03-17 09:33 - 2015-03-17 09:33 - 00487424 _____ () C:\Users\Deb\Downloads\setup(4).exe
    2015-03-16 16:49 - 2015-03-16 16:49 - 00064267 _____ () C:\Users\Deb\Downloads\esologo.com
    2015-03-12 18:33 - 2015-03-12 18:35 - 00000000 ____D () C:\Users\Deb\AppData\Local\{E3C08AF4-29ED-4CD7-80FA-F4E8CAE1927C}
    2015-03-11 15:07 - 2015-03-11 15:07 - 00000000 ____D () C:\Users\Deb\AppData\OICE_15_974FA576_32C1D314_1536
    2015-03-11 04:07 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-11 04:07 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-11 04:07 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-11 04:07 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-11 04:07 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-11 04:07 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-11 04:07 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-11 04:07 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-11 04:07 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-03-11 04:07 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-11 04:07 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-11 04:07 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-11 04:07 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-11 04:07 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-03-11 04:07 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-03-11 04:07 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-03-11 04:07 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-03-11 04:07 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-03-11 04:07 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-03-11 04:07 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-03-11 04:07 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-03-11 04:07 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-11 04:07 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-11 04:07 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-11 04:07 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-11 04:07 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-11 04:07 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-11 04:07 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-11 04:07 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-11 04:07 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-11 04:07 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-03-11 04:07 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-11 04:07 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-03-11 04:07 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-11 04:07 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-11 04:07 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-03-11 04:07 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-03-11 04:06 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-11 04:06 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-03-11 04:06 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-03-11 04:06 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-03-11 04:06 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-03-11 04:06 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-03-11 04:06 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-11 04:06 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-11 04:06 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-11 04:06 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-11 04:06 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-11 04:06 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-11 04:06 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-11 04:06 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-11 04:06 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-11 04:06 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-11 04:06 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-11 04:06 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-11 04:06 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-11 04:06 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-11 04:06 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-11 04:06 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-11 04:06 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-11 04:06 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-11 04:06 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-11 04:06 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-11 04:06 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-11 04:06 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-11 04:06 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-11 04:06 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-11 04:06 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-11 04:06 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-11 04:06 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-11 04:06 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-11 04:06 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-11 04:06 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-11 04:06 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-11 04:06 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-11 04:06 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-11 04:06 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-11 04:06 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-11 04:06 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-11 04:06 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-11 04:06 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-11 04:06 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-11 04:06 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-11 04:06 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-11 04:06 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-11 04:06 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-11 04:06 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-11 04:06 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-11 04:06 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-11 04:06 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-11 04:06 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-11 04:06 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-11 04:06 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-11 04:06 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-11 04:06 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-11 04:06 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-11 04:06 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-11 04:06 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-11 04:06 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-11 04:06 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-11 04:06 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-11 04:06 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-11 04:06 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-11 04:06 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-11 04:06 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-11 04:06 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-11 04:06 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-11 04:06 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-11 04:06 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-11 04:06 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-11 04:06 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-11 04:06 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-11 04:06 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-11 04:06 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-11 04:06 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-11 04:06 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-11 04:06 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-11 04:06 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-10 08:53 - 2015-03-10 08:53 - 00044611 _____ () C:\Users\Deb\Documents\Copy of report1425579026318.xlsb
    2015-03-09 11:38 - 2015-03-09 11:39 - 00000000 ____D () C:\Users\Deb\AppData\Local\{B9A4D0A0-2AA7-4677-87D3-7798414EC381}
    2015-03-09 11:34 - 2015-03-09 11:34 - 07260204 _____ () C:\Users\Deb\Downloads\March Sabika Sale Trays are almost HERE!!!!.zip
    2015-03-09 08:51 - 2015-03-09 08:51 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-03-09 08:51 - 2015-03-09 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-03-09 08:50 - 2015-03-09 08:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-03-09 08:50 - 2015-03-09 08:51 - 00000000 ____D () C:\Program Files\iTunes
    2015-03-09 08:50 - 2015-03-09 08:50 - 00000000 ____D () C:\Program Files\iPod
    2015-03-09 08:50 - 2015-03-09 08:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2015-03-06 12:39 - 2015-03-09 08:52 - 00000000 ____D () C:\Users\Deb\AppData\OICE_15_974FA576_32C1D314_34AB

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-04 19:48 - 2010-03-25 15:40 - 01345126 _____ () C:\Windows\WindowsUpdate.log
    2015-04-04 19:46 - 2014-05-20 21:18 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Deb-NewPC-Deb Deb-NewPC
    2015-04-04 19:46 - 2012-04-11 18:40 - 00000000 ___RD () C:\Users\Deb\Dropbox
    2015-04-04 19:45 - 2012-04-11 16:04 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\Dropbox
    2015-04-04 19:44 - 2014-05-12 16:24 - 00000000 ____D () C:\Users\Deb\AppData\Local\Deployment
    2015-04-04 19:43 - 2014-06-18 16:09 - 00002496 _____ () C:\Windows\Tasks\09d2f095-b00b-4e2a-8f47-83a824a7126a-4.job
    2015-04-04 19:43 - 2014-06-18 16:09 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-04-04 19:42 - 2010-03-25 15:45 - 02561128 _____ () C:\Windows\PFRO.log
    2015-04-04 19:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-04 19:42 - 2009-07-14 00:51 - 00449020 _____ () C:\Windows\setupact.log
    2015-04-03 20:23 - 2012-09-06 18:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012019336-4294157242-4255772918-1000UA.job
    2015-04-03 20:21 - 2012-04-11 08:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-03 19:23 - 2012-09-06 18:37 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012019336-4294157242-4255772918-1000Core.job
    2015-04-03 16:50 - 2009-07-14 00:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-03 16:50 - 2009-07-14 00:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-03 16:47 - 2009-07-14 01:13 - 00942140 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-03 04:14 - 2014-06-18 16:09 - 00000928 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    2015-04-02 15:46 - 2010-04-11 21:39 - 00000000 ____D () C:\Users\Deb\AppData\Local\CrashDumps
    2015-04-02 09:15 - 2014-12-20 11:19 - 00000000 ____D () C:\Users\Deb\AppData\Local\NPE
    2015-04-02 09:11 - 2014-04-18 13:10 - 00000000 ____D () C:\ESO Solutions
    2015-04-02 09:11 - 2014-03-29 09:08 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\DigitalSites
    2015-04-02 09:09 - 2014-03-31 10:41 - 00000066 _____ () C:\Users\Deb\AppData\Roaming\WB.CFG
    2015-04-02 09:02 - 2014-12-20 11:23 - 00000000 ____D () C:\NPE
    2015-04-02 09:01 - 2010-04-02 16:55 - 00468040 _____ () C:\Users\Deb\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-04-02 09:00 - 2009-07-14 00:45 - 01667968 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-04-02 08:37 - 2010-11-29 07:29 - 00000000 ____D () C:\Users\Deb\Documents\Symantec
    2015-04-02 08:37 - 2010-11-28 20:23 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2015-04-02 08:37 - 2010-03-25 16:11 - 00000000 ____D () C:\ProgramData\Norton
    2015-04-02 08:33 - 2012-12-09 22:33 - 00095744 ___SH () C:\Users\Deb\Desktop\Thumbs.db
    2015-04-01 03:51 - 2014-11-22 06:07 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDeb
    2015-04-01 03:51 - 2014-11-22 06:07 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForDeb.job
    2015-03-31 14:26 - 2010-04-26 22:43 - 00000000 ____D () C:\Users\Deb\AppData\Local\Citrix
    2015-03-31 10:27 - 2010-04-02 17:07 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
    2015-03-30 13:19 - 2012-10-25 10:15 - 10405376 ___SH () C:\Users\Deb\Downloads\Thumbs.db
    2015-03-28 15:12 - 2009-07-13 22:34 - 00000499 _____ () C:\Windows\win.ini
    2015-03-28 03:51 - 2010-04-03 16:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-03-27 23:27 - 2014-06-18 16:09 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
    2015-03-26 12:17 - 2010-09-11 12:31 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\FileZilla
    2015-03-26 10:28 - 2013-08-12 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2015-03-26 10:28 - 2010-09-11 12:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
    2015-03-25 03:15 - 2014-12-27 06:02 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-03-25 03:15 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-03-20 09:42 - 2014-12-27 18:11 - 00000000 ____D () C:\Users\Deb\AppData\Local\Adobe
    2015-03-20 09:42 - 2012-04-11 08:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-20 09:42 - 2012-04-11 08:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-03-20 09:42 - 2011-06-24 09:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-03-19 19:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-16 08:08 - 2014-05-16 12:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-12 08:17 - 2012-04-11 18:40 - 00001016 _____ () C:\Users\Deb\Desktop\Dropbox.lnk
    2015-03-12 08:17 - 2012-04-11 16:04 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-03-12 08:16 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2015-03-12 04:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2015-03-12 03:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-12 03:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-03-12 03:10 - 2010-03-25 15:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-03-12 03:06 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-12 03:02 - 2010-04-02 19:43 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-03-11 15:53 - 2015-02-27 18:00 - 00000000 ____D () C:\ProgramData\5edd1a1200004778
    2015-03-09 08:50 - 2010-04-02 21:21 - 00000000 ____D () C:\Program Files\Common Files\Apple

    ==================== Files in the root of some directories =======

    2014-05-27 12:15 - 2014-05-27 12:15 - 0038476 _____ () C:\Users\Deb\AppData\Roaming\Comma Separated Values.ADR
    2015-03-31 04:14 - 2015-03-31 04:14 - 0004387 _____ () C:\Users\Deb\AppData\Roaming\dRGOIE2mLJ5D3Rv3Yi6LYhNL
    2015-03-31 04:14 - 2015-03-31 04:14 - 0005655 _____ () C:\Users\Deb\AppData\Roaming\jOB6gafuc
    2014-03-31 10:41 - 2015-04-02 09:09 - 0000066 _____ () C:\Users\Deb\AppData\Roaming\WB.CFG
    2013-04-21 18:42 - 2013-08-30 10:24 - 0893239 _____ () C:\Users\Deb\AppData\Local\a.zip
    2013-04-21 18:42 - 2013-08-30 10:24 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Deb\AppData\Local\BcsKtYcHW.dll
    2012-02-22 09:52 - 2012-02-22 10:35 - 0007168 _____ () C:\Users\Deb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-27 13:32 - 2015-02-27 13:32 - 0274045 _____ () C:\Users\Deb\AppData\Local\dsi1.dat
    2015-02-27 13:32 - 2015-02-27 13:32 - 0161916 _____ () C:\Users\Deb\AppData\Local\dsi2.dat
    2010-06-21 19:54 - 2010-06-21 19:54 - 0007605 _____ () C:\Users\Deb\AppData\Local\Resmon.ResmonCfg
    2011-06-23 17:04 - 2011-06-23 17:04 - 0121984 _____ () C:\Users\Deb\AppData\Local\tmp240019_10150629420360324_702365323_18558928_1131539_O.JPG
    2011-06-23 17:03 - 2011-06-23 17:03 - 0127341 _____ () C:\Users\Deb\AppData\Local\tmp241172_10150629419550324_702365323_18558920_7934583_O.JPG
    2011-06-23 10:09 - 2011-06-23 10:09 - 0425895 _____ () C:\Users\Deb\AppData\Local\tmp256881_1861364409041_1088862409_31819096_1285420_O.JPG
    2011-06-23 17:02 - 2011-06-23 17:02 - 0132241 _____ () C:\Users\Deb\AppData\Local\tmp257040_10150629418685324_702365323_18558917_2879572_O.JPG
    2010-06-06 19:09 - 2010-06-06 19:09 - 0071620 _____ () C:\Users\Deb\AppData\Local\tmp32016_394769833229_530448229_4204496_5884319_N.JPG
    2011-05-22 17:51 - 2011-05-22 17:51 - 0084585 _____ () C:\Users\Deb\AppData\Local\tmp40868_159976930686888_100000237466851_424614_2258228_N.JPG
    2011-05-22 17:56 - 2011-05-22 18:00 - 0091743 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.0
    2011-05-22 17:56 - 2011-05-22 18:00 - 0080726 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.1
    2011-05-22 18:00 - 2011-05-22 18:00 - 0080702 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.2
    2011-05-22 18:00 - 2011-05-22 18:00 - 0080681 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.3
    2011-05-22 18:00 - 2011-05-22 18:00 - 0080685 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.JPG
    2011-10-08 11:41 - 2011-10-08 11:41 - 2780184 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0073.JPG
    2011-10-08 11:40 - 2011-10-08 11:40 - 2892192 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0074.JPG
    2011-10-08 11:38 - 2011-10-08 11:38 - 2785382 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0075.JPG
    2011-10-08 11:37 - 2011-10-08 11:37 - 2815377 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0076.JPG
    2011-10-08 11:36 - 2011-10-08 11:36 - 2824800 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0079.JPG
    2011-10-08 11:32 - 2011-10-08 11:32 - 2769059 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0081.JPG
    2011-10-08 11:33 - 2011-10-08 11:33 - 0155587 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0081_CROP.JPG
    2011-10-08 00:12 - 2011-10-08 00:12 - 2773836 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0086.JPG
    2011-02-05 16:01 - 2011-02-05 16:01 - 0424786 _____ () C:\Users\Deb\AppData\Local\tmpPHOTO.0
    2011-02-05 16:01 - 2011-02-05 16:01 - 0128567 _____ () C:\Users\Deb\AppData\Local\tmpPHOTO.JPG
    2011-05-22 18:11 - 2011-05-22 18:11 - 0009424 _____ () C:\Users\Deb\AppData\Local\tmpREUNIONCROP2010.JPG
    2011-07-22 18:24 - 2011-07-22 18:24 - 0000000 _____ () C:\Users\Deb\AppData\Local\{D77D1757-934D-486D-B4B8-9F2C18ADA175}
    2014-02-16 16:38 - 2014-02-16 16:38 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-04-26 21:03 - 2013-12-26 12:38 - 0001717 _____ () C:\ProgramData\lxdu.log
    2010-04-26 00:07 - 2013-12-25 19:42 - 0001979 _____ () C:\ProgramData\lxduDiagnostics.log
    2010-07-06 17:58 - 2013-12-22 18:15 - 0087722 _____ () C:\ProgramData\lxduJSW.log
    2012-02-09 16:08 - 2012-02-09 16:08 - 0000119 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2008-11-05 00:06 - 2008-11-05 00:06 - 0069632 _____ (Juniper Networks) C:\ProgramData\NeoterisSetup.ocx
    2013-01-10 04:27 - 2013-01-10 04:27 - 2534076 _____ () C:\ProgramData\SPL1A91.tmp
    2013-01-13 17:50 - 2013-01-13 17:50 - 0470404 _____ () C:\ProgramData\SPL240F.tmp
    2013-01-05 04:55 - 2013-01-05 04:55 - 2534076 _____ () C:\ProgramData\SPL256A.tmp
    2011-06-15 19:29 - 2011-06-15 19:29 - 0407790 _____ () C:\ProgramData\SPL25E1.tmp
    2013-01-02 19:47 - 2013-01-02 19:47 - 2534076 _____ () C:\ProgramData\SPL3ED3.tmp
    2013-12-11 04:18 - 2013-12-11 04:18 - 0206348 _____ () C:\ProgramData\SPL63CD.tmp
    2013-06-18 18:42 - 2013-06-18 18:42 - 3040302 _____ () C:\ProgramData\SPL6D81.tmp
    2013-09-25 18:42 - 2013-09-25 18:42 - 0239814 _____ () C:\ProgramData\SPL6F0D.tmp
    2010-09-04 10:07 - 2010-09-04 10:07 - 0385751 _____ () C:\ProgramData\SPL7CB8.tmp
    2013-01-10 04:26 - 2013-01-10 04:26 - 2534076 _____ () C:\ProgramData\SPLAEB5.tmp
    2013-12-25 18:31 - 2013-12-25 18:31 - 0451108 _____ () C:\ProgramData\SPLAF2F.tmp
    2011-12-20 16:25 - 2011-12-20 16:25 - 1136052 _____ () C:\ProgramData\SPLCC2.tmp
    2013-01-02 10:47 - 2013-01-02 10:47 - 2534076 _____ () C:\ProgramData\SPLD450.tmp
    2011-12-20 16:25 - 2011-12-20 16:25 - 1136052 _____ () C:\ProgramData\SPLF700.tmp
    2013-01-02 19:48 - 2013-01-02 19:48 - 2534076 _____ () C:\ProgramData\SPLF7E5.tmp
    2013-01-02 10:48 - 2013-01-02 10:48 - 2534076 _____ () C:\ProgramData\SPLFCF5.tmp
    2011-09-04 02:03 - 2011-09-04 02:03 - 0291143 _____ () C:\ProgramData\SPLFF0E.tmp
    2011-03-19 10:28 - 2011-03-19 10:29 - 8969504 _____ (Secure Backup and Share) C:\ProgramData\TempComcastSecureBackupShare-update-94576f825cbee21cffeff81117efd21f.exe
    2010-04-03 16:31 - 2010-04-03 16:31 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

    Files to move or delete:
    ====================
    C:\ProgramData\TempComcastSecureBackupShare-update-94576f825cbee21cffeff81117efd21f.exe


    Some content of TEMP:
    ====================
    C:\Users\Deb\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe0wooj.dll
    C:\Users\Deb\AppData\Local\Temp\pn47C8.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-25 00:25

    ==================== End Of Log ============================
     
  4. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
    Ran by Deb at 2015-04-04 19:49:38
    Running from C:\Users\Deb\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 Premier Edition (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton 360 Premier Edition (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    FW: Norton 360 Premier Edition (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-zip v9.20 (HKLM-x32\...\7-Zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
    ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
    Able2Extract 7.0 (HKLM-x32\...\{49272E0B-CF97-4BD6-85A0-9B1C59495850}_is1) (Version: 7.0 - Investintech.com Inc.)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
    Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
    AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.7 - Autodesk, Inc.)
    Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version: - PopCap Games)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
    Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
    Citrix XenApp Web Plugin (HKLM-x32\...\{C0B165DC-F037-483F-B1C9-D89D91529CEB}) (Version: 11.0.150.5357 - Citrix Systems, Inc.)
    CODE-STAT 9.0 (HKLM-x32\...\{E4D3AFE8-A6A5-4242-BDB5-F36DBC462334}) (Version: 9.0.0.643 - Physio-Control, Inc.)
    CollageIt 1.8.5 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version: - PearlMountain Technology Co., Ltd)
    CopyTrans Suite Remove Only (HKLM-x32\...\CopyTrans Suite) (Version: - )
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
    Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
    Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
    Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - Creative Technology Limited)
    Cricut DesignStudio (HKLM-x32\...\Cricut DesignStudio) (Version: - )
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
    Dropbox (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
    ESO Suite Pro (HKLM-x32\...\{65E849F3-5314-47D8-BB47-36305175ADF1}) (Version: 4.8.2169.0 - ESO Solutions Inc.)
    Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
    EverQuest II (HKLM-x32\...\{B2ED6DAA-31AA-49E4-BFA1-AF3388D90F7D}) (Version: 1.00.000 - Sony Online Entertainment)
    EverQuest II (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\SOE-EverQuest II) (Version: - Sony Online Entertainment)
    EverQuest: Escape to Norrath (HKLM-x32\...\{AB8AADDB-E980-492D-B8F0-E7C52E9B20CC}) (Version: 1.00.000 - Sony Online Entertainment)
    FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
    Google Chrome (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    GoToMeeting 7.1.5.2491 (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\GoToMeeting) (Version: 7.1.5.2491 - CitrixOnline)
    GoToMeeting Outlook Calendar Plug-in (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\74BCB683C409F719EAB31FBFCB139767D04815FF) (Version: 2.11.79.0 - Citrix Online)
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
    HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HP Wireless Deluxe Desktop Combo (HKLM-x32\...\{B6264E4A-3233-46BB-A0D3-B2968AEF11F2}) (Version: 1.0.0.1 - Hewlett-Packard)
    HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Juniper Installer Service (HKLM-x32\...\SetupService) (Version: 1.3.2.12005 - Juniper Networks)
    Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 6.5.0.16339 - Juniper Networks)
    Juniper Networks Setup Client (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Juniper_Setup_Client) (Version: 2.1.4.7717 - Juniper Networks)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}) (Version: 1.18.9.1 - LightScribe)
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
    Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
    Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Research AutoCollage 2008 Academic Edition (HKLM-x32\...\{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}) (Version: 1.01.2008 - Microsoft Research)
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual Basic Power Packs 3.0 Redistributable (HKLM-x32\...\{928BDF57-B11C-3917-8C21-7948439E49B4}) (Version: 9.0.30214 - Microsoft)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
    Move Media Player (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Move Media Player) (Version: - Move Networks)
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
    Mozilla Firefox 37.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.10 - NETGEAR)
    NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.10 - NETGEAR) Hidden
    Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
    Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
    PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
    QuickShot 1.50 (HKLM-x32\...\QuickShot_is1) (Version: - ImageShack)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
    runtime64 (Version: 1.0.0 - immunet) Hidden
    Salesforce for Outlook (HKLM\...\{F2CED60E-2E22-4880-8D21-3AAE1B0DE6CD}) (Version: 2.7.01.3490 - salesforce.com)
    Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version: - )
    Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
    Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
    SimMan (HKLM-x32\...\{F88D3E05-D7F3-4B20-A8AC-98888ECAA273}) (Version: 3.4.0000 - Laerdal Medical)
    SimMan (x32 Version: 3.4.0000 - Laerdal Medical) Hidden
    Smilebox (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Smilebox) (Version: - )
    Snagit 12 (HKLM-x32\...\{BCD4C446-A778-4B65-B9BC-2360ED5AA5E3}) (Version: 12.3.1 - TechSmith Corporation)
    Sound Blaster X-Fi (HKLM-x32\...\{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}) (Version: 1.0 - Creative Technology Limited)
    Spotify (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
    The Print Shop 2.0 Professional (HKLM-x32\...\{159E3ACF-7D79-49A1-A085-9F53B0738C65}) (Version: 2.0.1.60 - Encore)
    The weDownload Manager (HKLM-x32\...\The weDownload Manager) (Version: 1.34.6.10 - weDownload) <==== ATTENTION
    TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
    Unity Web Player (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Image Editor (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Digital Sites) (Version: - Update for Image Editor) <==== ATTENTION
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.25 - WildTangent)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
    Windows Media Player Filter v4.6.0.5 (HKLM-x32\...\Windows Media Player Filter_is1) (Version: - )
    Yammer Notifier (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\8c3c8c06fefda92b) (Version: 1.0.0.564 - Microsoft Corporation)
    Zoom (HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\ZoomUMX) (Version: 2.5 - Zoom Video Communications, Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll No File
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{2FC26622-8613-373E-AF16-1037020B1210}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{65314D30-1EF1-362A-95EE-8A0E1EEDBB5B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{8DAB7772-9410-49BA-9958-EB8392EE2F35}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{8DC0828E-7DE4-37A6-951F-80EBE34305D1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{DEC08347-BAAF-3527-AE62-D8E3651DEF72}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    17-03-2015 09:34:40 Installed ESO Suite Pro
    18-03-2015 15:41:46 Installed ESO Suite Pro
    25-03-2015 03:00:12 Windows Update
    02-04-2015 08:44:58 Norton 360 Registry Clean
    02-04-2015 09:09:10 Norton_Power_Eraser_20150402090907276

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0172E549-D2D5-44D1-922D-C2D56DC4F989} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-20] (Adobe Systems Incorporated)
    Task: {0703C5BE-43B3-4336-810A-0B61AB079BC4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {08FA12A1-F33A-4229-B2FE-1682235400D6} - System32\Tasks\{C3219F4F-AE58-415A-8938-7E55CE3743B6} => C:\Users\Deb\AppData\Roaming\Spotify\spotify.exe [2015-02-18] (Spotify Ltd)
    Task: {0F1857AE-35C6-4A53-837C-ECF5599B0A72} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
    Task: {13B128D5-4BC3-4AA6-BDF6-888B4695665F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Deb-NewPC-Deb Deb-NewPC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
    Task: {1590C90A-C8D2-464D-8337-8E9C7724F4D1} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
    Task: {21045971-5171-42E2-B986-E3E40A46D685} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {28DBB883-6FD6-40F5-B87A-7A43016B78A3} - System32\Tasks\{A962213A-0096-4CCF-B209-444936B10742} => pcalua.exe -a "C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX9H9JQZ\NetFx20SP2_ia64[1].exe" -d C:\Users\Deb\Desktop
    Task: {3447B612-AE3B-4AAD-86FF-5791FE9EDC8B} - System32\Tasks\{009867AA-FC65-4F9A-BBBA-7AFE3D060938} => pcalua.exe -a "C:\Program Files (x86)\The weDownload Manager\Uninstall.exe" -c /fcp=1
    Task: {34DB0136-6DFB-4F95-A34B-E04D0FBA1B3E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {38730AC3-9810-4D2C-9C2D-8A8FBD0152F8} - System32\Tasks\{1F5CE0F5-26F1-46B9-9CCC-3459C74DD5D2} => pcalua.exe -a "C:\Users\Deb\Downloads\join-session (2).exe" -d C:\Users\Deb\Downloads
    Task: {3B8E81A3-46BA-4EE6-8F87-0D8EC0C26DA6} - System32\Tasks\{ECE562CB-3125-4646-A85B-622A1D0A2B58} => pcalua.exe -a "C:\Users\Deb\Downloads\join-session (6).exe" -d C:\Users\Deb\Downloads
    Task: {3C43CAB9-0E39-496D-AF34-83B9EF79B281} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
    Task: {3F25E78F-60A5-4BA3-8D0F-C65A9076527D} - System32\Tasks\{ACB68063-FFD3-4ED6-9020-2082F05B6530} => pcalua.exe -a C:\Users\Deb\Downloads\setup_en.exe -d C:\Users\Deb\Downloads
    Task: {41FBA86F-37CA-4227-BDFC-95EDB7722970} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {43E96B1F-B4AA-477D-BEA1-A79B56162D31} - System32\Tasks\{69395F50-9E89-4E49-8B3E-3F7CABA1EBDD} => pcalua.exe -a "C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX9H9JQZ\NetFx20SP1_x86[1].exe" -d C:\Users\Deb\Desktop
    Task: {472B7A14-3CAA-49E1-AA17-7A61A9178CFB} - System32\Tasks\{2E016070-8E1D-494E-B30D-CAEA0ECEE18A} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{F88D3E05-D7F3-4B20-A8AC-98888ECAA273}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
    Task: {47DC8521-45EA-40AD-85B8-578E699738E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {49A704FC-690A-4A27-B883-FA32A5732259} - System32\Tasks\{35107B9F-7B5D-452A-A45D-64B4CCC19025} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=12029
    Task: {510AB249-F748-4703-92F7-4B77F0D6E961} - System32\Tasks\G2MUpdateTask-S-1-5-21-1012019336-4294157242-4255772918-1000 => C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2491\g2mupdate.exe [2015-04-01] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {53D2FCD2-CDEE-42DC-B773-BBCC02E83431} - System32\Tasks\{4C0B04CB-D38A-4EF7-B1D6-D40A3D419F90} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe"
    Task: {55F8F5C8-47A9-46EF-B919-3626B7A7013C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
    Task: {5EA94708-B6FB-4B81-AB28-80BFDCB3ED70} - System32\Tasks\{88FDA758-B0AB-4D15-ACED-652E7D26103F} => pcalua.exe -a C:\Users\Deb\Downloads\g2m_codec.exe -d C:\Users\Deb\Downloads
    Task: {679A65A9-1394-4995-8820-EEC49A91DAF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1012019336-4294157242-4255772918-1000UA => C:\Users\Deb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)
    Task: {708CDC70-203E-4F43-B858-F70DE4A83256} - System32\Tasks\HPCeeScheduleForDeb => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {749EFEDE-55D2-4D05-B99C-E418BBD87BB8} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {757ADCAE-BAC3-4D6C-96AC-196E4762AFE0} - System32\Tasks\{FC1ED2CB-A9E2-4016-A6E6-CA8D8D3006F8} => pcalua.exe -a "C:\Users\Deb\Downloads\join-session (4).exe" -d C:\Users\Deb\Downloads
    Task: {8446EE2F-03A8-4986-84F2-BE1DD9F3A08F} - System32\Tasks\{C1B72959-3915-4C7C-8AF4-4A16F318633F} => pcalua.exe -a C:\Users\Deb\AppData\Local\Evernote\Evernote\AutoUpdate\Evernote_5.3.1.3363.exe -d "C:\Program Files (x86)\Evernote\Evernote" -c /qb
    Task: {859291D3-A9BC-4ED1-978B-3AACD369C357} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3ABE3J1K => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
    Task: {879AAC0C-F506-437A-BCE2-09E888BC94A7} - System32\Tasks\{0C9D10B4-85A8-416B-AD04-FC4D1CB23880} => pcalua.exe -a "C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QX9H9JQZ\dotnetfx35setup[1].exe" -d C:\Users\Deb\Desktop
    Task: {8AF1FA46-A368-40AC-9568-C2C7229D9618} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1012019336-4294157242-4255772918-1000Core => C:\Users\Deb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)
    Task: {8BE46E45-6D8D-455B-854A-F46C938DFCCD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
    Task: {947AD789-0E42-4F50-92EF-AF57800B375F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-03-24] (Microsoft)
    Task: {9D805FDC-1B4B-4C14-A8A6-6741DA0CC4B6} - System32\Tasks\{7EB0D77A-A9B6-4730-902F-8C0E55B3A382} => C:\Users\Deb\AppData\Roaming\Spotify\spotify.exe [2015-02-18] (Spotify Ltd)
    Task: {9F51A59E-E3CB-4A9C-9FF5-F3238E6D4492} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
    Task: {A0CFB13F-C18B-4023-A6A0-50C8395EA7CC} - System32\Tasks\{7F9BD063-F2DA-4542-8977-7D66557EBDD1} => pcalua.exe -a "C:\Users\Deb\Downloads\join-session (5).exe" -d C:\Users\Deb\Downloads
    Task: {A7049028-992B-4A08-A4DF-EC2E84B86516} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-18] (globalUpdate) <==== ATTENTION
    Task: {AB557B0B-0299-441E-83C2-69ED785FA502} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
    Task: {B930D782-0681-4561-A7BB-2C499F74FFAF} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-18] (globalUpdate) <==== ATTENTION
    Task: {BD040B43-99DF-4980-9BE8-47D7689758AF} - System32\Tasks\{1BED5473-F0B0-46E8-B9E1-6A3F2286C954} => pcalua.exe -a C:\Users\Deb\Downloads\join-session(3).exe -d C:\Users\Deb\Downloads
    Task: {C3656DED-A570-43BB-ADD9-5DBE3AF68456} - System32\Tasks\IHUninstallTrackingTASK => CMD
    Task: {CC78A5F9-39EC-49BC-B60D-925C7136A1BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {CCBBC52F-61D6-4CE4-B179-C74E7E55EB47} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
    Task: {CE065AC6-9E20-4B17-B4FC-494E2A0C45F9} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
    Task: {CFE56B67-48B0-46C1-9C3A-3215B5075A55} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
    Task: {D319DAD8-0E98-4C24-BBEB-31E14251FA18} - System32\Tasks\09d2f095-b00b-4e2a-8f47-83a824a7126a-4 => C:\Program Files (x86)\The weDownload Manager\09d2f095-b00b-4e2a-8f47-83a824a7126a-4.exe <==== ATTENTION
    Task: {D4E57A41-055C-4404-81F7-82A8F416D1D0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {DC815599-798C-4E9E-AA9B-0037F7601ED5} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
    Task: {E2E3E2A8-253F-4E1C-BC7B-886B23BDFAA2} - System32\Tasks\{666DBD6C-7875-436B-8584-995650BFC6FD} => pcalua.exe -a "C:\Users\Deb\Downloads\join-session (8).exe" -d C:\Users\Deb\Downloads
    Task: {E5302BEB-FE82-4915-8C11-AC0CBA95014E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
    Task: {E940E339-17D1-4EE8-A13B-54A48EC645DC} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
    Task: {EA12683C-0E35-443E-9171-DBE2B0B488BD} - System32\Tasks\{9A09A92A-E5CD-47E8-B844-188536A434A7} => pcalua.exe -a C:\Users\Deb\Downloads\join-session(2).exe -d C:\Users\Deb\Downloads
    Task: {EA21494B-EEC5-4DF2-A83F-A4FE6B1AD79F} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    Task: {EC05A0C1-37E8-4C3D-BBC2-542C9853173E} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
    Task: {EC9E6F77-2BA7-4A25-93DC-B60CD42436B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {F37B2CE4-DEE5-411F-8E18-6A25391D35FE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: C:\Windows\Tasks\09d2f095-b00b-4e2a-8f47-83a824a7126a-4.job => C:\Program Files (x86)\The weDownload Manager\09d2f095-b00b-4e2a-8f47-83a824a7126a-4.exe$/dVWxce /oayPhBa='The weDownload Manager' /earWh C:\Program Files (x86)\The weDownload Manager\49074.xpi' /QIQpTY=49074 /CkyBK='000898' /cyoXJiU='verticals-intext,ads,pops*bundledwith-browse_burst_s=intext,ads,pops' /Ogojh='0' /OaoPYpuup=1D2152D24A0642F5B42AD4213EFECFCCIE /iUjPaxy=fcbee4d290c3142fed1678baa2b9e5ba /uHJTze=1_34_06_10 /AuhTn=1.34.6.10 /aaEoboXHy=1403122159 /jcARvmGzo=http:/stats.datagenserv.com /zlGjU=http:/errors.datagenserv.com /yqZKZce=300 /[email protected]62b-e25e264651bb.com /zpbdcmm=0.94 /szncnD=ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074 /JlfJe=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49074.rdf /AinJd='The weDownload Manager' /LGebIYUF='Enhance your search results with direct download links and information for apps and games.' /rrijOUJ='weDownload' /aXbfkrX=ff /AuRfBhQOT='{asw:[0, 67109253, 0]}' /YVViAlXHe /lImKKppT /yZvuhnKwj /eAqANEI='http:/update.datagenserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1012019336-4294157242-4255772918-1000.job => C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2491\g2mupdate.exe
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012019336-4294157242-4255772918-1000Core.job => C:\Users\Deb\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012019336-4294157242-4255772918-1000UA.job => C:\Users\Deb\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForDeb.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

    ==================== Loaded Modules (whitelisted) ==============

    2010-04-03 16:35 - 2008-05-01 08:44 - 00045568 _____ () C:\Windows\System32\LXDUPMON.DLL
    2010-04-03 16:35 - 2008-05-29 20:14 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL
    2013-12-29 10:14 - 2010-02-04 04:54 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-05-16 12:00 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-09-26 06:53 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2009-09-14 19:17 - 2009-09-14 19:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2010-04-02 17:04 - 2008-10-17 00:22 - 00530432 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exe
    2010-04-02 17:04 - 2008-10-31 22:51 - 00501248 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\UI\xManager\xTools.dll
    2013-03-26 11:44 - 2013-03-26 11:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2015-03-02 16:30 - 2015-03-02 16:30 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-01-09 10:09 - 2013-01-09 10:09 - 00118784 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\Ralink.dll
    2012-09-04 13:34 - 2012-09-04 13:34 - 01066856 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\RaWLAPI.dll
    2014-08-15 17:02 - 2014-08-15 17:02 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
    2014-08-15 17:02 - 2014-08-15 17:02 - 00050688 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\ScrollingCapture.dll
    2014-08-15 17:02 - 2014-08-15 17:02 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
    2015-03-04 18:08 - 2015-03-04 18:08 - 00750080 _____ () C:\Users\Deb\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-04-04 19:44 - 2015-04-04 19:44 - 00043008 _____ () c:\users\deb\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe0wooj.dll
    2015-03-04 18:08 - 2015-03-04 18:08 - 00047616 _____ () C:\Users\Deb\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-03-04 18:08 - 2015-03-04 18:08 - 00865280 _____ () C:\Users\Deb\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-03-04 18:07 - 2015-03-04 18:07 - 00200704 _____ () C:\Users\Deb\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-09-26 06:51 - 2014-11-23 07:22 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
    2014-07-25 16:22 - 2014-07-25 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    2014-07-25 16:22 - 2014-07-25 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    2014-09-26 06:51 - 2014-11-23 07:22 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2014-09-26 06:53 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
    2014-08-10 19:39 - 2014-08-10 19:39 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
    2014-09-26 06:51 - 2014-11-23 07:22 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
    2014-09-26 06:53 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2014-10-17 03:42 - 2014-10-17 03:42 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
    2010-06-13 10:35 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Deb\Downloads\10259019_10102031147780503_166099458158485765_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10293825_10152641078992053_5821135503070883200_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10307166_10154436958825324_9221275175952732823_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10333257_687671341269962_1240688076327721916_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10414568_10152385171006696_319299734513905319_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10487606_10152077154451296_8780587372964506306_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10502077_10203418084150422_1931442428743544611_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10506717_10102356043726423_6464032931727312772_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10515276_10152375737773230_4480745517823525965_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10528345_699507176753045_6419697722322903811_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10536503_711079558929140_5872075979361207804_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10551015_10154518320745324_2163803040674238225_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10576979_10152248000940738_5076184865816379698_n.png:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10672283_431435117011323_3116959798028059282_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\10701926_10202930012106631_2253243227665316848_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\1265803_10152328344698230_5693387030390758441_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\1390582_10101661294873693_468586794_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\1966827_705494629540652_1920762607511681192_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\1969269_712407132114558_1581056028_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\1972421_674120769344705_8403059674772840333_n(1).jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\1972421_674120769344705_8403059674772840333_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\2014-05-24 15.13.57.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\2014-07-11 10.35 ESO Super User Training.wmv:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\2014-07-24 12.10.58.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\2014-07-24 20.24.11-2.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\2014-07-25 16.20.42.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\2014-09-19_14-11-06.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\2014-10-05_10-51-40.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\256881_1861364409041_1088862409_31819096_1285420_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\256881_1861364409041_1088862409_31819096_1285420_O_crop.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\257040_10150629418685324_702365323_18558917_2879572_o.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\400949_10100457783769593_1174708118_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\40868_159976930686888_100000237466851_424614_2258228_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\40868_159976930686888_100000237466851_424614_2258228_N_crop.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\58109_159976244020290_100000237466851_424597_7140393_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\65959_658126120944170_1559456738274216606_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\988379_10152116781413615_818897884_n.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Alex 12_26_008_2.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Alex 12_26_2008.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\amazing-trees-4.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\balance.png:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Be+Stronger+Canvas+Print.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\beautiful-flowers-background_84475-1400x1050.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\blu bus.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\c2015082ebcbf9bb139f6d98db911f1e.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Chapa family 2014.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\DSCN3248.JPG:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\DSCN3266.JPG:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\e.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\eces-landing-header.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Freeman Family ALex San ANtonio 2014 - Copy.JPG:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Good headshot.JPG:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\HistoryImage.aspx.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\IMG_1697.JPG:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\IMG_1765.JPG:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\IMG_1808.JPG:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\IMG_1838.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\IMG_1864.JPG:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Lamp.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Lidey_Martin_Krystal_Healy_Photography_DSC7096_low.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Missing.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Ourbluebus.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Peanuts-Dancing-GIF.gif:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\photo(13).jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\pikolino Alex web page.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Pittsburgh_view-from-incline_sm.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Reunion2crop.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\reunioncrop2010.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\reunioncrop2010_crop.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Steelers2014.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\stock-illustration-21060619-hand-drawn-map-of-west-virginia.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\sunflower.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Tia Mirtha_Jesus_Sofi.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\Tios JesusyMirtha_25 years.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\walmart.jpg:com.dropbox.attributes
    AlternateDataStreams: C:\Users\Deb\Downloads\wine rainbow.jpg:com.dropbox.attributes

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Deb^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1012019336-4294157242-4255772918-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-1012019336-4294157242-4255772918-1002 - Limited - Enabled)
    Deb (S-1-5-21-1012019336-4294157242-4255772918-1000 - Administrator - Enabled) => C:\Users\Deb
    Deb-Admin (S-1-5-21-1012019336-4294157242-4255772918-1007 - Administrator - Enabled) => C:\Users\Deb-Admin
    Guest (S-1-5-21-1012019336-4294157242-4255772918-501 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name: G:\
    Description: Compact Flash
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic-
    Service: WUDFRd
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: J:\
    Description: MS/MS-Pro
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic-
    Service: WUDFRd
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: I:\
    Description: SD/MMC
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic-
    Service: WUDFRd
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

    Name: H:\
    Description: SM/xD-Picture
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic-
    Service: WUDFRd
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
    This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/04/2015 07:44:45 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/03/2015 09:22:01 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/03/2015 00:06:14 AM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
    The manifest file root element must be assembly.

    Error: (04/03/2015 00:06:09 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/02/2015 09:43:59 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
    The manifest file root element must be assembly.

    Error: (04/02/2015 09:43:32 PM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
    Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
    Please use sxstrace.exe for detailed diagnosis.

    Error: (04/02/2015 09:19:53 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1012019336-4294157242-4255772918-1000.db for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Host Process for Windows Services because of this error.

    Program: Host Process for Windows Services
    File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1012019336-4294157242-4255772918-1000.db

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C0000185
    Disk type: 3

    Error: (04/02/2015 09:19:53 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
    Exception code: 0xc0000006
    Fault offset: 0x000000000001d7f5
    Faulting process id: 0x1e20
    Faulting application start time: 0xsvchost.exe_SysMain0
    Faulting application path: svchost.exe_SysMain1
    Faulting module path: svchost.exe_SysMain2
    Report Id: svchost.exe_SysMain3

    Error: (04/02/2015 09:10:40 PM) (Source: Application Error) (EventID: 1005) (User: )
    Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1012019336-4294157242-4255772918-1000.db for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Host Process for Windows Services because of this error.

    Program: Host Process for Windows Services
    File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1012019336-4294157242-4255772918-1000.db

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C0000185
    Disk type: 3

    Error: (04/02/2015 09:10:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
    Exception code: 0xc0000006
    Fault offset: 0x000000000001d7f5
    Faulting process id: 0xcd0
    Faulting application start time: 0xsvchost.exe_SysMain0
    Faulting application path: svchost.exe_SysMain1
    Faulting module path: svchost.exe_SysMain2
    Report Id: svchost.exe_SysMain3


    System errors:
    =============
    Error: (04/04/2015 07:42:38 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 8:40:50 PM on &#8206;4/&#8206;3/&#8206;2015 was unexpected.

    Error: (04/03/2015 05:09:34 PM) (Source: DCOM) (EventID: 10016) (User: Deb-NewPC)
    Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Deb-NewPCDebS-1-5-21-1012019336-4294157242-4255772918-1000LocalHost (Using LRPC)

    Error: (04/03/2015 05:09:34 PM) (Source: DCOM) (EventID: 10016) (User: Deb-NewPC)
    Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Deb-NewPCDebS-1-5-21-1012019336-4294157242-4255772918-1000LocalHost (Using LRPC)

    Error: (04/03/2015 05:09:34 PM) (Source: DCOM) (EventID: 10016) (User: Deb-NewPC)
    Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Deb-NewPCDebS-1-5-21-1012019336-4294157242-4255772918-1000LocalHost (Using LRPC)

    Error: (04/03/2015 05:05:57 PM) (Source: DCOM) (EventID: 10016) (User: Deb-NewPC)
    Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Deb-NewPCDebS-1-5-21-1012019336-4294157242-4255772918-1000LocalHost (Using LRPC)

    Error: (04/03/2015 05:04:38 PM) (Source: DCOM) (EventID: 10016) (User: Deb-NewPC)
    Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}Deb-NewPCDebS-1-5-21-1012019336-4294157242-4255772918-1000LocalHost (Using LRPC)

    Error: (04/03/2015 05:04:38 PM) (Source: DCOM) (EventID: 10016) (User: Deb-NewPC)
    Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}Deb-NewPCDebS-1-5-21-1012019336-4294157242-4255772918-1000LocalHost (Using LRPC)

    Error: (04/03/2015 05:04:38 PM) (Source: DCOM) (EventID: 10016) (User: Deb-NewPC)
    Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Deb-NewPCDebS-1-5-21-1012019336-4294157242-4255772918-1000LocalHost (Using LRPC)

    Error: (04/02/2015 09:19:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Portable Device Enumerator Service service terminated unexpectedly. It has done this 3 time(s).

    Error: (04/02/2015 09:19:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (10/30/2013 06:38:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 189629 seconds with 180 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
    Percentage of memory in use: 34%
    Total physical RAM: 12279.09 MB
    Available physical RAM: 8003.31 MB
    Total Pagefile: 24556.38 MB
    Available Pagefile: 20016.13 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: (HP) (Fixed) (Total:920.21 GB) (Free:653.64 GB) NTFS
    Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.2 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (HP2) (Fixed) (Total:931.51 GB) (Free:931.35 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=920.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 931.5 GB) (Disk ID: EF27006C)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    Thanks so much,

    Deb
     
  5. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    EeeDeeRN,
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    7-zip v9.20
    Catalina Savings Printer
    Coupon Printer for Windows
    Hardware Diagnostic Tools
    Java 7 Update 71
    Smilebox
    The weDownload Manager
    Unity Web Player
    Update for Image Editor

    Take extra care in answering questions posed by any Uninstaller.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine

    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  6. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    Askey,

    I was unable to remove weDownload Manager and seems to still exist in the program list. I ran the Fix on the Farber and below are the results

    Thanks again for your time

    Deb

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by Deb at 2015-04-05 16:48:14 Run:1
    Running from C:\Users\Deb\Desktop
    Loaded Profiles: Deb (Available profiles: Deb & Deb-Admin & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a...=877867768&ir=
    SearchScopes: HKLM -> {AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> {AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> DefaultScope {F985F611-5C95-4CFE-8519-84B74EF2E464} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C 0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1Czut CyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyByDyCtAyD0FzyzytG0BtBtBtDtGyDyBtA0AtG tAtA0ByCtGtB0B0DtBzy0CzztD0ByB0AyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0B0CtC0Ezz0 EtGyB0F0DyEtG0ByBzz0DtGtDtCzzyCtGtD0Fzyzz0EtD0AyD0AyD0F0A2Q&cr=877867768&ir =
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> {45CB5A5D-389E-4392-AC11-0A354FC0ADAE} URL =
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&local e=en_US&gct=kwd&qsrc=2869
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> {AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA} URL =
    SearchScopes: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> {F985F611-5C95-4CFE-8519-84B74EF2E464} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C 0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1Czut CyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyByDyCtAyD0FzyzytG0BtBtBtDtGyDyBtA0AtG tAtA0ByCtGtB0B0DtBzy0CzztD0ByB0AyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0B0CtC0Ezz0 EtGyB0F0DyEtG0ByBzz0DtGtDtCzzyCtGtD0Fzyzz0EtD0AyD0AyD0F0A2Q&cr=877867768&ir =
    BHO-x32: No Name -> {11111111-1111-1111-1111-110411901174} -> No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    Toolbar: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Toolbar: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    Toolbar: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 -> No Name - {81E93B9C-1052-4697-AAFE-B40CD69C1D22} - No File
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-06-18] (globalUpdate)
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-06-18] (globalUpdate)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2009-11-19] (Coupons, Inc.)
    CHR Extension: (The weDownload Manager) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2014-06-22]
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-18] (globalUpdate) [File not signed]
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-18] (globalUpdate) [File not signed]
    2015-04-04 19:43 - 2014-06-18 16:09 - 00000924 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-04-03 04:14 - 2014-06-18 16:09 - 00000928 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    2015-03-31 10:27 - 2010-04-02 17:07 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
    2015-03-27 23:27 - 2014-06-18 16:09 - 00000000 ____D () C:\Program Files (x86)\The weDownload Manager
    Task: {3447B612-AE3B-4AAD-86FF-5791FE9EDC8B} - System32\Tasks\{009867AA-FC65-4F9A-BBBA-7AFE3D060938} => pcalua.exe -a "C:\Program Files (x86)\The weDownload Manager\Uninstall.exe" -c /fcp=1
    Task: {A7049028-992B-4A08-A4DF-EC2E84B86516} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-18] (globalUpdate) <==== ATTENTION
    Task: {B930D782-0681-4561-A7BB-2C499F74FFAF} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-18] (globalUpdate) <==== ATTENTION
    Task: {CFE56B67-48B0-46C1-9C3A-3215B5075A55} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
    Task: {D319DAD8-0E98-4C24-BBEB-31E14251FA18} - System32\Tasks\09d2f095-b00b-4e2a-8f47-83a824a7126a-4 => C:\Program Files (x86)\The weDownload Manager\09d2f095-b00b-4e2a-8f47-83a824a7126a-4.exe <==== ATTENTION
    Task: C:\Windows\Tasks\09d2f095-b00b-4e2a-8f47-83a824a7126a-4.job => C:\Program Files (x86)\The weDownload Manager\09d2f095-b00b-4e2a-8f47-83a824a7126a-4.exe$/dVWxce /oayPhBa='The weDownload Manager' /earWh C:\Program Files (x86)\The weDownload Manager\49074.xpi' /QIQpTY=49074 /CkyBK='000898' /cyoXJiU='verticals-intext,ads,pops*bundledwith-browse_burst_s=intext,ads,pops' /Ogojh='0' /OaoPYpuup=1D2152D24A0642F5B42AD4213EFECFCCIE /iUjPaxy=fcbee4d290c3142fed1678baa2b9e5ba /uHJTze=1_34_06_10 /AuhTn=1.34.6.10 /aaEoboXHy=1403122159 /jcARvmGzo=http:/stats.datagenserv.com /zlGjU=http:/errors.datagenserv.com /yqZKZce=300 /[email protected]62b-e25e264651bb.com /zpbdcmm=0.94 /szncnD=ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom 49074 /JlfJe=https:/w9u6a2p6.ssl.hwcdn.net/plugin/ff/update/49074.rdf /AinJd='The weDownload Manager' /LGebIYUF='Enhance your search results with direct download links and information for apps and games.' /rrijOUJ='weDownload' /aXbfkrX=ff /AuRfBhQOT='{asw:[0, 67109253, 0]}' /YVViAlXHe /lImKKppT /yZvuhnKwj /eAqANEI='http:/update.datagenserv.com/ff_agent_updates/{CAMP_ID}/update.jso <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml
    EmptyTemp:
    Cmd: ipconfig /flushdns

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PC-Doctor for Windows localizer => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA}" => Key deleted successfully.
    HKCR\CLSID\{AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA} => Key not found.
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{45CB5A5D-389E-4392-AC11-0A354FC0ADAE}" => Key deleted successfully.
    HKCR\CLSID\{45CB5A5D-389E-4392-AC11-0A354FC0ADAE} => Key not found.
    "HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
    HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
    "HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA}" => Key deleted successfully.
    HKCR\CLSID\{AFD29DE4-AFE9-4E29-8EBE-986DB5BFE7FA} => Key not found.
    "HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F985F611-5C95-4CFE-8519-84B74EF2E464}" => Key deleted successfully.
    HKCR\CLSID\{F985F611-5C95-4CFE-8519-84B74EF2E464} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411901174} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
    HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
    HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
    HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{81E93B9C-1052-4697-AAFE-B40CD69C1D22} => value deleted successfully.
    HKCR\CLSID\{81E93B9C-1052-4697-AAFE-B40CD69C1D22} => Key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Key deleted successfully.
    C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll => Moved successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Key deleted successfully.
    C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll not found.
    "C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll" => not found.
    "C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll" => not found.
    C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc => Moved successfully.
    globalUpdate => Service deleted successfully.
    globalUpdatem => Service deleted successfully.
    C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
    C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
    "C:\Windows\Tasks\PCDRScheduledMaintenance.job" => File/Directory not found.
    C:\Program Files (x86)\The weDownload Manager => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3447B612-AE3B-4AAD-86FF-5791FE9EDC8B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3447B612-AE3B-4AAD-86FF-5791FE9EDC8B}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{009867AA-FC65-4F9A-BBBA-7AFE3D060938} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{009867AA-FC65-4F9A-BBBA-7AFE3D060938}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7049028-992B-4A08-A4DF-EC2E84B86516}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7049028-992B-4A08-A4DF-EC2E84B86516}" => Key deleted successfully.
    C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B930D782-0681-4561-A7BB-2C499F74FFAF}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B930D782-0681-4561-A7BB-2C499F74FFAF}" => Key deleted successfully.
    C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFE56B67-48B0-46C1-9C3A-3215B5075A55} => Key not found.
    C:\Windows\System32\Tasks\PCDRScheduledMaintenance not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDRScheduledMaintenance => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D319DAD8-0E98-4C24-BBEB-31E14251FA18}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D319DAD8-0E98-4C24-BBEB-31E14251FA18}" => Key deleted successfully.
    C:\Windows\System32\Tasks\09d2f095-b00b-4e2a-8f47-83a824a7126a-4 => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\09d2f095-b00b-4e2a-8f47-83a824a7126a-4" => Key deleted successfully.
    C:\Windows\Tasks\09d2f095-b00b-4e2a-8f47-83a824a7126a-4.job => Moved successfully.
    C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
    C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found.
    C:\Windows\Tasks\PCDRScheduledMaintenance.job not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 3.9 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 16:52:12 ====
     
  7. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    EeeDeeRN,
    That worked fine.
    Three tasks for you to do this time.
    Just take one at a time.
    ---------------------------------------------
    Please download SystemLook from the link below and save it to your Desktop.
    Download Mirror #1 (64-bit)
    • Double-click SystemLook_x64.exe to run it. OK the User Account Control.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *wedownload*
      *suprize*
      :folderfind
      *wedownload*
      *suprize*
      :regfind
      wedownload
      suprize
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt
    -------------------------------------------------------------
    AdwCleaner Download and Run

    Download AdwCleaner and save it to your desktop or somewhere you can find it.
    Take care NOT to click on any ad, like from PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
    It may take several minutes to complete.
    When it is done, click on the Clean button, accept any prompts that appear and allow the system to Reboot.
    You will then be presented with the report. Copy & Paste it into a reply here.

    [​IMG]
    If you lose track of the log, it is saved in this folder C:\AdwCleaner\
    The filename will be adwcleaner[xx].txt where [xx] will be S1, or S2, etc. whichever filename is newest.
    -----------------------------------------------------------
    Run a New Scan With the Farbar Scan Tool
    • Double click FRST64.exe on your desktop to launch it.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, a new version of the log FRST.txt will be saved on your Desktop and opened in Notepad.
    • Please post the contents in your next reply.

    So we are looking for the contents of SystemLook.txt, the log from AdwCleaner, and the new version of FRST.txt
    Separate replies are fine
    askey127
     
  8. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    Results 1 of 3 as per requested...and thanks!

    Here is the system look

    SystemLook 04.09.10 by jpshortstuff
    Log created at 08:55 on 06/04/2015 by Deb
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*wedownload*"
    C:\FRST\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager.ico --a---- 9662 bytes [07:04 17/06/2014] [07:04 17/06/2014] E37803A08A03EB25F6434CAB8AA7C617

    Searching for "*suprize*"
    C:\Windows\Prefetch\SUPRIZE_NOTIFICATION_SERVICE.-27E5712B.pf --a---- 119114 bytes [12:20 02/04/2015] [12:53 02/04/2015] CED1BF7206723CF049762D8566FB8FC2

    ========== folderfind ==========

    Searching for "*wedownload*"
    C:\FRST\Quarantine\C\Program Files (x86)\The weDownload Manager d------ [20:09 18/06/2014]

    Searching for "*suprize*"
    C:\Program Files (x86)\suprize d------ [20:31 01/04/2015]

    ========== regfind ==========

    Searching for "wedownload"
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\21501]
    "49074"="The weDownload Manager"
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\weDownload]
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\weDownload]
    "49074"="The weDownload Manager"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
    "AppName"="The weDownload Manager-codedownloader.exe"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
    "AppPath"="C:\Program Files (x86)\The weDownload Manager"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
    "AppName"="The weDownload Manager-bg.exe"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
    "AppPath"="C:\Program Files (x86)\The weDownload Manager"
    [HKEY_CURRENT_USER\Software\WeDlMngr\A\89]
    "OfferName"="The weDownload Manager (First Step) (Bing)"
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\21501]
    "49074"="The weDownload Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
    "AppName"="The weDownload Manager-codedownloader.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
    "AppPath"="C:\Program Files (x86)\The weDownload Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
    "AppName"="The weDownload Manager-bg.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
    "AppPath"="C:\Program Files (x86)\The weDownload Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
    "C:\Program Files (x86)\The weDownload Manager\Uninstall.exe"="VISTARTM"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate\Update\Clients\{489ac49f-1cce-4618-bc42-fc5428b8f6dc}]
    "name"="weDownload"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\21501]
    "49074"="The weDownload Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
    "AppName"="The weDownload Manager-codedownloader.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
    "AppPath"="C:\Program Files (x86)\The weDownload Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
    "AppName"="The weDownload Manager-bg.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
    "AppPath"="C:\Program Files (x86)\The weDownload Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager]
    "DisplayName"="The weDownload Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager]
    "DisplayIcon"="C:\Program Files (x86)\The weDownload Manager\utils.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager]
    "Publisher"="weDownload"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager]
    "UninstallString"="C:\Program Files (x86)\The weDownload Manager\Uninstall.exe /fcp=1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\The weDownload Manager]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\The weDownload Manager\Code]
    "AppJavaScript"="

    var list = [], triggers = [], mirrorsView, userSearchTerm;

    function checkSearch(searchTerm) {
    for(var i in triggers) {
    if(searchTerm.indexOf(list) != -1) {
    return true;
    }
    }
    return false;
    }

    function distance(s1, s2) {
    if (s1 == s2) {
    return 0;
    }

    var s1_len = s1.length;
    var s2_len = s2.length;
    if (s1_len === 0) {
    return s2_len;
    }
    if (s2_len === 0) {
    return s1_len;
    }

    // BEGIN STATIC
    var split = false;
    try {
    split = !('0')[0];
    } catch (e) {
    split = true; // Earlier IE may not support access by string index
    }
    // END STATIC
    if (split) {
    s1 = s1.split('');
    s2 = s2.split('');
    }

    var v0 = new Array(s1_len + 1);
    var v1 = new Array(s1_len + 1);

    var s1_idx = 0,
    s2_idx = 0,
    cost = 0;
    for (s1_idx = 0; s1_idx < s1_len + 1; s1_idx++) {
    v0[s1_idx] = s1_idx;
    }
    var char_s1 = '',
    char_s2
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\The weDownload Manager\Code]
    "BgJavaScript"="var triggers = {};

    appAPI.ready(function($) {
    appAPI.request.get({
    url: 'https://www.wedownload.info/kw.json',
    onSuccess: function(response, additionalInfo) {
    triggers = appAPI.JSON.parse(response);

    // save triggers to DB
    /*appAPI.db.async.set(
    "kwd",
    kwd,
    appAPI.time.daysFromNow(7));*/
    },
    onFailure: function(httpCode) {
    console.log('Failed to retrieve content. (HTTP Code:' + httpCode + ')');
    }
    });

    // send triggers to tab
    var lid = appAPI.message.addListener(function(msg) {
    appAPI.message.toAllTabs(triggers);
    });
    });
    "
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\The weDownload Manager\Manifest]
    "Name"="The weDownload Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\The weDownload Manager\Manifest]
    "PublisherName"="weDownload"
    [HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager]
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\InstalledBrowserExtensions\21501]
    "49074"="The weDownload Manager"
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\InstalledBrowserExtensions\weDownload]
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\InstalledBrowserExtensions\weDownload]
    "49074"="The weDownload Manager"
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
    "AppName"="The weDownload Manager-codedownloader.exe"
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
    "AppPath"="C:\Program Files (x86)\The weDownload Manager"
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
    "AppName"="The weDownload Manager-bg.exe"
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
    "AppPath"="C:\Program Files (x86)\The weDownload Manager"
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\WeDlMngr\A\89]
    "OfferName"="The weDownload Manager (First Step) (Bing)"
    [HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager]

    Searching for "suprize"
    [HKEY_CURRENT_USER\Software\suprize]
    [HKEY_CURRENT_USER\Software\suprize\notifications\6]
    "commandline"="/url='http://cdn.selectbestopt.com/notf_sys/org_notification/index.html?rnd=1427979193535' /crregname='suprize' /appid='73143' /srcid='2913' /bic='4640a71fd91d542d31045b9acd7eed2f' /verifier='bbb277b2304f00b4e01218be242e43fd' /installerversion='1.50.3.10' /statsdomain='http://stats.buildomserv.com/data.gif?' /monetizationdomain='http://logs.buildomserv.com/monetization.gif?' /errorsdomain='http://stats.buildomserv.com/data.gif?' /installationtime='1427979194' /postponedhours='6' /notifid='6' /notifname='notf_plan_us' /reason='time_interval' /runfrom='task' /brwtype='notbrw'"
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\suprize]
    [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\suprize\notifications\6]
    "commandline"="/url='http://cdn.selectbestopt.com/notf_sys/org_notification/index.html?rnd=1427979193535' /crregname='suprize' /appid='73143' /srcid='2913' /bic='4640a71fd91d542d31045b9acd7eed2f' /verifier='bbb277b2304f00b4e01218be242e43fd' /installerversion='1.50.3.10' /statsdomain='http://stats.buildomserv.com/data.gif?' /monetizationdomain='http://logs.buildomserv.com/monetization.gif?' /errorsdomain='http://stats.buildomserv.com/data.gif?' /installationtime='1427979194' /postponedhours='6' /notifid='6' /notifname='notf_plan_us' /reason='time_interval' /runfrom='task' /brwtype='notbrw'"

    -= EOF =-
     
  9. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    2 of 3 Posts as per requested

    # AdwCleaner v4.200 - Logfile created 06/04/2015 at 09:30:52
    # Updated 29/03/2015 by Xplode
    # Database : 2015-03-29.1 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Deb - DEB-NEWPC
    # Running from : C:\Users\Deb\Desktop\adwcleaner_4.200.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\5edd1a1200004778
    Folder Deleted : C:\Program Files (x86)\comcasttb
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Program Files (x86)\Mega Browse
    Folder Deleted : C:\Program Files (x86)\Coupons
    Folder Deleted : C:\Users\Deb\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Deb\AppData\Local\Conduit
    Folder Deleted : C:\Users\Deb\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\Deb\AppData\LocalLow\comcasttb
    Folder Deleted : C:\Users\Deb\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Deb\AppData\Roaming\DigitalSites
    Folder Deleted : C:\Users\Deb\Documents\Optimizer Pro
    Folder Deleted : C:\Users\Deb\Documents\ShopToWin
    Folder Deleted : C:\Users\Deb-Admin\AppData\LocalLow\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\igcjdamjhkmdccbmbilbpabpofenchge
    Folder Deleted : C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867\searchplugins\Binkiland.xml

    ***** [ Scheduled tasks ] *****

    Task Deleted : IHUninstallTrackingTASK

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E5A46-C344-4D13-99DB-BDCE7466B8A2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{82024F98-F9FB-47F4-860F-887E41883C9D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C9E2A578-FDDF-4214-8DB0-0F33E3421553}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E70EAE41-BB5A-440E-BF6E-BE2A280FD49C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5BC4D4DF-CE7A-4582-835E-56860B14462E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AE88B8C3-41A9-4BB6-B12D-BDA9219E58FB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\mysearchdial.com
    Key Deleted : HKCU\Software\WEDLMNGR
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Freeze.com
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\The weDownload Manager
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17689


    -\\ Mozilla Firefox v37.0 (x86 en-US)


    -\\ Google Chrome v

    [C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
    [C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : igcjdamjhkmdccbmbilbpabpofenchge
    [C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
    [C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://binkiland.com/?f=1&a=bnk_frg01_15_09&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0StCtCyDtAtN1L2XzutAtFzztFtAtFtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0DtB0DyBtB0C0FtG0C0FtB0CtGtByC0EzytGtCyB0DyBtGyCyD0F0CyB0AtC0D0D0B0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0BzzyE0A0CyCtG0C0A0DtCtGyEzy0BzytGzyyB0FtAtG0ByCyByBtDyC0E0AtCtAzytA2Q&cr=597617453&ir=
    [C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://binkiland.com/?f=7&a=bnk_frg01_15_09&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0StCtCyDtAtN1L2XzutAtFzztFtAtFtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StB0DtB0DyBtB0C0FtG0C0FtB0CtGtByC0EzytGtCyB0DyBtGyCyD0F0CyB0AtC0D0D0B0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0A0BzzyE0A0CyCtG0C0A0DtCtGyEzy0BzytGzyyB0FtAtG0ByCyByBtDyC0E0AtCtAzytA2Q&cr=597617453&ir=
    [C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

    *************************

    AdwCleaner[R0].txt - [34923 bytes] - [06/04/2015 09:22:30]
    AdwCleaner[R1].txt - [34983 bytes] - [06/04/2015 09:30:18]
    AdwCleaner[S0].txt - [11236 bytes] - [06/04/2015 09:30:52]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11296 bytes] ##########
     
  10. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    3rd post of 3 pre request:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
    Ran by Deb (administrator) on DEB-NEWPC on 06-04-2015 10:00:52
    Running from C:\Users\Deb\Desktop
    Loaded Profiles: Deb (Available profiles: Deb & Deb-Admin & DefaultAppPool)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Elo Touchsystems ) C:\Windows\SysWOW64\EloSrvce.exe
    (Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    () C:\Program Files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Microsoft) C:\Users\Deb\AppData\Local\Apps\2.0\YTJXGKAB.7YB\RY5GQVRH.T0E\yamm..tion_c3bce3770c238a49_0001.0000_8f8f769bd7f5f38b\Yammer.Notifier.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2331\g2mstart.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    (NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2331\g2mcomm.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2331\g2mlauncher.exe
    (Dropbox, Inc.) C:\Users\Deb\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\groove.exe
    (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    (salesforce.com) C:\Users\Deb\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
    HKLM\...\Run: [HP Input Device Main Program] => C:\Program Files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exe [530432 2008-10-17] ()
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
    HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-03-10] (AMD)
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [Yammer Notifier] => C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation\Yammer\Yammer Notifier.appref-ms silent
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [Google Update] => C:\Users\Deb\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-06] (Google Inc.)
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Run: [GoToMeeting] => C:\Users\Deb\AppData\Local\Citrix\GoToMeeting\2331\g2mstart.exe [44400 2015-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-18\...\Run: [20090604] => C:\Program Files (x86)\The Print Shop 2.0 Professional\RegApp\encore_reg.exe [102522 2009-08-19] (DataLode, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
    ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk
    ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Deb\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
    ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk
    ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
    Startup: C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Salesforce for Outlook.lnk
    ShortcutTarget: Salesforce for Outlook.lnk -> C:\Users\Deb\AppData\Roaming\salesforce.com\Salesforce for Outlook\SfdcMsOl.exe (salesforce.com)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
    HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://cp.appriver.com/services/exg2007/default.aspx
    URLSearchHook: HKU\S-1-5-21-1012019336-4294157242-4255772918-1000 - (No Name) - {81e93b9c-1052-4697-aafe-b40cd69c1d22} - No File
    SearchScopes: HKLM -> {45CB5A5D-389E-4392-AC11-0A354FC0ADAE} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {45CB5A5D-389E-4392-AC11-0A354FC0ADAE} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-11] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
    BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-11] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
    Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll [2009-07-16] (Microsoft Corp.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
    DPF: HKLM-x32 {1663ED61-23EB-11D2-B92F-008048FDD814} https://www.emscharts.com/cab/ScriptX.cab
    DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: HKLM-x32 {8D21CA5F-0C80-11D4-B888-005004D36D41} https://www.emscharts.com/cab/iDT.CAB
    DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} https://carelink.minimed.com/plugin/jinstall-6u16-windows-i586.cab
    DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
    DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://netscreen.upmc.com/dana-cached/sc/JuniperSetupClient.cab
    DPF: HKLM-x32 {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} http://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live Demo/nvUnifiedControl.ocx
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-20] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-16] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-16] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @movenetworks.com/Quantum Media Player -> C:\Users\Deb\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-09-30] (Move Networks)
    FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Deb\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [2012-07-30] ()
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Deb\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-15] (Citrix Online)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Deb\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll [2010-09-30] (Move Networks)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Deb\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1012019336-4294157242-4255772918-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Deb\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2014-04-17] (Zoom Video Communications, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-10-19] (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-12] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\cgpcfg.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\CgpCore.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\confmgr.dll [2009-08-14] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\ctxlogging.dll [2009-08-14] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\ctxmui.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\icafile.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\icalogon.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\msvcm80.dll [2007-03-16] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\msvcp80.dll [2007-03-16] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\msvcr80.dll [2007-03-16] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\npicaN.dll [2009-08-14] ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\sslsdk_b.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Deb\AppData\Roaming\mozilla\plugins\TcpPServ.dll [2009-08-14] (Citrix Systems, Inc.)
    FF Extension: suprize - C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867\Extensions\[email protected] [2015-04-01]
    FF Extension: tinyjsdebuggerenigmailnet - C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867\Extensions\[email protected] [2015-04-01]
    FF Extension: Pin It Button - C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\hljg8ob1.default-1422649767867\Extensions\[email protected] [2015-02-16]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-23]
    FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-03-23]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
    FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-06]
    FF HKU\S-1-5-21-1012019336-4294157242-4255772918-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Deb\AppData\Roaming\Move Networks
    FF Extension: Move Media Player - C:\Users\Deb\AppData\Roaming\Move Networks [2010-09-30]

    Chrome:
    =======
    CHR HomePage: Default ->
    CHR StartupUrls: Default -> "hxxp://www.emscharts.com/pub/", "hxxp://www.livestrong.com/myplate/#food/crunchmaster/multi-seed-crackers-original/", "hxxp://www.aol.com/", "https://login.salesforce.com/?ec=302&startURL=%2Fhome%2Fhome.jsp", "https://emscharts.ilinc.com/perl/ilinc/lms/event.pl", "hxxp://start.mysearchdial.com/?f=1&a=dsites_14_13_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0AyBtAyDtA0DyBtB0FyDtN0D0Tzu0SzztCzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyByDyCtAyD0FzyzytG0BtBtBtDtGyDyBtA0AtGtAtA0ByCtGtB0B0DtBzy0CzztD0ByB0AyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0C0B0CtC0Ezz0EtGyB0F0DyEtG0ByBzz0DtGtDtCzzyCtGtD0Fzyzz0EtD0AyD0AyD0F0A2Q&cr=877867768&ir=", "hxxp://www.trovi.com/?gd=&ctid=CT3314759&octid=EB_ORIGINAL_CTID&ISID=M7234E580-1EC3-4AC1-87A9-C9DF14AD30F5&SearchSource=55&CUI=&UM=5&UP=SPC15D6791-8956-424F-9D59-6A506EC089F0&SSPV="
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2014-08-01]
    CHR Extension: (Add to Amazon Wish List) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-09-13]
    CHR Extension: (Color Changer for Facebook) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheljpcbhldkdiabdemaflamgfnbpnkd [2013-06-07]
    CHR Extension: (Pin It Button) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-05-03]
    CHR Extension: (hnldbiikfjheppkbnjbnkgimnfejifpf) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf [2015-04-01]
    CHR Extension: (iPiccy Photo Editor) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2014-05-03]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-03]
    CHR Extension: (Facebook Album & Photo Manager) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2014-05-03]
    CHR Extension: (Google Wallet) - C:\Users\Deb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
    CHR HKLM\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - No Path Or update_url value
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-02]
    CHR HKLM-x32\...\Chrome\Extension: [eblihieomkjeiobglmnbmidkajdcfkpa] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-02]
    StartMenuInternet: Google Chrome.JIY73426TWYQYIWA6USF3FPIA4 - C:\Users\Deb\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-03-25] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-03-25] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
    R2 EloSystemService; C:\Windows\SysWOW64\EloSrvce.exe [45056 2009-01-19] (Elo Touchsystems ) [File not signed]
    S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]
    R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2010-02-04] ( ) [File not signed]
    R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
    R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
    R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-04-30] (Ralink Technology, Corp.)
    R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-04-30] (Ralink Technology, Corp.)
    S3 scan; C:\Program Files\Immunet Protect\tetra\scan.dll [409088 2010-11-29] (Immunet) [File not signed]
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
    R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-03-21] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-04-01] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-04-01] (Symantec Corporation)
    R3 HidUsb; C:\Windows\SysWOW64\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed]
    S3 HpStkm01; C:\Windows\System32\DRIVERS\HpStkm01.SYS [14336 2008-08-29] (Primax Electronics Ltd.)
    R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150403.001\IDSvia64.sys [671448 2015-04-01] (Symantec Corporation)
    R3 mouclass; C:\Windows\SysWOW64\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
    R3 mouhid; C:\Windows\SysWOW64\DRIVERS\mouhid.sys [12160 2008-04-14] (Microsoft Corporation) [File not signed]
    R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150405.021\ENG64.SYS [129752 2015-04-01] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150405.021\EX64.SYS [2137304 2015-04-01] (Symantec Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-04-02] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
    R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254464 2011-06-01] (Jungo)
    S3 getbus; \??\C:\Users\Deb\AppData\Local\Temp\getbus.sys [X]
    S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-06 09:22 - 2015-04-06 09:30 - 00000000 ____D () C:\AdwCleaner
    2015-04-06 09:19 - 2015-04-06 09:19 - 02208768 _____ () C:\Users\Deb\Desktop\adwcleaner_4.200.exe
    2015-04-06 08:55 - 2015-04-06 08:58 - 00019794 _____ () C:\Users\Deb\Desktop\SystemLook.txt
    2015-04-06 08:53 - 2015-04-06 08:53 - 00096256 _____ () C:\Users\Deb\Desktop\SystemLook_x64.exe
    2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-04 19:49 - 2015-04-04 19:50 - 00072414 _____ () C:\Users\Deb\Desktop\Addition.txt
    2015-04-04 19:47 - 2015-04-06 10:00 - 00039958 _____ () C:\Users\Deb\Desktop\FRST.txt
    2015-04-04 19:47 - 2015-04-06 10:00 - 00000000 ____D () C:\FRST
    2015-04-04 19:46 - 2015-04-04 19:46 - 02095616 _____ (Farbar) C:\Users\Deb\Desktop\FRST64.exe
    2015-04-03 17:07 - 2015-04-03 17:07 - 00000000 ____D () C:\Users\Deb\AppData\Local\{C9011DE7-7CB8-4304-8000-D3865F97C22F}
    2015-04-02 16:07 - 2015-04-02 16:07 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-04-02 16:07 - 2015-04-02 16:07 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-04-02 16:07 - 2015-04-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-04-02 15:15 - 2015-04-02 15:15 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
    2015-04-02 08:35 - 2015-04-02 15:10 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
    2015-04-02 08:35 - 2015-04-02 08:35 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    2015-04-02 08:35 - 2015-04-02 08:35 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
    2015-04-02 08:35 - 2015-04-02 08:35 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2015-04-02 08:34 - 2015-04-02 15:10 - 00002281 _____ () C:\Users\Public\Desktop\Norton 360.lnk
    2015-04-02 08:34 - 2015-04-02 15:10 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
    2015-04-02 08:33 - 2015-04-02 15:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    2015-04-02 08:33 - 2015-04-02 08:34 - 00000000 ____D () C:\Program Files (x86)\Norton 360
    2015-04-02 08:20 - 2015-04-02 09:01 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-04-01 16:31 - 2015-04-02 09:11 - 00000000 ____D () C:\Program Files (x86)\suprize
    2015-03-31 14:26 - 2015-04-06 09:27 - 00000550 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1012019336-4294157242-4255772918-1000.job
    2015-03-31 14:26 - 2015-04-01 15:40 - 00003574 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1012019336-4294157242-4255772918-1000
    2015-03-31 14:26 - 2015-04-01 15:40 - 00002260 _____ () C:\Users\Deb\Desktop\GoToWebinar.lnk
    2015-03-31 14:26 - 2015-04-01 15:40 - 00001412 _____ () C:\Users\Deb\Desktop\GoToMeeting.lnk
    2015-03-31 14:26 - 2015-03-31 14:26 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
    2015-03-31 04:14 - 2015-03-31 04:14 - 00005655 _____ () C:\Users\Deb\AppData\Roaming\jOB6gafuc
    2015-03-31 04:14 - 2015-03-31 04:14 - 00004387 _____ () C:\Users\Deb\AppData\Roaming\dRGOIE2mLJ5D3Rv3Yi6LYhNL
    2015-03-26 10:28 - 2015-03-26 10:28 - 06208736 _____ (Tim Kosse) C:\Users\Deb\Downloads\FileZilla_3.10.2_win32-setup.exe
    2015-03-26 10:07 - 2015-03-26 10:08 - 00000000 ___RD () C:\Users\Deb\Desktop\EMS Guidelines
    2015-03-26 10:03 - 2015-04-02 08:33 - 00001308 _____ () C:\Users\Deb\Desktop\Norton Installation Files.lnk
    2015-03-25 10:19 - 2015-03-25 11:11 - 00000000 ____D () C:\Users\Deb\Downloads\Tx Protocols
    2015-03-25 02:06 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-03-25 02:06 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-03-25 02:06 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-03-25 02:06 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-03-25 02:06 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-03-25 02:06 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-03-25 02:06 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-03-25 02:06 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-03-24 13:45 - 2015-03-24 13:45 - 00000000 ____D () C:\Users\Deb\AppData\Local\{876A2B7B-E4EC-47CC-85D1-C0DE767231CB}
    2015-03-23 21:25 - 2015-04-02 16:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-03-23 09:12 - 2015-03-23 09:13 - 00000000 ____D () C:\Users\Deb\AppData\Local\{FB844EF7-98E9-4047-9493-18088D49B2D2}
    2015-03-19 08:41 - 2015-03-19 08:41 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
    2015-03-19 08:41 - 2015-03-19 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    2015-03-18 15:45 - 2015-03-18 15:45 - 33980416 _____ () C:\Users\Deb\Downloads\ESOSuite(4).msi
    2015-03-18 15:41 - 2015-03-18 15:41 - 33980416 _____ () C:\Users\Deb\Downloads\ESOSuite(3).msi
    2015-03-17 09:35 - 2015-03-18 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESO Suite Pro
    2015-03-17 09:33 - 2015-03-17 09:33 - 00487424 _____ () C:\Users\Deb\Downloads\setup(4).exe
    2015-03-16 16:49 - 2015-03-16 16:49 - 00064267 _____ () C:\Users\Deb\Downloads\esologo.com
    2015-03-12 18:33 - 2015-03-12 18:35 - 00000000 ____D () C:\Users\Deb\AppData\Local\{E3C08AF4-29ED-4CD7-80FA-F4E8CAE1927C}
    2015-03-11 15:07 - 2015-03-11 15:07 - 00000000 ____D () C:\Users\Deb\AppData\OICE_15_974FA576_32C1D314_1536
    2015-03-11 04:07 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-03-11 04:07 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-03-11 04:07 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-03-11 04:07 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-03-11 04:07 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-03-11 04:07 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-03-11 04:07 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-03-11 04:07 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-03-11 04:07 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-03-11 04:07 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-03-11 04:07 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-03-11 04:07 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-03-11 04:07 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-03-11 04:07 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-03-11 04:07 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-03-11 04:07 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-03-11 04:07 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-03-11 04:07 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-03-11 04:07 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-03-11 04:07 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-03-11 04:07 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-03-11 04:07 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-03-11 04:07 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-03-11 04:07 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-03-11 04:07 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-03-11 04:07 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-03-11 04:07 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-03-11 04:07 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-03-11 04:07 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-03-11 04:07 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-03-11 04:07 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-03-11 04:07 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-03-11 04:07 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-03-11 04:07 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-03-11 04:07 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-03-11 04:07 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-03-11 04:07 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-03-11 04:07 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-03-11 04:07 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-03-11 04:07 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-03-11 04:07 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-03-11 04:06 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-03-11 04:06 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-03-11 04:06 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-03-11 04:06 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-03-11 04:06 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-03-11 04:06 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-03-11 04:06 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-03-11 04:06 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-03-11 04:06 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-03-11 04:06 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-03-11 04:06 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-03-11 04:06 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-03-11 04:06 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-03-11 04:06 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-03-11 04:06 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-03-11 04:06 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-03-11 04:06 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-03-11 04:06 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-03-11 04:06 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-03-11 04:06 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-03-11 04:06 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-03-11 04:06 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-03-11 04:06 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-03-11 04:06 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-03-11 04:06 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-03-11 04:06 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-03-11 04:06 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-03-11 04:06 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-03-11 04:06 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-03-11 04:06 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-03-11 04:06 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-03-11 04:06 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-03-11 04:06 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-03-11 04:06 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-03-11 04:06 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-03-11 04:06 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-03-11 04:06 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-03-11 04:06 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-03-11 04:06 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-03-11 04:06 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-03-11 04:06 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-03-11 04:06 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-03-11 04:06 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-03-11 04:06 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-03-11 04:06 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-03-11 04:06 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-03-11 04:06 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-03-11 04:06 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-03-11 04:06 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-03-11 04:06 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-03-11 04:06 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-03-11 04:06 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-03-11 04:06 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-03-11 04:06 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-03-11 04:06 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-03-11 04:06 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-03-11 04:06 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-03-11 04:06 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-03-11 04:06 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-03-11 04:06 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-03-11 04:06 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-03-11 04:06 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-03-11 04:06 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-03-11 04:06 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-03-11 04:06 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-03-11 04:06 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-03-11 04:06 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-03-11 04:06 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-03-11 04:06 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-03-11 04:06 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-03-11 04:06 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-03-11 04:06 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-03-11 04:06 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-03-11 04:06 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-03-11 04:06 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-03-11 04:06 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-03-11 04:06 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-03-11 04:06 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-03-11 04:06 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-03-11 04:06 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
    2015-03-11 04:06 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-03-11 04:06 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-03-11 04:06 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-03-10 08:53 - 2015-03-10 08:53 - 00044611 _____ () C:\Users\Deb\Documents\Copy of report1425579026318.xlsb
    2015-03-09 11:38 - 2015-03-09 11:39 - 00000000 ____D () C:\Users\Deb\AppData\Local\{B9A4D0A0-2AA7-4677-87D3-7798414EC381}
    2015-03-09 11:34 - 2015-03-09 11:34 - 07260204 _____ () C:\Users\Deb\Downloads\March Sabika Sale Trays are almost HERE!!!!.zip
    2015-03-09 08:51 - 2015-03-09 08:51 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2015-03-09 08:51 - 2015-03-09 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-03-09 08:50 - 2015-03-09 08:51 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-03-09 08:50 - 2015-03-09 08:51 - 00000000 ____D () C:\Program Files\iTunes
    2015-03-09 08:50 - 2015-03-09 08:50 - 00000000 ____D () C:\Program Files\iPod
    2015-03-09 08:50 - 2015-03-09 08:50 - 00000000 ____D () C:\Program Files (x86)\iTunes

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-06 09:59 - 2014-05-20 21:18 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Deb-NewPC-Deb Deb-NewPC
    2015-04-06 09:41 - 2009-07-14 00:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-06 09:41 - 2009-07-14 00:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-06 09:36 - 2012-04-11 18:40 - 00000000 ___RD () C:\Users\Deb\Dropbox
    2015-04-06 09:35 - 2012-04-11 16:04 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\Dropbox
    2015-04-06 09:34 - 2014-05-12 16:24 - 00000000 ____D () C:\Users\Deb\AppData\Local\Deployment
    2015-04-06 09:33 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-06 09:33 - 2009-07-14 00:51 - 00449468 _____ () C:\Windows\setupact.log
    2015-04-06 09:31 - 2010-03-25 15:40 - 01478331 _____ () C:\Windows\WindowsUpdate.log
    2015-04-06 09:23 - 2012-09-06 18:37 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012019336-4294157242-4255772918-1000UA.job
    2015-04-06 09:21 - 2012-04-11 08:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-05 19:23 - 2012-09-06 18:37 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1012019336-4294157242-4255772918-1000Core.job
    2015-04-05 16:54 - 2012-12-09 22:33 - 00094720 ___SH () C:\Users\Deb\Desktop\Thumbs.db
    2015-04-05 16:53 - 2010-03-25 15:45 - 02566098 _____ () C:\Windows\PFRO.log
    2015-04-05 16:36 - 2009-07-14 01:13 - 00942140 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-05 16:22 - 2014-02-17 18:20 - 00000000 ____D () C:\Users\Deb\AppData\Local\Unity
    2015-04-05 16:15 - 2011-06-01 11:48 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-04-05 16:13 - 2010-03-25 15:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
    2015-04-05 03:51 - 2014-11-22 06:07 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDeb
    2015-04-05 03:51 - 2014-11-22 06:07 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForDeb.job
    2015-04-04 19:54 - 2010-04-03 16:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-04-02 15:46 - 2010-04-11 21:39 - 00000000 ____D () C:\Users\Deb\AppData\Local\CrashDumps
    2015-04-02 09:15 - 2014-12-20 11:19 - 00000000 ____D () C:\Users\Deb\AppData\Local\NPE
    2015-04-02 09:11 - 2014-04-18 13:10 - 00000000 ____D () C:\ESO Solutions
    2015-04-02 09:09 - 2014-03-31 10:41 - 00000066 _____ () C:\Users\Deb\AppData\Roaming\WB.CFG
    2015-04-02 09:02 - 2014-12-20 11:23 - 00000000 ____D () C:\NPE
    2015-04-02 09:01 - 2010-04-02 16:55 - 00468040 _____ () C:\Users\Deb\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-04-02 09:00 - 2009-07-14 00:45 - 01667968 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-04-02 08:37 - 2010-11-29 07:29 - 00000000 ____D () C:\Users\Deb\Documents\Symantec
    2015-04-02 08:37 - 2010-11-28 20:23 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
    2015-04-02 08:37 - 2010-03-25 16:11 - 00000000 ____D () C:\ProgramData\Norton
    2015-03-31 14:26 - 2010-04-26 22:43 - 00000000 ____D () C:\Users\Deb\AppData\Local\Citrix
    2015-03-30 13:19 - 2012-10-25 10:15 - 10405376 ___SH () C:\Users\Deb\Downloads\Thumbs.db
    2015-03-28 15:12 - 2009-07-13 22:34 - 00000499 _____ () C:\Windows\win.ini
    2015-03-26 12:17 - 2010-09-11 12:31 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\FileZilla
    2015-03-26 10:28 - 2013-08-12 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2015-03-26 10:28 - 2010-09-11 12:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
    2015-03-25 03:15 - 2014-12-27 06:02 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-03-25 03:15 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-03-20 09:42 - 2014-12-27 18:11 - 00000000 ____D () C:\Users\Deb\AppData\Local\Adobe
    2015-03-20 09:42 - 2012-04-11 08:57 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-03-20 09:42 - 2012-04-11 08:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-03-20 09:42 - 2011-06-24 09:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-03-19 19:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-03-16 08:08 - 2014-05-16 12:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-03-12 08:17 - 2012-04-11 18:40 - 00001016 _____ () C:\Users\Deb\Desktop\Dropbox.lnk
    2015-03-12 08:17 - 2012-04-11 16:04 - 00000000 ____D () C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-03-12 08:16 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2015-03-12 04:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2015-03-12 03:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-03-12 03:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-03-12 03:10 - 2010-03-25 15:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-03-12 03:06 - 2013-08-15 03:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-03-12 03:02 - 2010-04-02 19:43 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-03-09 08:52 - 2015-03-06 12:39 - 00000000 ____D () C:\Users\Deb\AppData\OICE_15_974FA576_32C1D314_34AB
    2015-03-09 08:50 - 2010-04-02 21:21 - 00000000 ____D () C:\Program Files\Common Files\Apple

    ==================== Files in the root of some directories =======

    2014-05-27 12:15 - 2014-05-27 12:15 - 0038476 _____ () C:\Users\Deb\AppData\Roaming\Comma Separated Values.ADR
    2015-03-31 04:14 - 2015-03-31 04:14 - 0004387 _____ () C:\Users\Deb\AppData\Roaming\dRGOIE2mLJ5D3Rv3Yi6LYhNL
    2015-03-31 04:14 - 2015-03-31 04:14 - 0005655 _____ () C:\Users\Deb\AppData\Roaming\jOB6gafuc
    2014-03-31 10:41 - 2015-04-02 09:09 - 0000066 _____ () C:\Users\Deb\AppData\Roaming\WB.CFG
    2012-02-22 09:52 - 2012-02-22 10:35 - 0007168 _____ () C:\Users\Deb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-27 13:32 - 2015-02-27 13:32 - 0274045 _____ () C:\Users\Deb\AppData\Local\dsi1.dat
    2015-02-27 13:32 - 2015-02-27 13:32 - 0161916 _____ () C:\Users\Deb\AppData\Local\dsi2.dat
    2010-06-21 19:54 - 2010-06-21 19:54 - 0007605 _____ () C:\Users\Deb\AppData\Local\Resmon.ResmonCfg
    2011-06-23 17:04 - 2011-06-23 17:04 - 0121984 _____ () C:\Users\Deb\AppData\Local\tmp240019_10150629420360324_702365323_18558928_1131539_O.JPG
    2011-06-23 17:03 - 2011-06-23 17:03 - 0127341 _____ () C:\Users\Deb\AppData\Local\tmp241172_10150629419550324_702365323_18558920_7934583_O.JPG
    2011-06-23 10:09 - 2011-06-23 10:09 - 0425895 _____ () C:\Users\Deb\AppData\Local\tmp256881_1861364409041_1088862409_31819096_1285420_O.JPG
    2011-06-23 17:02 - 2011-06-23 17:02 - 0132241 _____ () C:\Users\Deb\AppData\Local\tmp257040_10150629418685324_702365323_18558917_2879572_O.JPG
    2010-06-06 19:09 - 2010-06-06 19:09 - 0071620 _____ () C:\Users\Deb\AppData\Local\tmp32016_394769833229_530448229_4204496_5884319_N.JPG
    2011-05-22 17:51 - 2011-05-22 17:51 - 0084585 _____ () C:\Users\Deb\AppData\Local\tmp40868_159976930686888_100000237466851_424614_2258228_N.JPG
    2011-05-22 17:56 - 2011-05-22 18:00 - 0091743 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.0
    2011-05-22 17:56 - 2011-05-22 18:00 - 0080726 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.1
    2011-05-22 18:00 - 2011-05-22 18:00 - 0080702 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.2
    2011-05-22 18:00 - 2011-05-22 18:00 - 0080681 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.3
    2011-05-22 18:00 - 2011-05-22 18:00 - 0080685 _____ () C:\Users\Deb\AppData\Local\tmp58109_159976244020290_100000237466851_424597_7140393_N.JPG
    2011-10-08 11:41 - 2011-10-08 11:41 - 2780184 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0073.JPG
    2011-10-08 11:40 - 2011-10-08 11:40 - 2892192 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0074.JPG
    2011-10-08 11:38 - 2011-10-08 11:38 - 2785382 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0075.JPG
    2011-10-08 11:37 - 2011-10-08 11:37 - 2815377 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0076.JPG
    2011-10-08 11:36 - 2011-10-08 11:36 - 2824800 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0079.JPG
    2011-10-08 11:32 - 2011-10-08 11:32 - 2769059 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0081.JPG
    2011-10-08 11:33 - 2011-10-08 11:33 - 0155587 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0081_CROP.JPG
    2011-10-08 00:12 - 2011-10-08 00:12 - 2773836 _____ () C:\Users\Deb\AppData\Local\tmpDSCN0086.JPG
    2011-02-05 16:01 - 2011-02-05 16:01 - 0424786 _____ () C:\Users\Deb\AppData\Local\tmpPHOTO.0
    2011-02-05 16:01 - 2011-02-05 16:01 - 0128567 _____ () C:\Users\Deb\AppData\Local\tmpPHOTO.JPG
    2011-05-22 18:11 - 2011-05-22 18:11 - 0009424 _____ () C:\Users\Deb\AppData\Local\tmpREUNIONCROP2010.JPG
    2011-07-22 18:24 - 2011-07-22 18:24 - 0000000 _____ () C:\Users\Deb\AppData\Local\{D77D1757-934D-486D-B4B8-9F2C18ADA175}
    2014-02-16 16:38 - 2014-02-16 16:38 - 0000057 _____ () C:\ProgramData\Ament.ini
    2010-04-26 21:03 - 2013-12-26 12:38 - 0001717 _____ () C:\ProgramData\lxdu.log
    2010-04-26 00:07 - 2013-12-25 19:42 - 0001979 _____ () C:\ProgramData\lxduDiagnostics.log
    2010-07-06 17:58 - 2013-12-22 18:15 - 0087722 _____ () C:\ProgramData\lxduJSW.log
    2012-02-09 16:08 - 2012-02-09 16:08 - 0000119 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    2008-11-05 00:06 - 2008-11-05 00:06 - 0069632 _____ (Juniper Networks) C:\ProgramData\NeoterisSetup.ocx
    2013-01-10 04:27 - 2013-01-10 04:27 - 2534076 _____ () C:\ProgramData\SPL1A91.tmp
    2013-01-13 17:50 - 2013-01-13 17:50 - 0470404 _____ () C:\ProgramData\SPL240F.tmp
    2013-01-05 04:55 - 2013-01-05 04:55 - 2534076 _____ () C:\ProgramData\SPL256A.tmp
    2011-06-15 19:29 - 2011-06-15 19:29 - 0407790 _____ () C:\ProgramData\SPL25E1.tmp
    2013-01-02 19:47 - 2013-01-02 19:47 - 2534076 _____ () C:\ProgramData\SPL3ED3.tmp
    2013-12-11 04:18 - 2013-12-11 04:18 - 0206348 _____ () C:\ProgramData\SPL63CD.tmp
    2013-06-18 18:42 - 2013-06-18 18:42 - 3040302 _____ () C:\ProgramData\SPL6D81.tmp
    2013-09-25 18:42 - 2013-09-25 18:42 - 0239814 _____ () C:\ProgramData\SPL6F0D.tmp
    2010-09-04 10:07 - 2010-09-04 10:07 - 0385751 _____ () C:\ProgramData\SPL7CB8.tmp
    2013-01-10 04:26 - 2013-01-10 04:26 - 2534076 _____ () C:\ProgramData\SPLAEB5.tmp
    2013-12-25 18:31 - 2013-12-25 18:31 - 0451108 _____ () C:\ProgramData\SPLAF2F.tmp
    2011-12-20 16:25 - 2011-12-20 16:25 - 1136052 _____ () C:\ProgramData\SPLCC2.tmp
    2013-01-02 10:47 - 2013-01-02 10:47 - 2534076 _____ () C:\ProgramData\SPLD450.tmp
    2011-12-20 16:25 - 2011-12-20 16:25 - 1136052 _____ () C:\ProgramData\SPLF700.tmp
    2013-01-02 19:48 - 2013-01-02 19:48 - 2534076 _____ () C:\ProgramData\SPLF7E5.tmp
    2013-01-02 10:48 - 2013-01-02 10:48 - 2534076 _____ () C:\ProgramData\SPLFCF5.tmp
    2011-09-04 02:03 - 2011-09-04 02:03 - 0291143 _____ () C:\ProgramData\SPLFF0E.tmp
    2011-03-19 10:28 - 2011-03-19 10:29 - 8969504 _____ (Secure Backup and Share) C:\ProgramData\TempComcastSecureBackupShare-update-94576f825cbee21cffeff81117efd21f.exe
    2010-04-03 16:31 - 2010-04-03 16:31 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

    Files to move or delete:
    ====================
    C:\ProgramData\TempComcastSecureBackupShare-update-94576f825cbee21cffeff81117efd21f.exe


    Some content of TEMP:
    ====================
    C:\Users\Deb\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvhqf3h.dll
    C:\Users\Deb\AppData\Local\Temp\Quarantine.exe
    C:\Users\Deb\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-04 23:13

    ==================== End Of Log ============================

    Once again, very grateful for your time and efforts for me.

    Deb
     
  11. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    EeeDeeRN,
    We are going to use a different tool to remove what's left.
    ---------------------------------------------
    Download the OTL Scanner
    Please download OTL.exe by OldTimer and save it to your desktop.
    ----------------------------------------------
    Perform a Custom Fix with OTL
    Right click OTL on your desktop, and choose "Run as administrator" to open it.
    • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
      Code:
      :Commands
      [CREATERESTOREPOINT]
      
      :Reg
      [-HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\weDownload]
      [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
      [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
      [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
      [-HKEY_CURRENT_USER\Software\WeDlMngr]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate\Update\Clients\{489ac4 9f-1cce-4618-bc42-fc5428b8f6dc}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\The weDownload Manager]
      [-HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager]
      [-HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\InstalledBrowserExtensions\weDownload]
      [-HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}]
      [-HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}]
      [-HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\WeDlMngr]
      [-HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager]
      [-HKEY_CURRENT_USER\Software\suprize]
      [-HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\suprize]
      [HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\InstalledBrowserExtensions\21501]
      "49074"=-
      [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\21501]
      "49074"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\21501]
      "49074"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\21501]
      "49074"=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
      "C:\Program Files (x86)\The weDownload Manager\Uninstall.exe"=-
      
      :Files
      C:\Windows\Prefetch\SUPRIZE_NOTIFICATION_SERVICE.-27E5712B.pf
      C:\Program Files (x86)\suprize
      C:\Program Files (x86)\The weDownload Manager
      C:\Program Files (x86)\globalUpdate
      C:\Program Files\PC-Doctor for Windows
      ipconfig /flushdns /c
      
      :Commands
      [emptyjava]
      [emptyflash] 
      [EMPTYTEMP]
      
    • Then click the Run Fix button at the top. DO NOT CLICK Run Scan
    • Let the program run unhindered, and click to allow the Reboot when it is done.
      When the computer Reboots, and you start your usual account, a Notepad text file will appear.
    • That is the FIX log file. Copy the contents of that file and post it in your next reply.
      It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

    If this part goes OK, we will be ready for cleanup.
    askey127
     
  12. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    OTL Results:
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\weDownload\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ not found.
    Registry key HKEY_CURRENT_USER\Software\WeDlMngr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate\Update\Clients\{489ac4 9f-1cce-4618-bc42-fc5428b8f6dc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{489ac4 9f-1cce-4618-bc42-fc5428b8f6dc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\The weDownload Manager\ not found.
    Registry key HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\InstalledBrowserExtensions\weDownload\ not found.
    Registry key HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcf22e-a3ff-4db3-b489-bafb57b4d3bb}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac962d47-3eb0-4c92-9881-35b45ab265d4}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\WeDlMngr\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager\ not found.
    Registry key HKEY_CURRENT_USER\Software\suprize\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\suprize\ not found.
    Registry key HKEY_USERS\S-1-5-21-1012019336-4294157242-4255772918-1000\Software\InstalledBrowserExtensions\21501 not found.
    Registry key HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\21501 not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\21501 not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\21501 not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers not found.
    ========== FILES ==========
    C:\Windows\Prefetch\SUPRIZE_NOTIFICATION_SERVICE.-27E5712B.pf moved successfully.
    C:\Program Files (x86)\suprize folder moved successfully.
    File\Folder C:\Program Files (x86)\The weDownload Manager not found.
    File\Folder C:\Program Files (x86)\globalUpdate not found.
    File\Folder C:\Program Files\PC-Doctor for Windows not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Deb\Desktop\cmd.bat deleted successfully.
    C:\Users\Deb\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: All Users

    User: Deb
    ->Java cache emptied: 11700648 bytes

    User: Deb-Admin

    User: Default

    User: Default User

    User: DefaultAppPool

    User: DefaultAppPool.IIS APPPOOL

    User: dub_cm_auto

    User: Public

    Total Java Files Cleaned = 11.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Deb
    ->Flash cache emptied: 3667 bytes

    User: Deb-Admin
    ->Flash cache emptied: 58756 bytes

    User: Default

    User: Default User

    User: DefaultAppPool

    User: DefaultAppPool.IIS APPPOOL

    User: dub_cm_auto

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Deb
    ->Temp folder emptied: 2950829 bytes
    ->Temporary Internet Files folder emptied: 44096036 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 24594543 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Deb-Admin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    User: DefaultAppPool.IIS APPPOOL
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: dub_cm_auto

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 129728 bytes
    %systemroot%\System32 .tmp files removed: 204952 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 8380928 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 171879 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 77.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 04062015_113016

    Files\Folders moved on Reboot...
    C:\Users\Deb\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
    C:\Users\Deb\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TM8E64DE\20269[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TM8E64DE\iframe[2].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TM8E64DE\postmessageRelay[2].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B4W17Q4V\6Dg4oLkBbYq[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B4W17Q4V\adTag[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B4W17Q4V\fix-homepage[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B4W17Q4V\partner[1].gif moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B4W17Q4V\partner[2].gif moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B4W17Q4V\usermatch[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B4W17Q4V\user_sync[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\1145960-i-have-browser-hijacking-malware[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\6Dg4oLkBbYq[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\adTag[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\adTag[1].html moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\adTag[2].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\frame[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\frame[2].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\frame[3].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\frame[4].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\like[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\partner[1].gif moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4RL2HH9W\wrapper1[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F97AZZO\398-otl-oldtimers-list-it[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F97AZZO\container[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F97AZZO\fastbutton[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F97AZZO\showad[1].htm moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Deb\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    C:\Windows\temp\DEB-NEWPC-20150406-1123.log moved successfully.
    File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(201504061123024E0).log not found!
    File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(201504061123024E0).log not found!
    File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    Thanks,

    Deb
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Before we do all the clean Up, tell me how it's running.
     
  14. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    Well, Ive been primarily using my Mac for most communications and only using Explorer browser to perform the funcitons you asked me to do. Now when I load firefox, and search it does what I expect rather than spitting junk back at me. Outlook loads correctly..I havent had a chance to see how GTM or GTW will perform, but I hadnt been having any trouble with those. Norton keeps giving me a message to reset my home page as it had encountered a threat. I havent reset it but all other use of that browser is normal. Chrome is working.

    I primarily use FIrefox but its important that the other work of course in times of need.

    SO far so good. :)

    Deb
     
  15. EeeDeeRN

    EeeDeeRN Thread Starter

    Joined:
    Jan 19, 2004
    Messages:
    68
    I did all of the requested operations on my PC Desktop and only the mac for communication

    Deb
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - browser hijacking malware
  1. bj nick
    Replies:
    0
    Views:
    669
  2. Brigham
    Replies:
    1
    Views:
    586
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145960

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice