Solved Infected by alarabeyes

Blasko

Blasko

New Member
Thread author
Apr 20, 2015
5
Below are the two scans you requested.

I hope you can help with this rubbish ...(that I got trying to download a .flv reader from cnet)

Thanks
Blasko

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by Red (administrator) on WORK_DXB_001 on 20-04-2015 20:26:06
Running from C:\Users\Red\Downloads
Loaded Profiles: Red (Available profiles: Red & test1 & Administrator)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Akamai Technologies, Inc.) C:\Users\Red\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Akamai Technologies, Inc.) C:\Users\Red\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\Red\AppData\Local\FluxSoftware\Flux\flux.exe
(Imtiger Software Inc.) C:\Program Files (x86)\SuperTintin for Skype\supertintin_skype.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Red\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnria_nmhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [NextLive] => C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Red\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Red\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [Google Update] => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-18] (Google Inc.)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [f.lux] => C:\Users\Red\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [supertintin_skype] => C:\Program Files (x86)\SuperTintin for Skype\supertintin_skype.exe [4671488 2014-05-30] (Imtiger Software Inc.)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [GoogleChromeAutoLaunch_E68D6595129FCC17E200ADD0DEEA4BDD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-14] (Google Inc.)
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [OneDrive] => C:\Users\Red\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-10] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-08-27]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-04-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Red\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-02-01]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/45
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com/?src=1000
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/45
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com/?src=1000
HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/45
SearchScopes: HKLM -> {BCF7BDD0-B8A0-4C13-911D-F8663FF5851C} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {BCF7BDD0-B8A0-4C13-911D-F8663FF5851C} URL = http://www.amazon.co.uk/s/ref=azs_o...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001 -> {BCF7BDD0-B8A0-4C13-911D-F8663FF5851C} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-08-27] (LastPass)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-14] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-08-27] (LastPass)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-14] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-08-27] (LastPass)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-08-27] (LastPass)
Toolbar: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-08-27] (LastPass)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-14] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-08-27] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Red\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Red\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @talk.google.com/O1DPlugin -> C:\Users\Red\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Red\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Red\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-01-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-04-20]

Chrome:
=======
CHR Profile: C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-04-20]
CHR Extension: (SEOquake) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2015-04-20]
CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-20]
CHR Extension: (Google Docs) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-02]
CHR Extension: (Google Drive) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-02]
CHR Extension: (Norton Security Toolbar) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-04-19]
CHR Extension: (YouTube) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-02]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-04-20]
CHR Extension: (Google Search) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-02]
CHR Extension: (Dragon Web Extension) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2015-04-20]
CHR Extension: (FLV Player) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2015-04-20]
CHR Extension: (MozBar) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2015-04-20]
CHR Extension: (Name) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjjniaenghhbffhplhdcipdgidbajdp [2015-04-20]
CHR Extension: (iCloud Bookmarks) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-04-20]
CHR Extension: (ToutApp Email Tracking, Templates & Analytics) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmkcahdekdbapmdfnffclacbpnicaj [2015-04-20]
CHR Extension: (Pin It Button) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-04-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-20]
CHR Extension: (Rapportive) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2015-04-20]
CHR Extension: (Norton Identity Safe) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-19]
CHR Extension: (WhatFont) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2015-04-20]
CHR Extension: (Complete for Gmail) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhahbgembnigfgmhgcalbdjehmkgodhe [2015-04-20]
CHR Extension: (Momentum) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-04-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-19]
CHR Extension: (Google Wallet) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19]
CHR Extension: (Check My Links) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf [2015-04-20]
CHR Extension: (Google Quick Scroll) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-04-19]
CHR Extension: (Gmail) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-02]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-09-20] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-02] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140309.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-09-20] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140310.019\ENG64.SYS [126040 2014-01-02] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140310.019\EX64.SYS [2099288 2014-01-02] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-21] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-02] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 20:26 - 2015-04-20 20:27 - 00029728 _____ () C:\Users\Red\Downloads\FRST.txt
2015-04-20 20:25 - 2015-04-20 20:26 - 00000000 ____D () C:\FRST
2015-04-20 20:25 - 2015-04-20 20:25 - 02098176 _____ (Farbar) C:\Users\Red\Downloads\FRST64.exe
2015-04-20 20:24 - 2015-04-20 20:24 - 01137664 _____ (Farbar) C:\Users\Red\Downloads\FRST.exe
2015-04-20 17:01 - 2015-04-20 17:01 - 00030720 ___SH () C:\Users\Red\Desktop\Thumbs.db
2015-04-20 15:10 - 2015-04-20 19:55 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part09.rar
2015-04-20 08:33 - 2015-04-20 09:08 - 00005026 _____ () C:\Users\Red\Downloads\software_removal_tool.log
2015-04-20 08:24 - 2015-04-20 08:24 - 00003120 _____ () C:\WINDOWS\System32\Tasks\{97E63FD2-50A1-4D24-8E24-B1A1F72EE358}
2015-04-20 08:15 - 2015-04-20 13:01 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part08.rar
2015-04-19 13:33 - 2015-04-19 18:18 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part07.rar
2015-04-19 08:32 - 2015-04-19 13:17 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part06.rar
2015-04-18 16:58 - 2015-04-18 21:43 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part05.rar
2015-04-18 15:44 - 2015-04-18 15:44 - 00003748 _____ () C:\WINDOWS\System32\Tasks\Newsfeed
2015-04-18 15:44 - 2015-04-18 15:44 - 00003224 _____ () C:\WINDOWS\System32\Tasks\ScheduledScan
2015-04-18 15:44 - 2015-04-18 15:44 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Flasher
2015-04-18 15:16 - 2015-04-18 15:25 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-04-18 15:14 - 2015-04-18 15:17 - 00000066 _____ () C:\WINDOWS\SysWOW64\sn.txt
2015-04-18 15:14 - 2015-04-18 15:14 - 00003220 _____ () C:\WINDOWS\System32\Tasks\Virt-Device
2015-04-18 15:14 - 2015-04-18 15:14 - 00000000 ____D () C:\ProgramData\Mistl
2015-04-18 15:13 - 2015-04-18 15:14 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Craft
2015-04-18 11:58 - 2015-04-18 12:00 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Opera Software
2015-04-18 11:58 - 2015-04-18 12:00 - 00000000 ____D () C:\Users\Red\AppData\Local\Opera Software
2015-04-18 11:57 - 2015-04-18 12:00 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-18 11:26 - 2015-04-19 08:32 - 00000000 ____D () C:\ProgramData\Drv
2015-04-18 11:26 - 2015-04-18 15:14 - 00003720 _____ () C:\WINDOWS\System32\Tasks\Mistl
2015-04-18 11:26 - 2015-04-18 15:12 - 00000000 ____D () C:\ProgramData\Kirin
2015-04-18 11:26 - 2015-04-18 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-04-18 11:26 - 2015-04-18 11:26 - 00003240 _____ () C:\WINDOWS\System32\Tasks\Drv Update
2015-04-18 11:26 - 2015-04-18 11:26 - 00003220 _____ () C:\WINDOWS\System32\Tasks\9A5A8340-6B15
2015-04-18 11:26 - 2015-04-18 11:26 - 00000000 ____D () C:\Users\Red\AppData\Roaming\htcon
2015-04-18 11:26 - 2015-04-18 11:26 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Fixs
2015-04-18 11:26 - 2015-04-18 11:26 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Crown
2015-04-18 11:13 - 2015-04-18 15:58 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part04.rar
2015-04-17 18:05 - 2015-04-19 19:30 - 00000000 ____D () C:\Users\Red\Downloads\Glenn Livingston - Hyper Responsive Marketing Secrets
2015-04-17 17:23 - 2015-04-17 22:08 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part03.rar
2015-04-16 19:43 - 2015-04-16 19:43 - 00005965 _____ () C:\Users\Red\Desktop\Why working with Alfred Blaskowitz.scap
2015-04-16 17:55 - 2015-04-16 22:40 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part02.rar
2015-04-16 11:14 - 2015-04-16 13:35 - 00098829 _____ () C:\Users\Red\Desktop\KPMG Dubai Holiday Schedule.xlsx
2015-04-16 10:38 - 2015-04-16 15:23 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part01.rar
2015-04-15 09:15 - 2015-04-15 09:19 - 00000000 ____D () C:\Users\Red\Documents\My Kindle Content
2015-04-15 09:15 - 2015-04-15 09:15 - 00002283 _____ () C:\Users\Red\Desktop\Kindle.lnk
2015-04-15 09:15 - 2015-04-15 09:15 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-04-15 09:15 - 2015-04-15 09:15 - 00000000 ____D () C:\Users\Red\AppData\Local\Amazon
2015-04-15 09:11 - 2015-04-15 09:12 - 40891792 _____ (Amazon.com) C:\Users\Red\Downloads\KindleForPC-installer.exe
2015-04-15 08:36 - 2015-03-24 01:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 08:36 - 2015-03-24 01:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 08:36 - 2015-03-24 01:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 08:36 - 2015-03-24 01:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 08:36 - 2015-03-24 01:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 08:36 - 2015-03-20 08:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 08:36 - 2015-03-20 08:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 08:36 - 2015-03-20 08:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 08:36 - 2015-03-20 07:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 08:36 - 2015-03-20 06:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 08:36 - 2015-03-20 06:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 08:36 - 2015-03-20 06:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 08:35 - 2015-03-14 12:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-15 08:35 - 2015-03-14 12:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-15 08:35 - 2015-03-13 08:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 08:35 - 2015-03-13 08:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 08:35 - 2015-03-13 08:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 08:35 - 2015-03-13 07:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 08:35 - 2015-03-13 07:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 08:35 - 2015-03-13 07:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 08:35 - 2015-03-13 07:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 08:35 - 2015-03-13 07:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 08:35 - 2015-03-13 07:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 08:35 - 2015-03-13 07:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 08:35 - 2015-03-13 07:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 08:35 - 2015-03-13 07:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 08:35 - 2015-03-13 07:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 08:35 - 2015-03-13 07:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 08:35 - 2015-03-13 06:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 08:35 - 2015-03-13 06:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 08:35 - 2015-03-13 06:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 08:35 - 2015-03-13 06:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 08:35 - 2015-03-13 06:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 08:35 - 2015-03-13 06:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 08:35 - 2015-03-13 06:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 08:35 - 2015-03-13 06:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 08:35 - 2015-03-13 06:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 08:35 - 2015-03-13 06:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 08:35 - 2015-03-13 06:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 08:35 - 2015-03-13 06:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 08:35 - 2015-02-21 03:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 08:34 - 2015-03-23 02:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 08:34 - 2015-03-23 02:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 08:34 - 2015-03-23 02:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 08:34 - 2015-03-23 02:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 08:34 - 2015-03-23 02:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 08:34 - 2015-03-23 02:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 08:34 - 2015-03-23 02:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 08:34 - 2015-03-14 12:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 08:34 - 2015-03-14 05:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 08:34 - 2015-03-14 05:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 08:34 - 2015-03-14 05:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 08:34 - 2015-03-14 05:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 08:34 - 2015-03-14 05:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 08:34 - 2015-03-14 04:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 08:34 - 2015-03-14 04:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 08:34 - 2015-03-14 04:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 08:34 - 2015-03-14 04:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 08:34 - 2015-03-14 04:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 08:34 - 2015-03-14 04:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 08:34 - 2015-03-14 04:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 08:34 - 2015-03-14 04:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 08:34 - 2015-03-14 04:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 08:34 - 2015-03-14 04:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 08:34 - 2015-03-14 03:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 08:34 - 2015-03-14 03:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 08:34 - 2015-03-04 14:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 08:34 - 2015-03-04 07:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 08:34 - 2015-03-04 06:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 08:34 - 2015-02-24 12:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 13:38 - 2015-04-14 13:38 - 00001630 _____ () C:\Users\Red\Downloads\content.txt
2015-04-07 18:33 - 2015-04-07 18:33 - 00070400 _____ () C:\Users\Red\Downloads\6646.html
2015-04-07 18:33 - 2015-04-07 18:33 - 00000000 ____D () C:\Users\Red\Downloads\6646_files
2015-04-05 19:45 - 2015-04-05 20:00 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-05 19:45 - 2015-04-05 19:45 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-02 15:45 - 2015-04-02 15:45 - 04877828 _____ () C:\Users\Red\Downloads\B639.tmp
2015-04-01 19:43 - 2015-04-01 19:43 - 03435287 _____ () C:\Users\Red\Desktop\Secrets_To_Clever_and_Efficient_PPC_Campaign_Build_Outs_In_Excel.zip
2015-03-31 10:14 - 2015-03-31 10:14 - 00408041 _____ () C:\Users\Red\Downloads\Get-Response-Optin-Forms.zip
2015-03-27 13:13 - 2015-03-27 13:13 - 00003365 _____ () C:\Users\Red\Downloads\The 4-Step Funnel Blueprint To Getting Exponential Revenue Growth From Your Paid Advertising In The Next 60 Days.ics
2015-03-23 16:46 - 2015-03-24 16:37 - 00260774 _____ () C:\Users\Red\Desktop\Vandago T-Shirt.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 20:20 - 2014-02-26 06:32 - 00000576 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001.job
2015-04-20 20:00 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-20 19:54 - 2014-08-05 09:21 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-20 19:43 - 2014-05-18 10:14 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001UA.job
2015-04-20 19:30 - 2014-01-02 10:19 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 18:44 - 2014-11-13 17:55 - 00000000 ____D () C:\Users\Red\AppData\Roaming\ContactMonkey
2015-04-20 18:44 - 2014-09-11 17:20 - 00000000 ____D () C:\Users\Red\Documents\Outlook Files
2015-04-20 18:30 - 2014-01-02 10:19 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 16:54 - 2014-07-06 09:10 - 01877104 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-20 16:39 - 2014-01-14 16:04 - 00004982 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WORK_DXB_001-Red Work_dxb_001
2015-04-20 15:07 - 2014-07-06 14:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5D8B89DA-116B-4547-840E-F040BD104429}
2015-04-20 15:06 - 2014-04-22 12:07 - 00000000 ___RD () C:\Users\Red\Dropbox
2015-04-20 15:06 - 2014-04-22 12:05 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Dropbox
2015-04-20 15:06 - 2013-10-29 14:51 - 00000000 ___DO () C:\Users\Red\OneDrive
2015-04-20 15:05 - 2014-07-20 14:19 - 00000000 ___RD () C:\Users\Red\Google Drive
2015-04-20 15:05 - 2014-01-23 22:12 - 00000000 ____D () C:\Users\Red\AppData\Roaming\newnext.me
2015-04-20 13:27 - 2013-08-22 18:46 - 00369041 _____ () C:\WINDOWS\setupact.log
2015-04-20 13:27 - 2013-08-22 18:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-20 13:26 - 2014-03-18 12:19 - 00025546 _____ () C:\WINDOWS\PFRO.log
2015-04-20 13:25 - 2013-08-22 17:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-20 12:47 - 2014-01-02 10:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3129109475-3229634427-3213972833-1001
2015-04-20 10:43 - 2014-05-18 10:14 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001Core.job
2015-04-20 08:54 - 2014-08-05 09:21 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-20 08:33 - 2014-10-20 20:45 - 00002366 _____ () C:\Users\Red\Desktop\Chrome App Launcher.lnk
2015-04-20 08:28 - 2014-11-08 08:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 08:28 - 2014-09-24 12:52 - 00000000 ____D () C:\ProgramData\TechSmith
2015-04-20 08:28 - 2014-09-24 12:52 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-04-20 08:28 - 2014-01-05 19:57 - 00000000 ____D () C:\Users\Red\AppData\Local\TechSmith
2015-04-20 08:28 - 2014-01-05 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-04-20 08:28 - 2014-01-05 19:57 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2015-04-19 14:32 - 2014-03-10 18:41 - 00000000 ____D () C:\Users\Red\AppData\Local\CrashDumps
2015-04-19 14:29 - 2014-02-07 14:15 - 00003160 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRed
2015-04-19 14:29 - 2014-02-07 14:15 - 00000350 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRed.job
2015-04-19 09:27 - 2013-07-07 12:19 - 01984000 ___SH () C:\Users\Red\Downloads\Thumbs.db
2015-04-19 08:40 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-18 15:42 - 2014-01-02 10:20 - 00002299 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-18 15:16 - 2013-08-22 19:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-18 15:15 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-04-18 12:07 - 2014-01-02 10:04 - 00000000 ____D () C:\Users\Red\AppData\Local\Packages
2015-04-16 14:16 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-16 08:33 - 2014-01-24 08:03 - 00000000 ____D () C:\Users\Red\AppData\Local\Apple Computer
2015-04-16 08:31 - 2012-07-26 11:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 08:21 - 2013-08-22 17:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-15 20:06 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2015-04-15 20:06 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2015-04-15 20:05 - 2015-01-18 12:55 - 00000000 ____D () C:\Users\Red\Desktop\Saxest MEDIA
2015-04-15 14:31 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 10:48 - 2014-01-04 14:41 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 10:25 - 2014-01-04 14:41 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 10:19 - 2014-12-11 19:02 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 10:19 - 2014-07-09 08:13 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 08:34 - 2014-11-12 07:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-14 20:50 - 2013-09-07 12:12 - 00000000 ____D () C:\Users\Red\Desktop\SAXEST
2015-04-14 03:24 - 2015-03-12 11:36 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 03:24 - 2015-03-12 11:36 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 14:21 - 2014-02-26 06:32 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001
2015-04-10 08:13 - 2014-04-22 12:06 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-09 15:50 - 2014-09-24 17:31 - 00000000 ____D () C:\Users\Red\Documents\Camtasia Studio
2015-04-08 18:44 - 2014-06-08 19:20 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Mozilla
2015-04-03 14:28 - 2014-01-15 07:04 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-03-26 18:03 - 2014-07-14 05:45 - 00000000 ____D () C:\Users\Red\Desktop\personal
2015-03-25 12:24 - 2013-11-19 10:48 - 00000000 ____D () C:\Users\Red\Documents\My Digital Editions
2015-03-25 09:27 - 2014-11-03 08:51 - 00000000 ____D () C:\Users\Red\Desktop\Saxest LOOP
2015-03-23 16:32 - 2013-09-10 16:51 - 00000000 ____D () C:\Users\Red\Desktop\Learning
2015-03-22 08:56 - 2014-03-18 19:32 - 00968612 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-08-27 13:44 - 2014-08-27 13:44 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-09-11 17:24 - 2014-11-08 08:31 - 0007312 _____ () C:\Users\Red\AppData\Roaming\Comma Separated Values.EML
2014-11-08 10:43 - 2015-03-03 12:01 - 0001835 _____ () C:\Users\Red\AppData\Roaming\SAS7_000.DAT
2014-01-18 13:05 - 2014-01-18 13:06 - 0049152 _____ () C:\Users\Red\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Users\Red\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_0agc.dll
C:\Users\Red\AppData\Local\Temp\Extract.exe
C:\Users\Red\AppData\Local\Temp\lowproc.exe
C:\Users\Red\AppData\Local\Temp\SP64353.exe
C:\Users\Red\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-20 15:47

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01
Ran by Red at 2015-04-20 20:27:44
Running from C:\Users\Red\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 100663559.4759644.48.2147344384 - Audible, Inc.)
Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.22 - Balsamiq SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.2.22 - Balsamiq SRL) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
ContactMonkey Outlook Add-in (HKLM-x32\...\{c8fe15e4-2f49-47fb-9c34-517ab1627bd2}) (Version: 1.2.4.0 - ContactMonkey)
ContactMonkeyOutlookAddIn (x32 Version: 1.2.4.0 - ContactMonkey) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Flux) (Version: - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )
FreshKey (HKLM-x32\...\FreshKey) (Version: 1.0.0 - Infomastery, LLC)
FreshKey (x32 Version: 1.0.0 - Infomastery, LLC) Hidden
Google AdWords Editor (HKLM-x32\...\{14069A87-872C-41E6-9D36-B1BE3870C35A}) (Version: 10.6.0 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - Italiano (HKLM-x32\...\{90150000-00BD-0410-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Pixlr-o-matic (HKLM-x32\...\Pixlromatic) (Version: 2.1 - UNKNOWN)
Pixlr-o-matic (x32 Version: 2.1 - UNKNOWN) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
S3 Browser version 4.7.7 (HKLM\...\S3 Browser_is1) (Version: 4.7.7.0 - NetSDK Software, LLC)
Scapple (HKLM-x32\...\Scapple 1000) (Version: 1000 - Literature and Latte)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 2.55 - Screaming Frog Ltd)
Scrivener Update (HKLM-x32\...\Scrivener 1610) (Version: 1710 - Literature and Latte)
SuperTintin 1.2.0.24 (HKLM-x32\...\SuperTintin Skype Video Call Recorder_is1) (Version: 1.2.0.24 - IMTiger Technologies Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Red\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Red\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

03-04-2015 14:36:08 Scheduled Checkpoint
11-04-2015 16:51:49 Scheduled Checkpoint
15-04-2015 10:18:14 Windows Update
18-04-2015 11:27:17 Installed FLV Player
20-04-2015 08:27:07 Snagit 12

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 17:25 - 2013-08-22 17:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03D6B9DA-57E8-4ED8-BE2F-EBF056575170} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)
Task: {04438A1C-34DD-48B5-9179-3B620CC2F8CD} - System32\Tasks\ScheduledScan => C:\Users\Red\AppData\Roaming\Flasher\c32s.exe [2015-03-19] ()
Task: {0520B0F1-AD28-4E9F-894F-D6CF23DBCE1C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0840C129-862B-4DF4-BAE0-EBBD81BDADB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {0A2BF367-801C-450B-B517-8D98DD6CDF4B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {1066AAEA-3834-43FA-A890-B4E16F400D39} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {1E5E300A-EA39-4546-B795-1224BD067D72} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)
Task: {22895078-AB48-4834-9E12-DD572CA3A682} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {3512E319-7C21-4AD7-B22F-69D91C761393} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {42003730-B287-4D94-B07F-79899DC15CF1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3129109475-3229634427-3213972833-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {45C8416C-82BB-4F21-99CC-BDAD0F6FB224} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3129109475-3229634427-3213972833-1008 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {56CE18C9-0E4D-4FCD-A8C6-FD3C55A61798} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {63DE391D-7E98-4394-810E-EE422A34EE57} - System32\Tasks\Drv Update => C:\ProgramData\Drv\Drv.exe [2015-03-05] ()
Task: {651FF8A5-3888-48AE-BD84-448D1024DECE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {65D720D2-DD59-4F61-8C2C-BF6677E0D9CE} - System32\Tasks\HPCeeScheduleForRed => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6B5C18FA-88DE-44BC-82FF-C11912FBC758} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {73CC32EB-854B-4F8D-868C-A5663DE35C8B} - System32\Tasks\Newsfeed => C:\Users\Red\AppData\Roaming\Flasher\c32s.exe [2015-03-19] ()
Task: {74DE1BF8-316F-4DEF-A330-E346C35EC300} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)
Task: {7E3F4578-99DF-4325-B362-FD5F7199B80D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001UA => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {7F4E1B06-DD20-452D-AAF0-BDA75CE10710} - System32\Tasks\Mistl => C:\ProgramData\Mistl\Mistl.exe
Task: {83575ABC-9DE5-4603-A7E1-C0F42A0BD01F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9002B7F5-4A0D-49DB-B9AB-43E1FBDAFA58} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {90D1B2EF-01E0-44FB-BA0F-B5640320B3FF} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {921E4DE9-A756-47BC-B7A0-EFF09BF31E28} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3129109475-3229634427-3213972833-1001
Task: {9476ADC8-DE87-4216-9CD2-2E12F49B461C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001Core => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {9FC49BA9-6FD5-498A-9895-2F86BED41859} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WORK_DXB_001-Red Work_dxb_001 => C:\Program Files\Microsoft Office 15\root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {A5AA0EA9-2194-4859-9E93-10B4B43FA5E5} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {AA94082A-B604-4F43-A8F9-54BBBA3F7A65} - System32\Tasks\9A5A8340-6B15 => C:\Users\Red\AppData\Roaming\htcon\Updater.exe [2015-03-05] ()
Task: {BA6AA7EE-60B0-4771-B504-4E889FF0E6F7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {BD212D3F-5ECA-4756-ACEE-52D2E7F35746} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {BF681104-D5E3-438D-B075-65362A79C05A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CACE834D-BB5D-41FF-AC9F-9AE1CA352BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)
Task: {D19F958A-D44D-40AA-A0AB-91F8CB67261F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {D1CAB8F3-EE33-4960-A760-CBEB3330463F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Users\Red\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D22566DA-070A-4B58-89DD-EAE3E62DDB73} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D26398CD-0F83-4804-BBAE-91F33B1CE9A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E6D8657A-200B-4F96-AB9D-B41FDD483CD9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E8DA6518-7A19-4A3D-9303-67EECFF17C33} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {F3986676-1A63-4FEE-80FB-DFAF9DC9D271} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {F81D4AE6-F70E-45A0-882B-A0A4C86EF20B} - System32\Tasks\{97E63FD2-50A1-4D24-8E24-B1A1F72EE358} => pcalua.exe -a C:\Users\Red\AppData\Roaming\Fixs\RemoveTool.exe -c /extrem=1
Task: {FACCDFE6-A247-4881-8D70-0440CF1F9301} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {FBE29BEB-C23F-47F1-B7A4-B8D672FEC79A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {FD6ACCE6-4E7B-4AD6-8749-F49AC0B4FAA3} - System32\Tasks\Virt-Device => C:\Users\Red\AppData\Roaming\Craft\Updater.exe [2015-02-05] ()
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001.job => C:\Users\Red\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001Core.job => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001UA.job => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRed.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-24 17:40 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-13 08:10 - 2015-01-27 19:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-29 14:48 - 2012-08-29 14:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-25 08:28 - 2014-11-25 08:28 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-09-20 09:34 - 2014-09-20 09:33 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-10 13:17 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2014-10-08 17:25 - 2014-05-30 12:12 - 00168960 _____ () C:\Program Files (x86)\SuperTintin for Skype\mcr_skype_hook1.dll
2013-03-05 15:40 - 2012-06-08 07:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-20 15:05 - 2015-04-20 15:06 - 00043008 _____ () c:\users\red\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_0agc.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00750080 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00047616 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00865280 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 01:45 - 2015-03-05 01:45 - 00200704 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-16 18:31 - 2015-04-14 01:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 18:31 - 2015-04-14 01:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2014-11-18 09:46 - 2014-11-18 09:46 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-20 15:05 - 2015-04-20 15:05 - 00098816 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32api.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00110080 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pywintypes27.dll
2015-04-20 15:05 - 2015-04-20 15:05 - 00364544 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pythoncom27.dll
2015-04-20 15:05 - 2015-04-20 15:05 - 00045568 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_socket.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 01161216 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_ssl.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00320512 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32com.shell.shell.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00713216 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_hashlib.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 01175040 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._core_.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00805888 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._gdi_.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00811008 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._windows_.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 01062400 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._controls_.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00735232 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._misc_.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00682496 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pysqlite2._sqlite.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00128512 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_elementtree.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00127488 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pyexpat.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00087552 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_ctypes.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00119808 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32file.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00108544 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32security.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00007168 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\hashobjs_ext.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00167936 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32gui.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00018432 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32event.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00038912 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32inet.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00011264 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32crypt.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00070656 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._html2.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00027136 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_multiprocessing.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00020480 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_yappi.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00035840 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32process.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00686080 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\unicodedata.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00122368 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._wizard.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00024064 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32pipe.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00010240 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\select.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00025600 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32pdh.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00525640 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\windows._lib_cacheinvalidation.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00017408 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32profile.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00022528 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32ts.pyd
2015-04-20 15:05 - 2015-04-20 15:05 - 00078336 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._animate.pyd
2014-11-18 09:48 - 2014-11-18 09:48 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-04-16 18:31 - 2015-04-14 01:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\Users\Red\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Red\AppData\Roaming\Comma Separated Values.EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Red\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hp_svinoya_norway_sunset.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3129109475-3229634427-3213972833-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-3129109475-3229634427-3213972833-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3129109475-3229634427-3213972833-1007 - Limited - Enabled)
Red (S-1-5-21-3129109475-3229634427-3213972833-1001 - Administrator - Enabled) => C:\Users\Red
test1 (S-1-5-21-3129109475-3229634427-3213972833-1008 - Administrator - Enabled) => C:\Users\test1

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2015 04:06:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1730

Start Time: 01d07b61be5704b4

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: b3f39f22-e755-11e4-bfb2-4c72b98061a1

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15485

Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15485

Error: (04/20/2015 01:59:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2015 01:58:52 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (04/20/2015 01:42:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK_DXB_001)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/20/2015 01:24:18 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (04/20/2015 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VISIO.EXE, version: 15.0.4454.1000, time stamp: 0x509a38f3
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe06d7363
Fault offset: 0x00014598
Faulting process ID: 0x1364
Faulting application start time: 0xVISIO.EXE0
Faulting application path: VISIO.EXE1
Faulting module path: VISIO.EXE2
Report ID: VISIO.EXE3
Faulting package full name: VISIO.EXE4
Faulting package-relative application ID: VISIO.EXE5

Error: (04/20/2015 00:21:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VISIO.EXE, version: 15.0.4454.1000, time stamp: 0x509a38f3
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe06d7363
Fault offset: 0x00014598
Faulting process ID: 0x1a50
Faulting application start time: 0xVISIO.EXE0
Faulting application path: VISIO.EXE1
Faulting module path: VISIO.EXE2
Report ID: VISIO.EXE3
Faulting package full name: VISIO.EXE4
Faulting package-relative application ID: VISIO.EXE5

Error: (04/20/2015 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CamRecorder.exe version 8.5.1.1962 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2150

Start Time: 01d07b35b2661121

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe

Report Id: 5b0c503b-e735-11e4-bfb1-4c72b98061a1

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (04/20/2015 01:42:17 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (04/20/2015 01:25:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (04/20/2015 01:24:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/19/2015 08:23:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/18/2015 09:57:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/18/2015 00:08:43 PM) (Source: DCOM) (EventID: 10016) (User: WORK_DXB_001)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Work_dxb_001RedS-1-5-21-3129109475-3229634427-3213972833-1001LocalHost (Using LRPC)AFF540DC.FLVMediaPlayer_1.0.10.17_x64__v7353qx4kg3saS-1-15-2-279593972-2700680546-2789749554-1402095732-369879553-2090810576-2770327002

Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (04/20/2015 04:06:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415173001d07b61be5704b44294967295C:\WINDOWS\syswow64\wwahost.exeb3f39f22-e755-11e4-bfb2-4c72b98061a1Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15485

Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15485

Error: (04/20/2015 01:59:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/20/2015 01:58:52 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (04/20/2015 01:42:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK_DXB_001)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (04/20/2015 01:24:18 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (04/20/2015 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VISIO.EXE15.0.4454.1000509a38f3KERNELBASE.dll6.3.9600.1741554504adee06d736300014598136401d07b4303e9c745C:\Program Files\Microsoft Office 15\root\office15\VISIO.EXEC:\WINDOWS\SYSTEM32\KERNELBASE.dll54a8298b-e737-11e4-bfb1-4c72b98061a1

Error: (04/20/2015 00:21:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VISIO.EXE15.0.4454.1000509a38f3KERNELBASE.dll6.3.9600.1741554504adee06d7363000145981a5001d07b42a7fa6615C:\Program Files\Microsoft Office 15\root\office15\VISIO.EXEC:\WINDOWS\SYSTEM32\KERNELBASE.dll2f699445-e736-11e4-bfb1-4c72b98061a1

Error: (04/20/2015 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CamRecorder.exe8.5.1.1962215001d07b35b26611214294967295C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe5b0c503b-e735-11e4-bfb1-4c72b98061a1


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3220T CPU @ 2.80GHz
Percentage of memory in use: 61%
Total physical RAM: 3966.65 MB
Available physical RAM: 1544.24 MB
Total Pagefile: 6133.45 MB
Available Pagefile: 2757 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:452.66 GB) (Free:125.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.84 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:550.2 GB) NTFS
Drive j: (AlfredBackup01) (Fixed) (Total:931.51 GB) (Free:9.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9F0267B9)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E54E7AA3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 138A6947)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:
  • At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
  • Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
  • If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
  • I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  • Please attach all report using
    fjqb1h.png
    button below. Doing this, you make it easier for me to analyze and fix your problem.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.





FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
Blasko

Blasko

New Member
Thread author
Apr 20, 2015
5
Thank you for your help TwinHeadedEagle. Really appreciate it
 

Attachments

  • Addition.txt
    42.8 KB · Views: 28
  • FRST.txt
    50.7 KB · Views: 54
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Yes, Zoek fixed it.


Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.



Recommended additional software:
icon_arrow.gif
CCleaner - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 
  • Like
Reactions: yigido

Similar threads

J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,832
Windows Malware Removal Help & Support
nasdaq
nasdaq
K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
1,976
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,832
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top