Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Infected by alarabeyes
Message
<blockquote data-quote="Blasko" data-source="post: 375983" data-attributes="member: 35877"><p>Below are the two scans you requested.</p><p></p><p>I hope you can help with this rubbish ...(that I got trying to download a .flv reader from cnet)</p><p></p><p>Thanks</p><p>Blasko</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01</p><p>Ran by Red (administrator) on WORK_DXB_001 on 20-04-2015 20:26:06</p><p>Running from C:\Users\Red\Downloads</p><p>Loaded Profiles: Red (Available profiles: Red & test1 & Administrator)</p><p>Platform: Windows 8.1 Single Language (X64) OS Language: English (United Kingdom)</p><p>Internet Explorer Version 11 (Default browser: Opera)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dasHost.exe</p><p>(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe</p><p>(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxsrvc.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe</p><p>(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe</p><p>(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe</p><p>(Akamai Technologies, Inc.) C:\Users\Red\AppData\Local\Akamai\netsession_win.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe</p><p>(Akamai Technologies, Inc.) C:\Users\Red\AppData\Local\Akamai\netsession_win.exe</p><p>(Flux Software LLC) C:\Users\Red\AppData\Local\FluxSoftware\Flux\flux.exe</p><p>(Imtiger Software Inc.) C:\Program Files (x86)\SuperTintin for Skype\supertintin_skype.exe</p><p>(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe</p><p>(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe</p><p>(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe</p><p>(Dropbox, Inc.) C:\Users\Red\AppData\Roaming\Dropbox\bin\Dropbox.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe</p><p>(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe</p><p>(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnria_nmhost.exe</p><p>(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)</p><p>HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)</p><p>HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)</p><p>HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)</p><p>HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)</p><p>Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [NextLive] => C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Red\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Red\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [Google Update] => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-18] (Google Inc.)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [f.lux] => C:\Users\Red\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [supertintin_skype] => C:\Program Files (x86)\SuperTintin for Skype\supertintin_skype.exe [4671488 2014-05-30] (Imtiger Software Inc.)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [GoogleChromeAutoLaunch_E68D6595129FCC17E200ADD0DEEA4BDD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-14] (Google Inc.)</p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [OneDrive] => C:\Users\Red\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-10] (Microsoft Corporation)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-08-27]</p><p>ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)</p><p>Startup: C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-04-22]</p><p>ShortcutTarget: Dropbox.lnk -> C:\Users\Red\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>Startup: C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-02-01]</p><p>ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)</p><p>ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File</p><p>ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File</p><p>ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File</p><p>ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File</p><p>ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File</p><p>ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)</p><p>GroupPolicy: Group Policy on Chrome detected <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://g.jp.msn.com/HPALL13/45" target="_blank">http://g.jp.msn.com/HPALL13/45</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.arabyonline.com/?src=1000" target="_blank">http://www.arabyonline.com/?src=1000</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://g.jp.msn.com/HPALL13/45" target="_blank">http://g.jp.msn.com/HPALL13/45</a></p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.arabyonline.com/?src=1000" target="_blank">http://www.arabyonline.com/?src=1000</a></p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://g.jp.msn.com/HPALL13/45" target="_blank">http://g.jp.msn.com/HPALL13/45</a></p><p>SearchScopes: HKLM -> {BCF7BDD0-B8A0-4C13-911D-F8663FF5851C} URL = <a href="http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}" target="_blank">http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link_code=qs&index=aps&field-keywords={searchTerms}</a></p><p>SearchScopes: HKLM-x32 -> {BCF7BDD0-B8A0-4C13-911D-F8663FF5851C} URL = <a href="http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}" target="_blank">http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link_code=qs&index=aps&field-keywords={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001 -> {BCF7BDD0-B8A0-4C13-911D-F8663FF5851C} URL = </p><p>BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)</p><p>BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)</p><p>BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-08-27] (LastPass)</p><p>BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)</p><p>BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)</p><p>BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)</p><p>BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)</p><p>BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-14] (Oracle Corporation)</p><p>BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-08-27] (LastPass)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-14] (Oracle Corporation)</p><p>BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)</p><p>Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-08-27] (LastPass)</p><p>Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)</p><p>Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-08-27] (LastPass)</p><p>Toolbar: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File</p><p>Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] ()</p><p>FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-08-27] (LastPass)</p><p>FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()</p><p>FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-20] (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-20] (Intel Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-14] (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-14] (Oracle Corporation)</p><p>FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-08-27] (LastPass)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-02] (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)</p><p>FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)</p><p>FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Red\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-06] (Citrix Online)</p><p>FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Red\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)</p><p>FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @talk.google.com/O1DPlugin -> C:\Users\Red\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google)</p><p>FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\Red\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\Red\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google)</p><p>FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF</p><p>FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-01-02]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn</p><p>FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-04-20]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR Profile: C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-04-20]</p><p>CHR Extension: (SEOquake) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2015-04-20]</p><p>CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-20]</p><p>CHR Extension: (Google Docs) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-02]</p><p>CHR Extension: (Google Drive) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-02]</p><p>CHR Extension: (Norton Security Toolbar) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-04-19]</p><p>CHR Extension: (YouTube) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-02]</p><p>CHR Extension: (Alexa Traffic Rank) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-04-20]</p><p>CHR Extension: (Google Search) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-02]</p><p>CHR Extension: (Dragon Web Extension) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2015-04-20]</p><p>CHR Extension: (FLV Player) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2015-04-20]</p><p>CHR Extension: (MozBar) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2015-04-20]</p><p>CHR Extension: (Name) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjjniaenghhbffhplhdcipdgidbajdp [2015-04-20]</p><p>CHR Extension: (iCloud Bookmarks) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-04-20]</p><p>CHR Extension: (ToutApp Email Tracking, Templates & Analytics) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmkcahdekdbapmdfnffclacbpnicaj [2015-04-20]</p><p>CHR Extension: (Pin It Button) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-04-20]</p><p>CHR Extension: (LastPass: Free Password Manager) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-20]</p><p>CHR Extension: (Rapportive) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2015-04-20]</p><p>CHR Extension: (Norton Identity Safe) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-19]</p><p>CHR Extension: (WhatFont) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2015-04-20]</p><p>CHR Extension: (Complete for Gmail) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhahbgembnigfgmhgcalbdjehmkgodhe [2015-04-20]</p><p>CHR Extension: (Momentum) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-04-20]</p><p>CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]</p><p>CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-19]</p><p>CHR Extension: (Google Wallet) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19]</p><p>CHR Extension: (Check My Links) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf [2015-04-20]</p><p>CHR Extension: (Google Quick Scroll) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-04-19]</p><p>CHR Extension: (Gmail) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-02]</p><p>CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10]</p><p>CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - <a href="https://clients2.google.com/service/update2/crx" target="_blank">https://clients2.google.com/service/update2/crx</a></p><p>CHR HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - <a href="https://clients2.google.com/service/update2/crx" target="_blank">https://clients2.google.com/service/update2/crx</a></p><p>CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10]</p><p>CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - <a href="https://clients2.google.com/service/update2/crx" target="_blank">https://clients2.google.com/service/update2/crx</a></p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)</p><p>S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)</p><p>R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)</p><p>R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)</p><p>R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]</p><p>R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]</p><p>S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-09-20] (Intel Corporation)</p><p>R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)</p><p>S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-06] (Microsoft Corporation)</p><p>S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)</p><p>R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)</p><p>R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)</p><p>R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-02] (Symantec Corporation)</p><p>R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-02] (Symantec Corporation) [File not signed]</p><p>R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140309.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)</p><p>R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-09-20] (Intel Corporation)</p><p>S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140310.019\ENG64.SYS [126040 2014-01-02] (Symantec Corporation)</p><p>S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140310.019\EX64.SYS [2099288 2014-01-02] (Symantec Corporation)</p><p>S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)</p><p>R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)</p><p>R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)</p><p>R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)</p><p>S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-21] (Symantec Corporation)</p><p>R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-02] (Symantec Corporation)</p><p>R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)</p><p>R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)</p><p>S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]</p><p>S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-04-20 20:26 - 2015-04-20 20:27 - 00029728 _____ () C:\Users\Red\Downloads\FRST.txt</p><p>2015-04-20 20:25 - 2015-04-20 20:26 - 00000000 ____D () C:\FRST</p><p>2015-04-20 20:25 - 2015-04-20 20:25 - 02098176 _____ (Farbar) C:\Users\Red\Downloads\FRST64.exe</p><p>2015-04-20 20:24 - 2015-04-20 20:24 - 01137664 _____ (Farbar) C:\Users\Red\Downloads\FRST.exe</p><p>2015-04-20 17:01 - 2015-04-20 17:01 - 00030720 ___SH () C:\Users\Red\Desktop\Thumbs.db</p><p>2015-04-20 15:10 - 2015-04-20 19:55 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part09.rar</p><p>2015-04-20 08:33 - 2015-04-20 09:08 - 00005026 _____ () C:\Users\Red\Downloads\software_removal_tool.log</p><p>2015-04-20 08:24 - 2015-04-20 08:24 - 00003120 _____ () C:\WINDOWS\System32\Tasks\{97E63FD2-50A1-4D24-8E24-B1A1F72EE358}</p><p>2015-04-20 08:15 - 2015-04-20 13:01 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part08.rar</p><p>2015-04-19 13:33 - 2015-04-19 18:18 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part07.rar</p><p>2015-04-19 08:32 - 2015-04-19 13:17 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part06.rar</p><p>2015-04-18 16:58 - 2015-04-18 21:43 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part05.rar</p><p>2015-04-18 15:44 - 2015-04-18 15:44 - 00003748 _____ () C:\WINDOWS\System32\Tasks\Newsfeed</p><p>2015-04-18 15:44 - 2015-04-18 15:44 - 00003224 _____ () C:\WINDOWS\System32\Tasks\ScheduledScan</p><p>2015-04-18 15:44 - 2015-04-18 15:44 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Flasher</p><p>2015-04-18 15:16 - 2015-04-18 15:25 - 00000258 __RSH () C:\ProgramData\ntuser.pol</p><p>2015-04-18 15:14 - 2015-04-18 15:17 - 00000066 _____ () C:\WINDOWS\SysWOW64\sn.txt</p><p>2015-04-18 15:14 - 2015-04-18 15:14 - 00003220 _____ () C:\WINDOWS\System32\Tasks\Virt-Device</p><p>2015-04-18 15:14 - 2015-04-18 15:14 - 00000000 ____D () C:\ProgramData\Mistl</p><p>2015-04-18 15:13 - 2015-04-18 15:14 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Craft</p><p>2015-04-18 11:58 - 2015-04-18 12:00 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Opera Software</p><p>2015-04-18 11:58 - 2015-04-18 12:00 - 00000000 ____D () C:\Users\Red\AppData\Local\Opera Software</p><p>2015-04-18 11:57 - 2015-04-18 12:00 - 00000000 ____D () C:\Program Files (x86)\Opera</p><p>2015-04-18 11:26 - 2015-04-19 08:32 - 00000000 ____D () C:\ProgramData\Drv</p><p>2015-04-18 11:26 - 2015-04-18 15:14 - 00003720 _____ () C:\WINDOWS\System32\Tasks\Mistl</p><p>2015-04-18 11:26 - 2015-04-18 15:12 - 00000000 ____D () C:\ProgramData\Kirin</p><p>2015-04-18 11:26 - 2015-04-18 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)</p><p>2015-04-18 11:26 - 2015-04-18 11:26 - 00003240 _____ () C:\WINDOWS\System32\Tasks\Drv Update</p><p>2015-04-18 11:26 - 2015-04-18 11:26 - 00003220 _____ () C:\WINDOWS\System32\Tasks\9A5A8340-6B15</p><p>2015-04-18 11:26 - 2015-04-18 11:26 - 00000000 ____D () C:\Users\Red\AppData\Roaming\htcon</p><p>2015-04-18 11:26 - 2015-04-18 11:26 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Fixs</p><p>2015-04-18 11:26 - 2015-04-18 11:26 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Crown</p><p>2015-04-18 11:13 - 2015-04-18 15:58 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part04.rar</p><p>2015-04-17 18:05 - 2015-04-19 19:30 - 00000000 ____D () C:\Users\Red\Downloads\Glenn Livingston - Hyper Responsive Marketing Secrets</p><p>2015-04-17 17:23 - 2015-04-17 22:08 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part03.rar</p><p>2015-04-16 19:43 - 2015-04-16 19:43 - 00005965 _____ () C:\Users\Red\Desktop\Why working with Alfred Blaskowitz.scap</p><p>2015-04-16 17:55 - 2015-04-16 22:40 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part02.rar</p><p>2015-04-16 11:14 - 2015-04-16 13:35 - 00098829 _____ () C:\Users\Red\Desktop\KPMG Dubai Holiday Schedule.xlsx</p><p>2015-04-16 10:38 - 2015-04-16 15:23 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part01.rar</p><p>2015-04-15 09:15 - 2015-04-15 09:19 - 00000000 ____D () C:\Users\Red\Documents\My Kindle Content</p><p>2015-04-15 09:15 - 2015-04-15 09:15 - 00002283 _____ () C:\Users\Red\Desktop\Kindle.lnk</p><p>2015-04-15 09:15 - 2015-04-15 09:15 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon</p><p>2015-04-15 09:15 - 2015-04-15 09:15 - 00000000 ____D () C:\Users\Red\AppData\Local\Amazon</p><p>2015-04-15 09:11 - 2015-04-15 09:12 - 40891792 _____ (Amazon.com) C:\Users\Red\Downloads\KindleForPC-installer.exe</p><p>2015-04-15 08:36 - 2015-03-24 01:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe</p><p>2015-04-15 08:36 - 2015-03-24 01:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll</p><p>2015-04-15 08:36 - 2015-03-24 01:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll</p><p>2015-04-15 08:36 - 2015-03-24 01:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll</p><p>2015-04-15 08:36 - 2015-03-24 01:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll</p><p>2015-04-15 08:36 - 2015-03-20 08:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll</p><p>2015-04-15 08:36 - 2015-03-20 08:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll</p><p>2015-04-15 08:36 - 2015-03-20 08:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll</p><p>2015-04-15 08:36 - 2015-03-20 07:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe</p><p>2015-04-15 08:36 - 2015-03-20 06:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe</p><p>2015-04-15 08:36 - 2015-03-20 06:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll</p><p>2015-04-15 08:36 - 2015-03-20 06:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll</p><p>2015-04-15 08:35 - 2015-03-14 12:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll</p><p>2015-04-15 08:35 - 2015-03-14 12:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll</p><p>2015-04-15 08:35 - 2015-03-13 08:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2015-04-15 08:35 - 2015-03-13 08:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll</p><p>2015-04-15 08:35 - 2015-03-13 08:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe</p><p>2015-04-15 08:35 - 2015-03-13 07:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll</p><p>2015-04-15 08:35 - 2015-03-13 07:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll</p><p>2015-04-15 08:35 - 2015-03-13 06:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll</p><p>2015-04-15 08:35 - 2015-02-21 03:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll</p><p>2015-04-15 08:34 - 2015-03-23 02:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll</p><p>2015-04-15 08:34 - 2015-03-23 02:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll</p><p>2015-04-15 08:34 - 2015-03-23 02:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll</p><p>2015-04-15 08:34 - 2015-03-23 02:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll</p><p>2015-04-15 08:34 - 2015-03-23 02:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll</p><p>2015-04-15 08:34 - 2015-03-23 02:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll</p><p>2015-04-15 08:34 - 2015-03-23 02:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll</p><p>2015-04-15 08:34 - 2015-03-14 12:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe</p><p>2015-04-15 08:34 - 2015-03-14 05:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll</p><p>2015-04-15 08:34 - 2015-03-14 05:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll</p><p>2015-04-15 08:34 - 2015-03-14 05:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll</p><p>2015-04-15 08:34 - 2015-03-14 05:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll</p><p>2015-04-15 08:34 - 2015-03-14 05:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll</p><p>2015-04-15 08:34 - 2015-03-14 04:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll</p><p>2015-04-15 08:34 - 2015-03-14 04:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll</p><p>2015-04-15 08:34 - 2015-03-14 04:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe</p><p>2015-04-15 08:34 - 2015-03-14 04:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll</p><p>2015-04-15 08:34 - 2015-03-14 04:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll</p><p>2015-04-15 08:34 - 2015-03-14 04:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll</p><p>2015-04-15 08:34 - 2015-03-14 04:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll</p><p>2015-04-15 08:34 - 2015-03-14 04:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll</p><p>2015-04-15 08:34 - 2015-03-14 04:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll</p><p>2015-04-15 08:34 - 2015-03-14 04:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe</p><p>2015-04-15 08:34 - 2015-03-14 03:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll</p><p>2015-04-15 08:34 - 2015-03-14 03:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll</p><p>2015-04-15 08:34 - 2015-03-04 14:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys</p><p>2015-04-15 08:34 - 2015-03-04 07:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll</p><p>2015-04-15 08:34 - 2015-03-04 06:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll</p><p>2015-04-15 08:34 - 2015-02-24 12:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys</p><p>2015-04-14 13:38 - 2015-04-14 13:38 - 00001630 _____ () C:\Users\Red\Downloads\content.txt</p><p>2015-04-07 18:33 - 2015-04-07 18:33 - 00070400 _____ () C:\Users\Red\Downloads\6646.html</p><p>2015-04-07 18:33 - 2015-04-07 18:33 - 00000000 ____D () C:\Users\Red\Downloads\6646_files</p><p>2015-04-05 19:45 - 2015-04-05 20:00 - 00000000 ___SD () C:\WINDOWS\system32\GWX</p><p>2015-04-05 19:45 - 2015-04-05 19:45 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX</p><p>2015-04-02 15:45 - 2015-04-02 15:45 - 04877828 _____ () C:\Users\Red\Downloads\B639.tmp</p><p>2015-04-01 19:43 - 2015-04-01 19:43 - 03435287 _____ () C:\Users\Red\Desktop\Secrets_To_Clever_and_Efficient_PPC_Campaign_Build_Outs_In_Excel.zip</p><p>2015-03-31 10:14 - 2015-03-31 10:14 - 00408041 _____ () C:\Users\Red\Downloads\Get-Response-Optin-Forms.zip</p><p>2015-03-27 13:13 - 2015-03-27 13:13 - 00003365 _____ () C:\Users\Red\Downloads\The 4-Step Funnel Blueprint To Getting Exponential Revenue Growth From Your Paid Advertising In The Next 60 Days.ics</p><p>2015-03-23 16:46 - 2015-03-24 16:37 - 00260774 _____ () C:\Users\Red\Desktop\Vandago T-Shirt.pptx</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2015-04-20 20:20 - 2014-02-26 06:32 - 00000576 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001.job</p><p>2015-04-20 20:00 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\system32\sru</p><p>2015-04-20 19:54 - 2014-08-05 09:21 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job</p><p>2015-04-20 19:43 - 2014-05-18 10:14 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001UA.job</p><p>2015-04-20 19:30 - 2014-01-02 10:19 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2015-04-20 18:44 - 2014-11-13 17:55 - 00000000 ____D () C:\Users\Red\AppData\Roaming\ContactMonkey</p><p>2015-04-20 18:44 - 2014-09-11 17:20 - 00000000 ____D () C:\Users\Red\Documents\Outlook Files</p><p>2015-04-20 18:30 - 2014-01-02 10:19 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2015-04-20 16:54 - 2014-07-06 09:10 - 01877104 _____ () C:\WINDOWS\WindowsUpdate.log</p><p>2015-04-20 16:39 - 2014-01-14 16:04 - 00004982 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WORK_DXB_001-Red Work_dxb_001</p><p>2015-04-20 15:07 - 2014-07-06 14:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5D8B89DA-116B-4547-840E-F040BD104429}</p><p>2015-04-20 15:06 - 2014-04-22 12:07 - 00000000 ___RD () C:\Users\Red\Dropbox</p><p>2015-04-20 15:06 - 2014-04-22 12:05 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Dropbox</p><p>2015-04-20 15:06 - 2013-10-29 14:51 - 00000000 ___DO () C:\Users\Red\OneDrive</p><p>2015-04-20 15:05 - 2014-07-20 14:19 - 00000000 ___RD () C:\Users\Red\Google Drive</p><p>2015-04-20 15:05 - 2014-01-23 22:12 - 00000000 ____D () C:\Users\Red\AppData\Roaming\newnext.me</p><p>2015-04-20 13:27 - 2013-08-22 18:46 - 00369041 _____ () C:\WINDOWS\setupact.log</p><p>2015-04-20 13:27 - 2013-08-22 18:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT</p><p>2015-04-20 13:26 - 2014-03-18 12:19 - 00025546 _____ () C:\WINDOWS\PFRO.log</p><p>2015-04-20 13:25 - 2013-08-22 17:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI</p><p>2015-04-20 12:47 - 2014-01-02 10:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3129109475-3229634427-3213972833-1001</p><p>2015-04-20 10:43 - 2014-05-18 10:14 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001Core.job</p><p>2015-04-20 08:54 - 2014-08-05 09:21 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater</p><p>2015-04-20 08:33 - 2014-10-20 20:45 - 00002366 _____ () C:\Users\Red\Desktop\Chrome App Launcher.lnk</p><p>2015-04-20 08:28 - 2014-11-08 08:48 - 00000000 ____D () C:\ProgramData\Package Cache</p><p>2015-04-20 08:28 - 2014-09-24 12:52 - 00000000 ____D () C:\ProgramData\TechSmith</p><p>2015-04-20 08:28 - 2014-09-24 12:52 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith</p><p>2015-04-20 08:28 - 2014-01-05 19:57 - 00000000 ____D () C:\Users\Red\AppData\Local\TechSmith</p><p>2015-04-20 08:28 - 2014-01-05 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith</p><p>2015-04-20 08:28 - 2014-01-05 19:57 - 00000000 ____D () C:\Program Files (x86)\TechSmith</p><p>2015-04-19 14:32 - 2014-03-10 18:41 - 00000000 ____D () C:\Users\Red\AppData\Local\CrashDumps</p><p>2015-04-19 14:29 - 2014-02-07 14:15 - 00003160 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRed</p><p>2015-04-19 14:29 - 2014-02-07 14:15 - 00000350 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRed.job</p><p>2015-04-19 09:27 - 2013-07-07 12:19 - 01984000 ___SH () C:\Users\Red\Downloads\Thumbs.db</p><p>2015-04-19 08:40 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\AppReadiness</p><p>2015-04-18 15:42 - 2014-01-02 10:20 - 00002299 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2015-04-18 15:16 - 2013-08-22 19:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy</p><p>2015-04-18 15:15 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy</p><p>2015-04-18 12:07 - 2014-01-02 10:04 - 00000000 ____D () C:\Users\Red\AppData\Local\Packages</p><p>2015-04-16 14:16 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\rescache</p><p>2015-04-16 08:33 - 2014-01-24 08:03 - 00000000 ____D () C:\Users\Red\AppData\Local\Apple Computer</p><p>2015-04-16 08:31 - 2012-07-26 11:59 - 00000000 ____D () C:\WINDOWS\CbsTemp</p><p>2015-04-16 08:21 - 2013-08-22 17:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM</p><p>2015-04-15 20:06 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB</p><p>2015-04-15 20:06 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB</p><p>2015-04-15 20:05 - 2015-01-18 12:55 - 00000000 ____D () C:\Users\Red\Desktop\Saxest MEDIA</p><p>2015-04-15 14:31 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\AppCompat</p><p>2015-04-15 10:48 - 2014-01-04 14:41 - 00000000 ____D () C:\WINDOWS\system32\MRT</p><p>2015-04-15 10:25 - 2014-01-04 14:41 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2015-04-15 10:19 - 2014-12-11 19:02 - 00000000 ____D () C:\WINDOWS\system32\appraiser</p><p>2015-04-15 10:19 - 2014-07-09 08:13 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel</p><p>2015-04-15 08:34 - 2014-11-12 07:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll</p><p>2015-04-14 20:50 - 2013-09-07 12:12 - 00000000 ____D () C:\Users\Red\Desktop\SAXEST</p><p>2015-04-14 03:24 - 2015-03-12 11:36 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2015-04-14 03:24 - 2015-03-12 11:36 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2015-04-13 14:21 - 2014-02-26 06:32 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001</p><p>2015-04-10 08:13 - 2014-04-22 12:06 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox</p><p>2015-04-09 15:50 - 2014-09-24 17:31 - 00000000 ____D () C:\Users\Red\Documents\Camtasia Studio</p><p>2015-04-08 18:44 - 2014-06-08 19:20 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Mozilla</p><p>2015-04-03 14:28 - 2014-01-15 07:04 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log</p><p>2015-03-26 18:03 - 2014-07-14 05:45 - 00000000 ____D () C:\Users\Red\Desktop\personal</p><p>2015-03-25 12:24 - 2013-11-19 10:48 - 00000000 ____D () C:\Users\Red\Documents\My Digital Editions</p><p>2015-03-25 09:27 - 2014-11-03 08:51 - 00000000 ____D () C:\Users\Red\Desktop\Saxest LOOP</p><p>2015-03-23 16:32 - 2013-09-10 16:51 - 00000000 ____D () C:\Users\Red\Desktop\Learning</p><p>2015-03-22 08:56 - 2014-03-18 19:32 - 00968612 _____ () C:\WINDOWS\system32\PerfStringBackup.INI</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2014-08-27 13:44 - 2014-08-27 13:44 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe</p><p>2014-09-11 17:24 - 2014-11-08 08:31 - 0007312 _____ () C:\Users\Red\AppData\Roaming\Comma Separated Values.EML</p><p>2014-11-08 10:43 - 2015-03-03 12:01 - 0001835 _____ () C:\Users\Red\AppData\Roaming\SAS7_000.DAT</p><p>2014-01-18 13:05 - 2014-01-18 13:06 - 0049152 _____ () C:\Users\Red\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\Red\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_0agc.dll</p><p>C:\Users\Red\AppData\Local\Temp\Extract.exe</p><p>C:\Users\Red\AppData\Local\Temp\lowproc.exe</p><p>C:\Users\Red\AppData\Local\Temp\SP64353.exe</p><p>C:\Users\Red\AppData\Local\Temp\stubhelper.dll</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-04-20 15:47</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01</p><p>Ran by Red at 2015-04-20 20:27:44</p><p>Running from C:\Users\Red\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}</p><p>AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}</p><p>FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)</p><p>Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)</p><p>Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)</p><p>Akamai NetSession Interface (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Akamai) (Version: - Akamai Technologies, Inc)</p><p>Amazon Kindle (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Amazon Kindle) (Version: - Amazon)</p><p>Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)</p><p>Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)</p><p>AudibleManager (HKLM-x32\...\AudibleManager) (Version: 100663559.4759644.48.2147344384 - Audible, Inc.)</p><p>Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.22 - Balsamiq SRL)</p><p>Balsamiq Mockups For Desktop (x32 Version: 2.2.22 - Balsamiq SRL) Hidden</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation)</p><p>Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)</p><p>ContactMonkey Outlook Add-in (HKLM-x32\...\{c8fe15e4-2f49-47fb-9c34-517ab1627bd2}) (Version: 1.2.4.0 - ContactMonkey)</p><p>ContactMonkeyOutlookAddIn (x32 Version: 1.2.4.0 - ContactMonkey) Hidden</p><p>CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)</p><p>CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)</p><p>CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)</p><p>CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)</p><p>CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)</p><p>CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)</p><p>Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)</p><p>Dropbox (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)</p><p>f.lux (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Flux) (Version: - )</p><p>FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - )</p><p>FreshKey (HKLM-x32\...\FreshKey) (Version: 1.0.0 - Infomastery, LLC)</p><p>FreshKey (x32 Version: 1.0.0 - Infomastery, LLC) Hidden</p><p>Google AdWords Editor (HKLM-x32\...\{14069A87-872C-41E6-9D36-B1BE3870C35A}) (Version: 10.6.0 - Google)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)</p><p>Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)</p><p>Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)</p><p>Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google)</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden</p><p>GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)</p><p>Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden</p><p>HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)</p><p>HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)</p><p>HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)</p><p>HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)</p><p>iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)</p><p>Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)</p><p>Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)</p><p>iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)</p><p>Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)</p><p>Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)</p><p>LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )</p><p>LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)</p><p>Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)</p><p>Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)</p><p>Microsoft Office ScreenTip Language 2013 - Italiano (HKLM-x32\...\{90150000-00BD-0410-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)</p><p>Microsoft OneDrive (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)</p><p>Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)</p><p>Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)</p><p>Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)</p><p>MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden</p><p>MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden</p><p>MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)</p><p>Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)</p><p>Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden</p><p>Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden</p><p>Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden</p><p>Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden</p><p>PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)</p><p>Pixlr-o-matic (HKLM-x32\...\Pixlromatic) (Version: 2.1 - UNKNOWN)</p><p>Pixlr-o-matic (x32 Version: 2.1 - UNKNOWN) Hidden</p><p>QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)</p><p>Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)</p><p>Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden</p><p>S3 Browser version 4.7.7 (HKLM\...\S3 Browser_is1) (Version: 4.7.7.0 - NetSDK Software, LLC)</p><p>Scapple (HKLM-x32\...\Scapple 1000) (Version: 1000 - Literature and Latte)</p><p>Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 2.55 - Screaming Frog Ltd)</p><p>Scrivener Update (HKLM-x32\...\Scrivener 1610) (Version: 1710 - Literature and Latte)</p><p>SuperTintin 1.2.0.24 (HKLM-x32\...\SuperTintin Skype Video Call Recorder_is1) (Version: 1.2.0.24 - IMTiger Technologies Ltd)</p><p>swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden</p><p>Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)</p><p>WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)</p><p>XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Red\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Red\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File</p><p></p><p>==================== Restore Points =========================</p><p></p><p>03-04-2015 14:36:08 Scheduled Checkpoint</p><p>11-04-2015 16:51:49 Scheduled Checkpoint</p><p>15-04-2015 10:18:14 Windows Update</p><p>18-04-2015 11:27:17 Installed FLV Player</p><p>20-04-2015 08:27:07 Snagit 12</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2013-08-22 17:25 - 2013-08-22 17:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {03D6B9DA-57E8-4ED8-BE2F-EBF056575170} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)</p><p>Task: {04438A1C-34DD-48B5-9179-3B620CC2F8CD} - System32\Tasks\ScheduledScan => C:\Users\Red\AppData\Roaming\Flasher\c32s.exe [2015-03-19] ()</p><p>Task: {0520B0F1-AD28-4E9F-894F-D6CF23DBCE1C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)</p><p>Task: {0840C129-862B-4DF4-BAE0-EBBD81BDADB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)</p><p>Task: {0A2BF367-801C-450B-B517-8D98DD6CDF4B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe</p><p>Task: {1066AAEA-3834-43FA-A890-B4E16F400D39} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe</p><p>Task: {1E5E300A-EA39-4546-B795-1224BD067D72} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)</p><p>Task: {22895078-AB48-4834-9E12-DD572CA3A682} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)</p><p>Task: {3512E319-7C21-4AD7-B22F-69D91C761393} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)</p><p>Task: {42003730-B287-4D94-B07F-79899DC15CF1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3129109475-3229634427-3213972833-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe</p><p>Task: {45C8416C-82BB-4F21-99CC-BDAD0F6FB224} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3129109475-3229634427-3213972833-1008 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe</p><p>Task: {56CE18C9-0E4D-4FCD-A8C6-FD3C55A61798} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)</p><p>Task: {63DE391D-7E98-4394-810E-EE422A34EE57} - System32\Tasks\Drv Update => C:\ProgramData\Drv\Drv.exe [2015-03-05] ()</p><p>Task: {651FF8A5-3888-48AE-BD84-448D1024DECE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)</p><p>Task: {65D720D2-DD59-4F61-8C2C-BF6677E0D9CE} - System32\Tasks\HPCeeScheduleForRed => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)</p><p>Task: {6B5C18FA-88DE-44BC-82FF-C11912FBC758} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)</p><p>Task: {73CC32EB-854B-4F8D-868C-A5663DE35C8B} - System32\Tasks\Newsfeed => C:\Users\Red\AppData\Roaming\Flasher\c32s.exe [2015-03-19] ()</p><p>Task: {74DE1BF8-316F-4DEF-A330-E346C35EC300} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)</p><p>Task: {7E3F4578-99DF-4325-B362-FD5F7199B80D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001UA => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)</p><p>Task: {7F4E1B06-DD20-452D-AAF0-BDA75CE10710} - System32\Tasks\Mistl => C:\ProgramData\Mistl\Mistl.exe</p><p>Task: {83575ABC-9DE5-4603-A7E1-C0F42A0BD01F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe</p><p>Task: {9002B7F5-4A0D-49DB-B9AB-43E1FBDAFA58} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)</p><p>Task: {90D1B2EF-01E0-44FB-BA0F-B5640320B3FF} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation)</p><p>Task: {921E4DE9-A756-47BC-B7A0-EFF09BF31E28} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3129109475-3229634427-3213972833-1001</p><p>Task: {9476ADC8-DE87-4216-9CD2-2E12F49B461C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001Core => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)</p><p>Task: {9FC49BA9-6FD5-498A-9895-2F86BED41859} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WORK_DXB_001-Red Work_dxb_001 => C:\Program Files\Microsoft Office 15\root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)</p><p>Task: {A5AA0EA9-2194-4859-9E93-10B4B43FA5E5} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation)</p><p>Task: {AA94082A-B604-4F43-A8F9-54BBBA3F7A65} - System32\Tasks\9A5A8340-6B15 => C:\Users\Red\AppData\Roaming\htcon\Updater.exe [2015-03-05] ()</p><p>Task: {BA6AA7EE-60B0-4771-B504-4E889FF0E6F7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)</p><p>Task: {BD212D3F-5ECA-4756-ACEE-52D2E7F35746} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)</p><p>Task: {BF681104-D5E3-438D-B075-65362A79C05A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe</p><p>Task: {CACE834D-BB5D-41FF-AC9F-9AE1CA352BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)</p><p>Task: {D19F958A-D44D-40AA-A0AB-91F8CB67261F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)</p><p>Task: {D1CAB8F3-EE33-4960-A760-CBEB3330463F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Users\Red\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-13] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>Task: {D22566DA-070A-4B58-89DD-EAE3E62DDB73} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {D26398CD-0F83-4804-BBAE-91F33B1CE9A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)</p><p>Task: {E6D8657A-200B-4F96-AB9D-B41FDD483CD9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)</p><p>Task: {E8DA6518-7A19-4A3D-9303-67EECFF17C33} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)</p><p>Task: {F3986676-1A63-4FEE-80FB-DFAF9DC9D271} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)</p><p>Task: {F81D4AE6-F70E-45A0-882B-A0A4C86EF20B} - System32\Tasks\{97E63FD2-50A1-4D24-8E24-B1A1F72EE358} => pcalua.exe -a C:\Users\Red\AppData\Roaming\Fixs\RemoveTool.exe -c /extrem=1</p><p>Task: {FACCDFE6-A247-4881-8D70-0440CF1F9301} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)</p><p>Task: {FBE29BEB-C23F-47F1-B7A4-B8D672FEC79A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)</p><p>Task: {FD6ACCE6-4E7B-4AD6-8749-F49AC0B4FAA3} - System32\Tasks\Virt-Device => C:\Users\Red\AppData\Roaming\Craft\Updater.exe [2015-02-05] ()</p><p>Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001.job => C:\Users\Red\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001Core.job => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001UA.job => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\HPCeeScheduleForRed.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe</p><p></p><p>==================== Loaded Modules (whitelisted) ==============</p><p></p><p>2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2014-03-24 17:40 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll</p><p>2015-03-13 08:10 - 2015-01-27 19:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll</p><p>2012-08-29 14:48 - 2012-08-29 14:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll</p><p>2014-11-25 08:28 - 2014-11-25 08:28 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll</p><p>2014-09-20 09:34 - 2014-09-20 09:33 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll</p><p>2014-12-10 13:17 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll</p><p>2014-10-08 17:25 - 2014-05-30 12:12 - 00168960 _____ () C:\Program Files (x86)\SuperTintin for Skype\mcr_skype_hook1.dll</p><p>2013-03-05 15:40 - 2012-06-08 07:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll</p><p>2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll</p><p>2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2015-04-20 15:05 - 2015-04-20 15:06 - 00043008 _____ () c:\users\red\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_0agc.dll</p><p>2015-03-05 01:45 - 2015-03-05 01:45 - 00750080 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\libGLESv2.dll</p><p>2015-03-05 01:45 - 2015-03-05 01:45 - 00047616 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\libEGL.dll</p><p>2015-03-05 01:45 - 2015-03-05 01:45 - 00865280 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll</p><p>2015-03-05 01:45 - 2015-03-05 01:45 - 00200704 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll</p><p>2015-04-16 18:31 - 2015-04-14 01:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll</p><p>2015-04-16 18:31 - 2015-04-14 01:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll</p><p>2014-11-18 09:46 - 2014-11-18 09:46 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00098816 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32api.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00110080 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pywintypes27.dll</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00364544 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pythoncom27.dll</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00045568 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_socket.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 01161216 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_ssl.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00320512 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32com.shell.shell.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00713216 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_hashlib.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 01175040 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._core_.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00805888 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._gdi_.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00811008 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._windows_.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 01062400 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._controls_.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00735232 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._misc_.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00682496 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pysqlite2._sqlite.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00128512 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_elementtree.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00127488 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pyexpat.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00087552 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_ctypes.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00119808 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32file.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00108544 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32security.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00007168 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\hashobjs_ext.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00167936 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32gui.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00018432 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32event.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00038912 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32inet.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00011264 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32crypt.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00070656 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._html2.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00027136 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_multiprocessing.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00020480 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_yappi.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00035840 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32process.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00686080 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\unicodedata.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00122368 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._wizard.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00024064 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32pipe.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00010240 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\select.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00025600 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32pdh.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00525640 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\windows._lib_cacheinvalidation.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00017408 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32profile.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00022528 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32ts.pyd</p><p>2015-04-20 15:05 - 2015-04-20 15:05 - 00078336 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._animate.pyd</p><p>2014-11-18 09:48 - 2014-11-18 09:48 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll</p><p>2015-04-16 18:31 - 2015-04-14 01:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>AlternateDataStreams: C:\ProgramData\Temp:0FF263E8</p><p>AlternateDataStreams: C:\Users\Red\OneDrive:ms-properties</p><p>AlternateDataStreams: C:\Users\Red\AppData\Roaming\Comma Separated Values.EML:OECustomProperty</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Red\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hp_svinoya_norway_sunset.jpg</p><p>DNS Servers: 192.168.1.1</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-3129109475-3229634427-3213972833-500 - Administrator - Disabled) => C:\Users\Administrator</p><p>Guest (S-1-5-21-3129109475-3229634427-3213972833-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-3129109475-3229634427-3213972833-1007 - Limited - Enabled)</p><p>Red (S-1-5-21-3129109475-3229634427-3213972833-1001 - Administrator - Enabled) => C:\Users\Red</p><p>test1 (S-1-5-21-3129109475-3229634427-3213972833-1008 - Administrator - Enabled) => C:\Users\test1</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (04/20/2015 04:06:51 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 1730</p><p></p><p>Start Time: 01d07b61be5704b4</p><p></p><p>Termination Time: 4294967295</p><p></p><p>Application Path: C:\WINDOWS\syswow64\wwahost.exe</p><p></p><p>Report Id: b3f39f22-e755-11e4-bfb2-4c72b98061a1</p><p></p><p>Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c</p><p></p><p>Faulting package-relative application ID: App</p><p></p><p>Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 15485</p><p></p><p>Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 15485</p><p></p><p>Error: (04/20/2015 01:59:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (04/20/2015 01:58:52 PM) (Source: DNS logging) (EventID: 0) (User: )</p><p>Description: Logger: Socket error: 10054</p><p></p><p>Error: (04/20/2015 01:42:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK_DXB_001)</p><p>Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (04/20/2015 01:24:18 PM) (Source: DNS logging) (EventID: 0) (User: )</p><p>Description: Logger: Socket error: 10054</p><p></p><p>Error: (04/20/2015 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: VISIO.EXE, version: 15.0.4454.1000, time stamp: 0x509a38f3</p><p>Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade</p><p>Exception code: 0xe06d7363</p><p>Fault offset: 0x00014598</p><p>Faulting process ID: 0x1364</p><p>Faulting application start time: 0xVISIO.EXE0</p><p>Faulting application path: VISIO.EXE1</p><p>Faulting module path: VISIO.EXE2</p><p>Report ID: VISIO.EXE3</p><p>Faulting package full name: VISIO.EXE4</p><p>Faulting package-relative application ID: VISIO.EXE5</p><p></p><p>Error: (04/20/2015 00:21:04 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: VISIO.EXE, version: 15.0.4454.1000, time stamp: 0x509a38f3</p><p>Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade</p><p>Exception code: 0xe06d7363</p><p>Fault offset: 0x00014598</p><p>Faulting process ID: 0x1a50</p><p>Faulting application start time: 0xVISIO.EXE0</p><p>Faulting application path: VISIO.EXE1</p><p>Faulting module path: VISIO.EXE2</p><p>Report ID: VISIO.EXE3</p><p>Faulting package full name: VISIO.EXE4</p><p>Faulting package-relative application ID: VISIO.EXE5</p><p></p><p>Error: (04/20/2015 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: The program CamRecorder.exe version 8.5.1.1962 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.</p><p></p><p>Process ID: 2150</p><p></p><p>Start Time: 01d07b35b2661121</p><p></p><p>Termination Time: 4294967295</p><p></p><p>Application Path: C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe</p><p></p><p>Report Id: 5b0c503b-e735-11e4-bfb1-4c72b98061a1</p><p></p><p>Faulting package full name: </p><p></p><p>Faulting package-relative application ID:</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (04/20/2015 01:42:17 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)</p><p>Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa</p><p></p><p>Error: (04/20/2015 01:25:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )</p><p>Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.</p><p></p><p>Error: (04/20/2015 01:24:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable</p><p></p><p>Error: (04/19/2015 08:23:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable</p><p></p><p>Error: (04/18/2015 09:57:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)</p><p>Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable</p><p></p><p>Error: (04/18/2015 00:08:43 PM) (Source: DCOM) (EventID: 10016) (User: WORK_DXB_001)</p><p>Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Work_dxb_001RedS-1-5-21-3129109475-3229634427-3213972833-1001LocalHost (Using LRPC)AFF540DC.FLVMediaPlayer_1.0.10.17_x64__v7353qx4kg3saS-1-15-2-279593972-2700680546-2789749554-1402095732-369879553-2090810576-2770327002</p><p></p><p>Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)</p><p>Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}</p><p></p><p>Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)</p><p>Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}</p><p></p><p>Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)</p><p>Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}</p><p></p><p>Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001)</p><p>Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (04/20/2015 04:06:51 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: wwahost.exe6.3.9600.17415173001d07b61be5704b44294967295C:\WINDOWS\syswow64\wwahost.exeb3f39f22-e755-11e4-bfb2-4c72b98061a1Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp</p><p></p><p>Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledSPRetry 15485</p><p></p><p>Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: m->NextScheduledEvent 15485</p><p></p><p>Error: (04/20/2015 01:59:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )</p><p>Description: Task Scheduling Error: Continuously busy for more than a second</p><p></p><p>Error: (04/20/2015 01:58:52 PM) (Source: DNS logging) (EventID: 0) (User: )</p><p>Description: Logger: Socket error: 10054</p><p></p><p>Error: (04/20/2015 01:42:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK_DXB_001)</p><p>Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141</p><p></p><p>Error: (04/20/2015 01:24:18 PM) (Source: DNS logging) (EventID: 0) (User: )</p><p>Description: Logger: Socket error: 10054</p><p></p><p>Error: (04/20/2015 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: VISIO.EXE15.0.4454.1000509a38f3KERNELBASE.dll6.3.9600.1741554504adee06d736300014598136401d07b4303e9c745C:\Program Files\Microsoft Office 15\root\office15\VISIO.EXEC:\WINDOWS\SYSTEM32\KERNELBASE.dll54a8298b-e737-11e4-bfb1-4c72b98061a1</p><p></p><p>Error: (04/20/2015 00:21:04 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: VISIO.EXE15.0.4454.1000509a38f3KERNELBASE.dll6.3.9600.1741554504adee06d7363000145981a5001d07b42a7fa6615C:\Program Files\Microsoft Office 15\root\office15\VISIO.EXEC:\WINDOWS\SYSTEM32\KERNELBASE.dll2f699445-e736-11e4-bfb1-4c72b98061a1</p><p></p><p>Error: (04/20/2015 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )</p><p>Description: CamRecorder.exe8.5.1.1962215001d07b35b26611214294967295C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe5b0c503b-e735-11e4-bfb1-4c72b98061a1</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i3-3220T CPU @ 2.80GHz</p><p>Percentage of memory in use: 61%</p><p>Total physical RAM: 3966.65 MB</p><p>Available physical RAM: 1544.24 MB</p><p>Total Pagefile: 6133.45 MB</p><p>Available Pagefile: 2757 MB</p><p>Total Virtual: 131072 MB</p><p>Available Virtual: 131071.8 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (OS) (Fixed) (Total:452.66 GB) (Free:125.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (Recovery Image) (Fixed) (Total:10.84 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:550.2 GB) NTFS</p><p>Drive j: (AlfredBackup01) (Fixed) (Total:931.51 GB) (Free:9.57 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 465.8 GB) (Disk ID: 9F0267B9)</p><p></p><p>Partition: GPT Partition Type.</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 931.5 GB) (Disk ID: E54E7AA3)</p><p>Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 2 (Size: 931.5 GB) (Disk ID: 138A6947)</p><p>Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Blasko, post: 375983, member: 35877"] Below are the two scans you requested. I hope you can help with this rubbish ...(that I got trying to download a .flv reader from cnet) Thanks Blasko Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01 Ran by Red (administrator) on WORK_DXB_001 on 20-04-2015 20:26:06 Running from C:\Users\Red\Downloads Loaded Profiles: Red (Available profiles: Red & test1 & Administrator) Platform: Windows 8.1 Single Language (X64) OS Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe (Akamai Technologies, Inc.) C:\Users\Red\AppData\Local\Akamai\netsession_win.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Akamai Technologies, Inc.) C:\Users\Red\AppData\Local\Akamai\netsession_win.exe (Flux Software LLC) C:\Users\Red\AppData\Local\FluxSoftware\Flux\flux.exe (Imtiger Software Inc.) C:\Program Files (x86)\SuperTintin for Skype\supertintin_skype.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Dropbox, Inc.) C:\Users\Red\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnria_nmhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.) HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [NextLive] => C:\WINDOWS\SysWOW64\rundll32.exe "C:\Users\Red\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Red\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [Google Update] => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-18] (Google Inc.) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [f.lux] => C:\Users\Red\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [supertintin_skype] => C:\Program Files (x86)\SuperTintin for Skype\supertintin_skype.exe [4671488 2014-05-30] (Imtiger Software Inc.) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [GoogleChromeAutoLaunch_E68D6595129FCC17E200ADD0DEEA4BDD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-14] (Google Inc.) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Run: [OneDrive] => C:\Users\Red\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281248 2015-03-10] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-08-27] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-04-22] ShortcutTarget: Dropbox.lnk -> C:\Users\Red\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-02-01] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://g.jp.msn.com/HPALL13/45[/URL] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.arabyonline.com/?src=1000[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://g.jp.msn.com/HPALL13/45[/URL] HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.arabyonline.com/?src=1000[/URL] HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://g.jp.msn.com/HPALL13/45[/URL] SearchScopes: HKLM -> {BCF7BDD0-B8A0-4C13-911D-F8663FF5851C} URL = [URL]http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}[/URL] SearchScopes: HKLM-x32 -> {BCF7BDD0-B8A0-4C13-911D-F8663FF5851C} URL = [URL]http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}[/URL] SearchScopes: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001 -> {BCF7BDD0-B8A0-4C13-911D-F8663FF5851C} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-08-27] (LastPass) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-14] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-08-27] (LastPass) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-14] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-08-27] (LastPass) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-08-27] (LastPass) Toolbar: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-20] () FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-08-27] (LastPass) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-20] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-20] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-14] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2014-08-27] (LastPass) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-02] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.) FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Red\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-06] (Citrix Online) FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Red\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google) FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @talk.google.com/O1DPlugin -> C:\Users\Red\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-03-26] (Google) FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin HKU\S-1-5-21-3129109475-3229634427-3213972833-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Red\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-03-26] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Red\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-03-26] (Google) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-01-02] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-04-20] Chrome: ======= CHR Profile: C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Sniply - Drive Conversion Through Content) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2015-04-20] CHR Extension: (SEOquake) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2015-04-20] CHR Extension: (Awesome Screenshot: Capture, Annotate & Share) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-20] CHR Extension: (Google Docs) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-02] CHR Extension: (Google Drive) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-02] CHR Extension: (Norton Security Toolbar) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-04-19] CHR Extension: (YouTube) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-02] CHR Extension: (Alexa Traffic Rank) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2015-04-20] CHR Extension: (Google Search) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-02] CHR Extension: (Dragon Web Extension) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2015-04-20] CHR Extension: (FLV Player) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2015-04-20] CHR Extension: (MozBar) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2015-04-20] CHR Extension: (Name) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjjniaenghhbffhplhdcipdgidbajdp [2015-04-20] CHR Extension: (iCloud Bookmarks) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-04-20] CHR Extension: (ToutApp Email Tracking, Templates & Analytics) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmkcahdekdbapmdfnffclacbpnicaj [2015-04-20] CHR Extension: (Pin It Button) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-04-20] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-20] CHR Extension: (Rapportive) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2015-04-20] CHR Extension: (Norton Identity Safe) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-19] CHR Extension: (WhatFont) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2015-04-20] CHR Extension: (Complete for Gmail) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhahbgembnigfgmhgcalbdjehmkgodhe [2015-04-20] CHR Extension: (Momentum) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-04-20] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-19] CHR Extension: (Google Wallet) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19] CHR Extension: (Check My Links) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkcdipcgfaekbeaelaapakgnjflfglf [2015-04-20] CHR Extension: (Google Quick Scroll) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-04-19] CHR Extension: (Gmail) - C:\Users\Red\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-02] CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [URL]https://clients2.google.com/service/update2/crx[/URL] CHR HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - [URL]https://clients2.google.com/service/update2/crx[/URL] CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-10] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - [URL]https://clients2.google.com/service/update2/crx[/URL] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation) R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-09-20] (Intel Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-06] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-02] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-02] (Symantec Corporation) [File not signed] R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140309.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-09-20] (Intel Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140310.019\ENG64.SYS [126040 2014-01-02] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140310.019\EX64.SYS [2099288 2014-01-02] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-21] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-02] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed] S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 20:26 - 2015-04-20 20:27 - 00029728 _____ () C:\Users\Red\Downloads\FRST.txt 2015-04-20 20:25 - 2015-04-20 20:26 - 00000000 ____D () C:\FRST 2015-04-20 20:25 - 2015-04-20 20:25 - 02098176 _____ (Farbar) C:\Users\Red\Downloads\FRST64.exe 2015-04-20 20:24 - 2015-04-20 20:24 - 01137664 _____ (Farbar) C:\Users\Red\Downloads\FRST.exe 2015-04-20 17:01 - 2015-04-20 17:01 - 00030720 ___SH () C:\Users\Red\Desktop\Thumbs.db 2015-04-20 15:10 - 2015-04-20 19:55 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part09.rar 2015-04-20 08:33 - 2015-04-20 09:08 - 00005026 _____ () C:\Users\Red\Downloads\software_removal_tool.log 2015-04-20 08:24 - 2015-04-20 08:24 - 00003120 _____ () C:\WINDOWS\System32\Tasks\{97E63FD2-50A1-4D24-8E24-B1A1F72EE358} 2015-04-20 08:15 - 2015-04-20 13:01 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part08.rar 2015-04-19 13:33 - 2015-04-19 18:18 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part07.rar 2015-04-19 08:32 - 2015-04-19 13:17 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part06.rar 2015-04-18 16:58 - 2015-04-18 21:43 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part05.rar 2015-04-18 15:44 - 2015-04-18 15:44 - 00003748 _____ () C:\WINDOWS\System32\Tasks\Newsfeed 2015-04-18 15:44 - 2015-04-18 15:44 - 00003224 _____ () C:\WINDOWS\System32\Tasks\ScheduledScan 2015-04-18 15:44 - 2015-04-18 15:44 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Flasher 2015-04-18 15:16 - 2015-04-18 15:25 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2015-04-18 15:14 - 2015-04-18 15:17 - 00000066 _____ () C:\WINDOWS\SysWOW64\sn.txt 2015-04-18 15:14 - 2015-04-18 15:14 - 00003220 _____ () C:\WINDOWS\System32\Tasks\Virt-Device 2015-04-18 15:14 - 2015-04-18 15:14 - 00000000 ____D () C:\ProgramData\Mistl 2015-04-18 15:13 - 2015-04-18 15:14 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Craft 2015-04-18 11:58 - 2015-04-18 12:00 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Opera Software 2015-04-18 11:58 - 2015-04-18 12:00 - 00000000 ____D () C:\Users\Red\AppData\Local\Opera Software 2015-04-18 11:57 - 2015-04-18 12:00 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-04-18 11:26 - 2015-04-19 08:32 - 00000000 ____D () C:\ProgramData\Drv 2015-04-18 11:26 - 2015-04-18 15:14 - 00003720 _____ () C:\WINDOWS\System32\Tasks\Mistl 2015-04-18 11:26 - 2015-04-18 15:12 - 00000000 ____D () C:\ProgramData\Kirin 2015-04-18 11:26 - 2015-04-18 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default) 2015-04-18 11:26 - 2015-04-18 11:26 - 00003240 _____ () C:\WINDOWS\System32\Tasks\Drv Update 2015-04-18 11:26 - 2015-04-18 11:26 - 00003220 _____ () C:\WINDOWS\System32\Tasks\9A5A8340-6B15 2015-04-18 11:26 - 2015-04-18 11:26 - 00000000 ____D () C:\Users\Red\AppData\Roaming\htcon 2015-04-18 11:26 - 2015-04-18 11:26 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Fixs 2015-04-18 11:26 - 2015-04-18 11:26 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Crown 2015-04-18 11:13 - 2015-04-18 15:58 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part04.rar 2015-04-17 18:05 - 2015-04-19 19:30 - 00000000 ____D () C:\Users\Red\Downloads\Glenn Livingston - Hyper Responsive Marketing Secrets 2015-04-17 17:23 - 2015-04-17 22:08 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part03.rar 2015-04-16 19:43 - 2015-04-16 19:43 - 00005965 _____ () C:\Users\Red\Desktop\Why working with Alfred Blaskowitz.scap 2015-04-16 17:55 - 2015-04-16 22:40 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part02.rar 2015-04-16 11:14 - 2015-04-16 13:35 - 00098829 _____ () C:\Users\Red\Desktop\KPMG Dubai Holiday Schedule.xlsx 2015-04-16 10:38 - 2015-04-16 15:23 - 524288000 _____ () C:\Users\Red\Downloads\Glenn.Livingston_Hyper.Responsive.Marketing.Secrets.part01.rar 2015-04-15 09:15 - 2015-04-15 09:19 - 00000000 ____D () C:\Users\Red\Documents\My Kindle Content 2015-04-15 09:15 - 2015-04-15 09:15 - 00002283 _____ () C:\Users\Red\Desktop\Kindle.lnk 2015-04-15 09:15 - 2015-04-15 09:15 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2015-04-15 09:15 - 2015-04-15 09:15 - 00000000 ____D () C:\Users\Red\AppData\Local\Amazon 2015-04-15 09:11 - 2015-04-15 09:12 - 40891792 _____ (Amazon.com) C:\Users\Red\Downloads\KindleForPC-installer.exe 2015-04-15 08:36 - 2015-03-24 01:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-04-15 08:36 - 2015-03-24 01:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-04-15 08:36 - 2015-03-24 01:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll 2015-04-15 08:36 - 2015-03-24 01:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-04-15 08:36 - 2015-03-24 01:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll 2015-04-15 08:36 - 2015-03-20 08:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2015-04-15 08:36 - 2015-03-20 08:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-04-15 08:36 - 2015-03-20 08:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-04-15 08:36 - 2015-03-20 07:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe 2015-04-15 08:36 - 2015-03-20 06:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe 2015-04-15 08:36 - 2015-03-20 06:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2015-04-15 08:36 - 2015-03-20 06:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2015-04-15 08:35 - 2015-03-14 12:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-04-15 08:35 - 2015-03-14 12:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-04-15 08:35 - 2015-03-13 08:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-04-15 08:35 - 2015-03-13 08:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-04-15 08:35 - 2015-03-13 08:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-04-15 08:35 - 2015-03-13 07:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-04-15 08:35 - 2015-03-13 07:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-04-15 08:35 - 2015-03-13 07:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-04-15 08:35 - 2015-03-13 07:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-04-15 08:35 - 2015-03-13 07:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-04-15 08:35 - 2015-03-13 07:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-04-15 08:35 - 2015-03-13 07:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-04-15 08:35 - 2015-03-13 07:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-04-15 08:35 - 2015-03-13 07:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-04-15 08:35 - 2015-03-13 07:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-04-15 08:35 - 2015-03-13 07:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-04-15 08:35 - 2015-03-13 06:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-04-15 08:35 - 2015-03-13 06:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-04-15 08:35 - 2015-03-13 06:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-04-15 08:35 - 2015-03-13 06:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-04-15 08:35 - 2015-03-13 06:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-04-15 08:35 - 2015-03-13 06:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-04-15 08:35 - 2015-03-13 06:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-04-15 08:35 - 2015-03-13 06:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-04-15 08:35 - 2015-03-13 06:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-04-15 08:35 - 2015-03-13 06:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-04-15 08:35 - 2015-03-13 06:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-04-15 08:35 - 2015-03-13 06:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-04-15 08:35 - 2015-02-21 03:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2015-04-15 08:34 - 2015-03-23 02:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-04-15 08:34 - 2015-03-23 02:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-04-15 08:34 - 2015-03-23 02:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-04-15 08:34 - 2015-03-23 02:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-04-15 08:34 - 2015-03-23 02:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-04-15 08:34 - 2015-03-23 02:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-04-15 08:34 - 2015-03-23 02:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-04-15 08:34 - 2015-03-14 12:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-04-15 08:34 - 2015-03-14 05:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-04-15 08:34 - 2015-03-14 05:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-04-15 08:34 - 2015-03-14 05:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll 2015-04-15 08:34 - 2015-03-14 05:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2015-04-15 08:34 - 2015-03-14 05:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-04-15 08:34 - 2015-03-14 04:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-04-15 08:34 - 2015-03-14 04:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-04-15 08:34 - 2015-03-14 04:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-04-15 08:34 - 2015-03-14 04:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2015-04-15 08:34 - 2015-03-14 04:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-04-15 08:34 - 2015-03-14 04:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-04-15 08:34 - 2015-03-14 04:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-04-15 08:34 - 2015-03-14 04:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-04-15 08:34 - 2015-03-14 04:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-04-15 08:34 - 2015-03-14 04:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-04-15 08:34 - 2015-03-14 03:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-04-15 08:34 - 2015-03-14 03:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-04-15 08:34 - 2015-03-04 14:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2015-04-15 08:34 - 2015-03-04 07:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2015-04-15 08:34 - 2015-03-04 06:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2015-04-15 08:34 - 2015-02-24 12:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2015-04-14 13:38 - 2015-04-14 13:38 - 00001630 _____ () C:\Users\Red\Downloads\content.txt 2015-04-07 18:33 - 2015-04-07 18:33 - 00070400 _____ () C:\Users\Red\Downloads\6646.html 2015-04-07 18:33 - 2015-04-07 18:33 - 00000000 ____D () C:\Users\Red\Downloads\6646_files 2015-04-05 19:45 - 2015-04-05 20:00 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-04-05 19:45 - 2015-04-05 19:45 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-04-02 15:45 - 2015-04-02 15:45 - 04877828 _____ () C:\Users\Red\Downloads\B639.tmp 2015-04-01 19:43 - 2015-04-01 19:43 - 03435287 _____ () C:\Users\Red\Desktop\Secrets_To_Clever_and_Efficient_PPC_Campaign_Build_Outs_In_Excel.zip 2015-03-31 10:14 - 2015-03-31 10:14 - 00408041 _____ () C:\Users\Red\Downloads\Get-Response-Optin-Forms.zip 2015-03-27 13:13 - 2015-03-27 13:13 - 00003365 _____ () C:\Users\Red\Downloads\The 4-Step Funnel Blueprint To Getting Exponential Revenue Growth From Your Paid Advertising In The Next 60 Days.ics 2015-03-23 16:46 - 2015-03-24 16:37 - 00260774 _____ () C:\Users\Red\Desktop\Vandago T-Shirt.pptx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 20:20 - 2014-02-26 06:32 - 00000576 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001.job 2015-04-20 20:00 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-20 19:54 - 2014-08-05 09:21 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-20 19:43 - 2014-05-18 10:14 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001UA.job 2015-04-20 19:30 - 2014-01-02 10:19 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-20 18:44 - 2014-11-13 17:55 - 00000000 ____D () C:\Users\Red\AppData\Roaming\ContactMonkey 2015-04-20 18:44 - 2014-09-11 17:20 - 00000000 ____D () C:\Users\Red\Documents\Outlook Files 2015-04-20 18:30 - 2014-01-02 10:19 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-20 16:54 - 2014-07-06 09:10 - 01877104 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-20 16:39 - 2014-01-14 16:04 - 00004982 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for WORK_DXB_001-Red Work_dxb_001 2015-04-20 15:07 - 2014-07-06 14:31 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5D8B89DA-116B-4547-840E-F040BD104429} 2015-04-20 15:06 - 2014-04-22 12:07 - 00000000 ___RD () C:\Users\Red\Dropbox 2015-04-20 15:06 - 2014-04-22 12:05 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Dropbox 2015-04-20 15:06 - 2013-10-29 14:51 - 00000000 ___DO () C:\Users\Red\OneDrive 2015-04-20 15:05 - 2014-07-20 14:19 - 00000000 ___RD () C:\Users\Red\Google Drive 2015-04-20 15:05 - 2014-01-23 22:12 - 00000000 ____D () C:\Users\Red\AppData\Roaming\newnext.me 2015-04-20 13:27 - 2013-08-22 18:46 - 00369041 _____ () C:\WINDOWS\setupact.log 2015-04-20 13:27 - 2013-08-22 18:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-20 13:26 - 2014-03-18 12:19 - 00025546 _____ () C:\WINDOWS\PFRO.log 2015-04-20 13:25 - 2013-08-22 17:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-20 12:47 - 2014-01-02 10:13 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3129109475-3229634427-3213972833-1001 2015-04-20 10:43 - 2014-05-18 10:14 - 00000874 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001Core.job 2015-04-20 08:54 - 2014-08-05 09:21 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-04-20 08:33 - 2014-10-20 20:45 - 00002366 _____ () C:\Users\Red\Desktop\Chrome App Launcher.lnk 2015-04-20 08:28 - 2014-11-08 08:48 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-20 08:28 - 2014-09-24 12:52 - 00000000 ____D () C:\ProgramData\TechSmith 2015-04-20 08:28 - 2014-09-24 12:52 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith 2015-04-20 08:28 - 2014-01-05 19:57 - 00000000 ____D () C:\Users\Red\AppData\Local\TechSmith 2015-04-20 08:28 - 2014-01-05 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2015-04-20 08:28 - 2014-01-05 19:57 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2015-04-19 14:32 - 2014-03-10 18:41 - 00000000 ____D () C:\Users\Red\AppData\Local\CrashDumps 2015-04-19 14:29 - 2014-02-07 14:15 - 00003160 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRed 2015-04-19 14:29 - 2014-02-07 14:15 - 00000350 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRed.job 2015-04-19 09:27 - 2013-07-07 12:19 - 01984000 ___SH () C:\Users\Red\Downloads\Thumbs.db 2015-04-19 08:40 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-18 15:42 - 2014-01-02 10:20 - 00002299 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-18 15:16 - 2013-08-22 19:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2015-04-18 15:15 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy 2015-04-18 12:07 - 2014-01-02 10:04 - 00000000 ____D () C:\Users\Red\AppData\Local\Packages 2015-04-16 14:16 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-04-16 08:33 - 2014-01-24 08:03 - 00000000 ____D () C:\Users\Red\AppData\Local\Apple Computer 2015-04-16 08:31 - 2012-07-26 11:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-16 08:21 - 2013-08-22 17:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-04-15 20:06 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2015-04-15 20:06 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2015-04-15 20:05 - 2015-01-18 12:55 - 00000000 ____D () C:\Users\Red\Desktop\Saxest MEDIA 2015-04-15 14:31 - 2013-08-22 19:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-04-15 10:48 - 2014-01-04 14:41 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-15 10:25 - 2014-01-04 14:41 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-15 10:19 - 2014-12-11 19:02 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-04-15 10:19 - 2014-07-09 08:13 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-04-15 08:34 - 2014-11-12 07:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll 2015-04-14 20:50 - 2013-09-07 12:12 - 00000000 ____D () C:\Users\Red\Desktop\SAXEST 2015-04-14 03:24 - 2015-03-12 11:36 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-04-14 03:24 - 2015-03-12 11:36 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-13 14:21 - 2014-02-26 06:32 - 00003580 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001 2015-04-10 08:13 - 2014-04-22 12:06 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-09 15:50 - 2014-09-24 17:31 - 00000000 ____D () C:\Users\Red\Documents\Camtasia Studio 2015-04-08 18:44 - 2014-06-08 19:20 - 00000000 ____D () C:\Users\Red\AppData\Roaming\Mozilla 2015-04-03 14:28 - 2014-01-15 07:04 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2015-03-26 18:03 - 2014-07-14 05:45 - 00000000 ____D () C:\Users\Red\Desktop\personal 2015-03-25 12:24 - 2013-11-19 10:48 - 00000000 ____D () C:\Users\Red\Documents\My Digital Editions 2015-03-25 09:27 - 2014-11-03 08:51 - 00000000 ____D () C:\Users\Red\Desktop\Saxest LOOP 2015-03-23 16:32 - 2013-09-10 16:51 - 00000000 ____D () C:\Users\Red\Desktop\Learning 2015-03-22 08:56 - 2014-03-18 19:32 - 00968612 _____ () C:\WINDOWS\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2014-08-27 13:44 - 2014-08-27 13:44 - 15000576 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2014-09-11 17:24 - 2014-11-08 08:31 - 0007312 _____ () C:\Users\Red\AppData\Roaming\Comma Separated Values.EML 2014-11-08 10:43 - 2015-03-03 12:01 - 0001835 _____ () C:\Users\Red\AppData\Roaming\SAS7_000.DAT 2014-01-18 13:05 - 2014-01-18 13:06 - 0049152 _____ () C:\Users\Red\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some content of TEMP: ==================== C:\Users\Red\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_0agc.dll C:\Users\Red\AppData\Local\Temp\Extract.exe C:\Users\Red\AppData\Local\Temp\lowproc.exe C:\Users\Red\AppData\Local\Temp\SP64353.exe C:\Users\Red\AppData\Local\Temp\stubhelper.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-20 15:47 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01 Ran by Red at 2015-04-20 20:27:44 Running from C:\Users\Red\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated) Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.) Akamai NetSession Interface (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Amazon Kindle (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 100663559.4759644.48.2147344384 - Audible, Inc.) Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.22 - Balsamiq SRL) Balsamiq Mockups For Desktop (x32 Version: 2.2.22 - Balsamiq SRL) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Camtasia Studio 8 (HKLM-x32\...\{A0FC961E-DC6D-4144-9277-ECDBB99D0AB9}) (Version: 8.5.1.1962 - TechSmith Corporation) Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix) ContactMonkey Outlook Add-in (HKLM-x32\...\{c8fe15e4-2f49-47fb-9c34-517ab1627bd2}) (Version: 1.2.4.0 - ContactMonkey) ContactMonkeyOutlookAddIn (x32 Version: 1.2.4.0 - ContactMonkey) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.) Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) Dropbox (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) f.lux (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\Flux) (Version: - ) FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - ) FreshKey (HKLM-x32\...\FreshKey) (Version: 1.0.0 - Infomastery, LLC) FreshKey (x32 Version: 1.0.0 - Infomastery, LLC) Hidden Google AdWords Editor (HKLM-x32\...\{14069A87-872C-41E6-9D36-B1BE3870C35A}) (Version: 10.6.0 - Google) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.) Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{A7365B85-57D8-39EA-BB3E-D20137E92369}) (Version: 5.41.0.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard) HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft Office Proofing Tools 2013 - Italiano (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office ScreenTip Language 2013 - Italiano (HKLM-x32\...\{90150000-00BD-0410-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) Pixlr-o-matic (HKLM-x32\...\Pixlromatic) (Version: 2.1 - UNKNOWN) Pixlr-o-matic (x32 Version: 2.1 - UNKNOWN) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden S3 Browser version 4.7.7 (HKLM\...\S3 Browser_is1) (Version: 4.7.7.0 - NetSDK Software, LLC) Scapple (HKLM-x32\...\Scapple 1000) (Version: 1000 - Literature and Latte) Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 2.55 - Screaming Frog Ltd) Scrivener Update (HKLM-x32\...\Scrivener 1610) (Version: 1710 - Literature and Latte) SuperTintin 1.2.0.24 (HKLM-x32\...\SuperTintin Skype Video Call Recorder_is1) (Version: 1.2.0.24 - IMTiger Technologies Ltd) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Red\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Red\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Red\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3129109475-3229634427-3213972833-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Red\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 03-04-2015 14:36:08 Scheduled Checkpoint 11-04-2015 16:51:49 Scheduled Checkpoint 15-04-2015 10:18:14 Windows Update 18-04-2015 11:27:17 Installed FLV Player 20-04-2015 08:27:07 Snagit 12 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 17:25 - 2013-08-22 17:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03D6B9DA-57E8-4ED8-BE2F-EBF056575170} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.) Task: {04438A1C-34DD-48B5-9179-3B620CC2F8CD} - System32\Tasks\ScheduledScan => C:\Users\Red\AppData\Roaming\Flasher\c32s.exe [2015-03-19] () Task: {0520B0F1-AD28-4E9F-894F-D6CF23DBCE1C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {0840C129-862B-4DF4-BAE0-EBBD81BDADB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {0A2BF367-801C-450B-B517-8D98DD6CDF4B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {1066AAEA-3834-43FA-A890-B4E16F400D39} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {1E5E300A-EA39-4546-B795-1224BD067D72} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated) Task: {22895078-AB48-4834-9E12-DD572CA3A682} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {3512E319-7C21-4AD7-B22F-69D91C761393} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {42003730-B287-4D94-B07F-79899DC15CF1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3129109475-3229634427-3213972833-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {45C8416C-82BB-4F21-99CC-BDAD0F6FB224} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3129109475-3229634427-3213972833-1008 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {56CE18C9-0E4D-4FCD-A8C6-FD3C55A61798} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.) Task: {63DE391D-7E98-4394-810E-EE422A34EE57} - System32\Tasks\Drv Update => C:\ProgramData\Drv\Drv.exe [2015-03-05] () Task: {651FF8A5-3888-48AE-BD84-448D1024DECE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation) Task: {65D720D2-DD59-4F61-8C2C-BF6677E0D9CE} - System32\Tasks\HPCeeScheduleForRed => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {6B5C18FA-88DE-44BC-82FF-C11912FBC758} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {73CC32EB-854B-4F8D-868C-A5663DE35C8B} - System32\Tasks\Newsfeed => C:\Users\Red\AppData\Roaming\Flasher\c32s.exe [2015-03-19] () Task: {74DE1BF8-316F-4DEF-A330-E346C35EC300} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation) Task: {7E3F4578-99DF-4325-B362-FD5F7199B80D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001UA => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.) Task: {7F4E1B06-DD20-452D-AAF0-BDA75CE10710} - System32\Tasks\Mistl => C:\ProgramData\Mistl\Mistl.exe Task: {83575ABC-9DE5-4603-A7E1-C0F42A0BD01F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {9002B7F5-4A0D-49DB-B9AB-43E1FBDAFA58} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation) Task: {90D1B2EF-01E0-44FB-BA0F-B5640320B3FF} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {921E4DE9-A756-47BC-B7A0-EFF09BF31E28} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3129109475-3229634427-3213972833-1001 Task: {9476ADC8-DE87-4216-9CD2-2E12F49B461C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001Core => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.) Task: {9FC49BA9-6FD5-498A-9895-2F86BED41859} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WORK_DXB_001-Red Work_dxb_001 => C:\Program Files\Microsoft Office 15\root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation) Task: {A5AA0EA9-2194-4859-9E93-10B4B43FA5E5} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {AA94082A-B604-4F43-A8F9-54BBBA3F7A65} - System32\Tasks\9A5A8340-6B15 => C:\Users\Red\AppData\Roaming\htcon\Updater.exe [2015-03-05] () Task: {BA6AA7EE-60B0-4771-B504-4E889FF0E6F7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation) Task: {BD212D3F-5ECA-4756-ACEE-52D2E7F35746} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {BF681104-D5E3-438D-B075-65362A79C05A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {CACE834D-BB5D-41FF-AC9F-9AE1CA352BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.) Task: {D19F958A-D44D-40AA-A0AB-91F8CB67261F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation) Task: {D1CAB8F3-EE33-4960-A760-CBEB3330463F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001 => C:\Users\Red\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-13] (Citrix Online, a division of Citrix Systems, Inc.) Task: {D22566DA-070A-4B58-89DD-EAE3E62DDB73} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D26398CD-0F83-4804-BBAE-91F33B1CE9A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {E6D8657A-200B-4F96-AB9D-B41FDD483CD9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {E8DA6518-7A19-4A3D-9303-67EECFF17C33} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.) Task: {F3986676-1A63-4FEE-80FB-DFAF9DC9D271} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink) Task: {F81D4AE6-F70E-45A0-882B-A0A4C86EF20B} - System32\Tasks\{97E63FD2-50A1-4D24-8E24-B1A1F72EE358} => pcalua.exe -a C:\Users\Red\AppData\Roaming\Fixs\RemoveTool.exe -c /extrem=1 Task: {FACCDFE6-A247-4881-8D70-0440CF1F9301} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation) Task: {FBE29BEB-C23F-47F1-B7A4-B8D672FEC79A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {FD6ACCE6-4E7B-4AD6-8749-F49AC0B4FAA3} - System32\Tasks\Virt-Device => C:\Users\Red\AppData\Roaming\Craft\Updater.exe [2015-02-05] () Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3129109475-3229634427-3213972833-1001.job => C:\Users\Red\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001Core.job => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3129109475-3229634427-3213972833-1001UA.job => C:\Users\Red\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForRed.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-24 17:40 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-03-13 08:10 - 2015-01-27 19:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-08-29 14:48 - 2012-08-29 14:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-11-25 08:28 - 2014-11-25 08:28 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-09-20 09:34 - 2014-09-20 09:33 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-12-10 13:17 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll 2014-10-08 17:25 - 2014-05-30 12:12 - 00168960 _____ () C:\Program Files (x86)\SuperTintin for Skype\mcr_skype_hook1.dll 2013-03-05 15:40 - 2012-06-08 07:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 15:34 - 2012-06-08 15:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-04-20 15:05 - 2015-04-20 15:06 - 00043008 _____ () c:\users\red\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr_0agc.dll 2015-03-05 01:45 - 2015-03-05 01:45 - 00750080 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-03-05 01:45 - 2015-03-05 01:45 - 00047616 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-03-05 01:45 - 2015-03-05 01:45 - 00865280 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-03-05 01:45 - 2015-03-05 01:45 - 00200704 _____ () C:\Users\Red\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-04-16 18:31 - 2015-04-14 01:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll 2015-04-16 18:31 - 2015-04-14 01:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll 2014-11-18 09:46 - 2014-11-18 09:46 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-04-20 15:05 - 2015-04-20 15:05 - 00098816 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32api.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00110080 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pywintypes27.dll 2015-04-20 15:05 - 2015-04-20 15:05 - 00364544 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pythoncom27.dll 2015-04-20 15:05 - 2015-04-20 15:05 - 00045568 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_socket.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 01161216 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_ssl.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00320512 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32com.shell.shell.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00713216 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_hashlib.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 01175040 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._core_.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00805888 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._gdi_.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00811008 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._windows_.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 01062400 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._controls_.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00735232 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._misc_.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00682496 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pysqlite2._sqlite.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00128512 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_elementtree.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00127488 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\pyexpat.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00087552 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_ctypes.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00119808 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32file.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00108544 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32security.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00007168 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\hashobjs_ext.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00167936 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32gui.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00018432 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32event.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00038912 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32inet.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00011264 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32crypt.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00070656 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._html2.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00027136 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_multiprocessing.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00020480 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\_yappi.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00035840 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32process.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00686080 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\unicodedata.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00122368 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._wizard.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00024064 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32pipe.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00010240 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\select.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00025600 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32pdh.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00525640 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\windows._lib_cacheinvalidation.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00017408 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32profile.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00022528 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\win32ts.pyd 2015-04-20 15:05 - 2015-04-20 15:05 - 00078336 _____ () C:\Users\Red\AppData\Local\Temp\_MEI40362\wx._animate.pyd 2014-11-18 09:48 - 2014-11-18 09:48 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2015-04-16 18:31 - 2015-04-14 01:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 AlternateDataStreams: C:\Users\Red\OneDrive:ms-properties AlternateDataStreams: C:\Users\Red\AppData\Roaming\Comma Separated Values.EML:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3129109475-3229634427-3213972833-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Red\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hp_svinoya_norway_sunset.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3129109475-3229634427-3213972833-500 - Administrator - Disabled) => C:\Users\Administrator Guest (S-1-5-21-3129109475-3229634427-3213972833-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3129109475-3229634427-3213972833-1007 - Limited - Enabled) Red (S-1-5-21-3129109475-3229634427-3213972833-1001 - Administrator - Enabled) => C:\Users\Red test1 (S-1-5-21-3129109475-3229634427-3213972833-1008 - Administrator - Enabled) => C:\Users\test1 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/20/2015 04:06:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1730 Start Time: 01d07b61be5704b4 Termination Time: 4294967295 Application Path: C:\WINDOWS\syswow64\wwahost.exe Report Id: b3f39f22-e755-11e4-bfb2-4c72b98061a1 Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Faulting package-relative application ID: App Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15485 Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15485 Error: (04/20/2015 01:59:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/20/2015 01:58:52 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Logger: Socket error: 10054 Error: (04/20/2015 01:42:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK_DXB_001) Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/20/2015 01:24:18 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Logger: Socket error: 10054 Error: (04/20/2015 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: VISIO.EXE, version: 15.0.4454.1000, time stamp: 0x509a38f3 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade Exception code: 0xe06d7363 Fault offset: 0x00014598 Faulting process ID: 0x1364 Faulting application start time: 0xVISIO.EXE0 Faulting application path: VISIO.EXE1 Faulting module path: VISIO.EXE2 Report ID: VISIO.EXE3 Faulting package full name: VISIO.EXE4 Faulting package-relative application ID: VISIO.EXE5 Error: (04/20/2015 00:21:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: VISIO.EXE, version: 15.0.4454.1000, time stamp: 0x509a38f3 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade Exception code: 0xe06d7363 Fault offset: 0x00014598 Faulting process ID: 0x1a50 Faulting application start time: 0xVISIO.EXE0 Faulting application path: VISIO.EXE1 Faulting module path: VISIO.EXE2 Report ID: VISIO.EXE3 Faulting package full name: VISIO.EXE4 Faulting package-relative application ID: VISIO.EXE5 Error: (04/20/2015 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program CamRecorder.exe version 8.5.1.1962 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2150 Start Time: 01d07b35b2661121 Termination Time: 4294967295 Application Path: C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe Report Id: 5b0c503b-e735-11e4-bfb1-4c72b98061a1 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (04/20/2015 01:42:17 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001) Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa Error: (04/20/2015 01:25:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service. Error: (04/20/2015 01:24:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/19/2015 08:23:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/18/2015 09:57:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/18/2015 00:08:43 PM) (Source: DCOM) (EventID: 10016) (User: WORK_DXB_001) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Work_dxb_001RedS-1-5-21-3129109475-3229634427-3213972833-1001LocalHost (Using LRPC)AFF540DC.FLVMediaPlayer_1.0.10.17_x64__v7353qx4kg3saS-1-15-2-279593972-2700680546-2789749554-1402095732-369879553-2090810576-2770327002 Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (04/17/2015 10:26:00 PM) (Source: DCOM) (EventID: 10010) (User: WORK_DXB_001) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Microsoft Office Sessions: ========================= Error: (04/20/2015 04:06:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.17415173001d07b61be5704b44294967295C:\WINDOWS\syswow64\wwahost.exeb3f39f22-e755-11e4-bfb2-4c72b98061a1Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15485 Error: (04/20/2015 01:59:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15485 Error: (04/20/2015 01:59:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/20/2015 01:58:52 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Logger: Socket error: 10054 Error: (04/20/2015 01:42:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK_DXB_001) Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141 Error: (04/20/2015 01:24:18 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Logger: Socket error: 10054 Error: (04/20/2015 00:29:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VISIO.EXE15.0.4454.1000509a38f3KERNELBASE.dll6.3.9600.1741554504adee06d736300014598136401d07b4303e9c745C:\Program Files\Microsoft Office 15\root\office15\VISIO.EXEC:\WINDOWS\SYSTEM32\KERNELBASE.dll54a8298b-e737-11e4-bfb1-4c72b98061a1 Error: (04/20/2015 00:21:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VISIO.EXE15.0.4454.1000509a38f3KERNELBASE.dll6.3.9600.1741554504adee06d7363000145981a5001d07b42a7fa6615C:\Program Files\Microsoft Office 15\root\office15\VISIO.EXEC:\WINDOWS\SYSTEM32\KERNELBASE.dll2f699445-e736-11e4-bfb1-4c72b98061a1 Error: (04/20/2015 00:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: CamRecorder.exe8.5.1.1962215001d07b35b26611214294967295C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamRecorder.exe5b0c503b-e735-11e4-bfb1-4c72b98061a1 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3220T CPU @ 2.80GHz Percentage of memory in use: 61% Total physical RAM: 3966.65 MB Available physical RAM: 1544.24 MB Total Pagefile: 6133.45 MB Available Pagefile: 2757 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:452.66 GB) (Free:125.02 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery Image) (Fixed) (Total:10.84 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive h: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:550.2 GB) NTFS Drive j: (AlfredBackup01) (Fixed) (Total:931.51 GB) (Free:9.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 9F0267B9) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: E54E7AA3) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: 138A6947) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top