coargonaut
2015-07-01, 19:48
Toshiba laptop, suspected infection.
Following the instructions, I have downloaded and run the FRST tool. Logs are attached below.
Attempt to run the aswMBR software gives the following error:
This application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the commands-line sxstrace.exe tool for more detail.
The software doesn't even appear to load, just gives the error message.
What is next?
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Phyllis (administrator) on FLISS-PC on 01-07-2015 09:29:11
Running from C:\Users\Phyllis\Downloads
Loaded Profiles: Phyllis (Available Profiles: Phyllis)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\user extensions\Client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1354478747\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-14] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [MyScrapNook_12 Browser Plugin Loader 64] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon64.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [GoogleChromeAutoLaunch_6D30DC84AE17C59FB8CC40451744E7AB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-06] (Google Inc.)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72312 2012-10-15] (AOL Inc.)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\MountPoints2: {3c5fdbdf-2607-11e4-bebc-008cfa249fa0} - "F:\VZW_Software_upgrade_assistant.exe"
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajam.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-03-24]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-10-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => 127.0.0.1:5050
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-19] => 127.0.0.1:5050
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-20] => 127.0.0.1:5050
ProxyEnable: [S-1-5-21-2892764592-418514559-672794576-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2892764592-418514559-672794576-1001] => http=127.0.0.1:57186;https=127.0.0.1:57186
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {F4330669-21DD-4EC9-9229-36A6B961BCE7} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> DefaultScope {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
BHO: No Name -> {6E89E1D3-C66F-41C4-A648-CD91544E99C3} -> No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-11] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-11] (Oracle Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
Toolbar: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2011-12-22] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{37EE4EAA-F923-4C4E-94C4-59DB13A42E09}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F536BD9A-462E-4927-858A-2809FA0FA4B8}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2014-06-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2014-06-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-09-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-11] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-09-18] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2892764592-418514559-672794576-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Phyllis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-20] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-12-11]
Chrome:
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.msn.com/?pc=U147D&ocid=U147DDHP"
CHR Profile: C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-30]
CHR Extension: (Entanglement Web App) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-11-30]
CHR Extension: (Google Docs) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-30]
CHR Extension: (Google Drive) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-30]
CHR Extension: (YouTube) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-30]
CHR Extension: (eBay) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-11-30]
CHR Extension: (Google Search) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-30]
CHR Extension: (Pandora) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-11-30]
CHR Extension: (Google Sheets) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-30]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-11-30]
CHR Extension: (Hangouts) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-11-30]
CHR Extension: (Google Play) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-11-30]
CHR Extension: (Evernote Web) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-11-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Poppit!) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-30]
CHR Extension: (iLivid) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]
CHR Extension: (Gmail) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-30]
CHR Profile: C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17]
CHR Extension: (Google Docs) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
CHR Extension: (Google Drive) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17]
CHR Extension: (Groovorio New Tab) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2014-12-17]
CHR Extension: (YouTube) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
CHR Extension: (Google Search) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
CHR Extension: (Google Sheets) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17]
CHR Extension: (Bookmark Manager) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]
CHR Extension: (Gmail) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2892764592-418514559-672794576-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 09:29 - 2015-07-01 09:30 - 00030386 _____ C:\Users\Phyllis\Downloads\FRST.txt
2015-07-01 09:09 - 2015-07-01 09:09 - 02112512 _____ (Farbar) C:\Users\Phyllis\Downloads\FRST64.exe
2015-07-01 08:56 - 2015-07-01 08:56 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-FLISS-PC-Windows-8.1-(64-bit).dat
2015-07-01 08:54 - 2015-07-01 08:54 - 04720448 _____ C:\Users\Phyllis\Downloads\tweaking.com_registry_backup_setup (1).exe
2015-07-01 08:54 - 2015-07-01 08:54 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-01 08:54 - 2015-07-01 08:54 - 00000000 ____D C:\RegBackup
2015-07-01 08:54 - 2015-07-01 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-01 08:54 - 2015-07-01 08:54 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-07-01 08:51 - 2015-07-01 08:51 - 04720448 _____ C:\Users\Phyllis\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-01 07:37 - 2015-07-01 08:49 - 00000000 ____D C:\Program Files (x86)\user extensions
2015-06-23 11:26 - 2015-06-23 11:26 - 00095119 _____ C:\Users\Phyllis\Downloads\CHK_859_052413_062215.QFX
2015-06-20 15:20 - 2015-06-20 15:20 - 00000000 ____D C:\Users\Phyllis\AppData\Local\GWX
2015-06-18 15:36 - 2015-06-29 17:34 - 00000688 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001.job
2015-06-18 15:36 - 2015-06-18 15:36 - 00003692 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001
2015-06-15 09:05 - 2015-06-15 09:05 - 00000000 ____D C:\Users\Phyllis\Downloads\CRDT RPT
2015-06-09 12:29 - 2015-06-09 12:29 - 00284832 _____ C:\WINDOWS\Minidump\060915-34328-01.dmp
2015-06-09 11:13 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 11:13 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 11:13 - 2015-05-25 06:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 11:13 - 2015-05-25 06:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 11:13 - 2015-05-22 06:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-09 11:13 - 2015-04-24 19:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 11:13 - 2015-04-24 19:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 11:13 - 2015-04-16 15:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-09 11:13 - 2015-04-15 23:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 11:13 - 2015-04-13 15:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 11:13 - 2015-04-13 15:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 11:13 - 2015-04-09 17:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 11:13 - 2015-04-09 17:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 11:13 - 2015-04-08 15:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 11:13 - 2015-04-08 15:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 11:13 - 2015-04-01 15:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 11:13 - 2015-04-01 15:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 11:13 - 2015-03-31 21:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 11:13 - 2015-03-31 21:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 11:13 - 2015-03-31 21:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 11:13 - 2015-03-31 21:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 11:13 - 2015-03-31 20:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 11:13 - 2015-03-31 20:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 11:13 - 2015-03-31 20:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 11:13 - 2015-03-31 19:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 11:13 - 2015-03-31 19:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 11:13 - 2015-03-31 19:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 11:13 - 2015-03-31 19:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 11:13 - 2015-03-31 19:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 11:13 - 2015-03-31 19:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 11:13 - 2015-03-19 20:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 11:13 - 2015-03-19 20:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 11:13 - 2015-03-19 19:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 11:13 - 2015-03-19 19:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 11:13 - 2015-03-01 18:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 11:13 - 2015-03-01 18:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 11:12 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 11:12 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 11:12 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 11:12 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 11:12 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 11:12 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 11:12 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 11:12 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 11:12 - 2015-05-22 19:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 11:12 - 2015-05-22 19:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 11:12 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 11:12 - 2015-05-22 19:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 11:12 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 11:12 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 11:12 - 2015-05-22 19:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 11:12 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 11:12 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 11:12 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 11:12 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 11:12 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 11:12 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 11:12 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 11:12 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 11:12 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 11:12 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 11:12 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 11:12 - 2015-05-22 11:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 11:12 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 11:12 - 2015-05-22 11:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 11:12 - 2015-05-22 11:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 11:12 - 2015-05-22 11:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 11:12 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 11:12 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 11:12 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 11:12 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 11:12 - 2015-05-22 10:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 11:12 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 11:12 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 11:12 - 2015-05-21 09:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-08 10:58 - 2015-06-08 10:59 - 00000000 ____D C:\Users\Phyllis\Desktop\SWIM STEP
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 09:29 - 2015-04-02 20:59 - 00000000 ____D C:\FRST
2015-07-01 09:29 - 2014-05-20 14:09 - 00000592 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001.job
2015-07-01 09:19 - 2013-11-13 01:45 - 01182611 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 09:01 - 2012-12-02 13:00 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 09:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-01 09:00 - 2012-12-02 13:03 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2892764592-418514559-672794576-1001
2015-07-01 08:32 - 2014-06-27 07:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-01 07:37 - 2013-12-09 15:55 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{17C8D484-C225-452C-9A37-17C1C75A4BE3}
2015-06-30 13:23 - 2014-03-24 13:11 - 00000000 ____D C:\Users\Phyllis\Desktop\QB FILES
2015-06-30 13:13 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-06-29 16:53 - 2013-11-13 09:31 - 00000000 ___DO C:\Users\Phyllis\SkyDrive
2015-06-29 16:51 - 2013-08-22 07:46 - 00315615 _____ C:\WINDOWS\setupact.log
2015-06-29 16:51 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-29 16:51 - 2012-12-02 13:00 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 16:50 - 2013-09-29 20:55 - 00104304 _____ C:\WINDOWS\PFRO.log
2015-06-29 16:50 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-29 08:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-24 14:50 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-24 14:33 - 2014-06-07 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-06-19 20:02 - 2014-12-12 11:09 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 20:02 - 2014-12-12 11:09 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 10:09 - 2013-11-13 01:30 - 00000000 ____D C:\Users\Phyllis
2015-06-18 15:36 - 2014-05-20 14:09 - 00003596 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001
2015-06-15 08:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-09 12:29 - 2015-03-02 16:44 - 633630134 _____ C:\WINDOWS\MEMORY.DMP
2015-06-09 12:29 - 2015-03-02 16:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-09 12:12 - 2013-08-22 07:44 - 00499704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-09 12:07 - 2014-12-12 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-09 12:07 - 2014-07-12 10:49 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-09 12:07 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-09 12:07 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-09 11:38 - 2013-07-30 16:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-09 11:21 - 2012-12-13 04:10 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 11:19 - 2012-12-14 16:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-08 10:59 - 2013-09-29 21:04 - 00867660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-04 13:39 - 2014-11-19 16:21 - 00001024 _____ C:\.rnd
==================== Files in the root of some directories =======
2013-03-22 17:39 - 2013-03-22 17:39 - 0037681 _____ () C:\Users\Phyllis\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-11-30 12:19 - 2014-12-01 10:19 - 0000063 _____ () C:\Users\Phyllis\AppData\Roaming\WB.CFG
2014-10-22 08:49 - 2014-10-22 08:50 - 0234768 _____ () C:\Users\Phyllis\AppData\Local\aff_setup.exe
2014-10-22 08:49 - 2014-10-22 08:49 - 0000064 _____ () C:\Users\Phyllis\AppData\Local\ee5e50e89e154a1da709cd7363ac771c
2014-03-24 13:38 - 2015-01-02 14:27 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some files in TEMP:
====================
C:\Users\Phyllis\AppData\Local\Temp\install_temp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-29 17:15
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Phyllis at 2015-07-01 09:30:29
Running from C:\Users\Phyllis\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2892764592-418514559-672794576-500 - Administrator - Disabled)
Guest (S-1-5-21-2892764592-418514559-672794576-501 - Limited - Disabled)
Phyllis (S-1-5-21-2892764592-418514559-672794576-1001 - Administrator - Enabled) => C:\Users\Phyllis
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AOL Sync 1.0.0 (HKLM-x32\...\AOL Sync) (Version: 1.0.0 - )
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DealAlly (HKU\.DEFAULT\...\DealAlly) (Version: 1 - Jet Applications)
Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
Dropbox (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Full Tilt Poker.Net (HKLM-x32\...\{E07B7A31-E160-466D-A003-3BB7B8989D52}) (Version: 5.6.20.WIN.FullTilt.NET - )
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.2.1.2856 (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)
Hoist Search (HKU\.DEFAULT\...\Hoist Search) (Version: 1 - Hoist Search)
Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 2.0.1.110 - Xacti, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.26411 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Juniper_Setup_Client) (Version: 7.4.4.38461 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Juniper_Term_Services) (Version: 7.1.12.21827 - Juniper Networks)
Maptech Chartbook Companion CD (with Offshore Navigator Lite) (HKLM-x32\...\Offshore Navigator Lite) (Version: - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
QuickBooks (x32 Version: 19.0.4014.705 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
09-06-2015 11:15:14 Windows Update
16-06-2015 19:44:20 Scheduled Checkpoint
24-06-2015 14:32:21 Installed Software Updater
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2015-03-18 13:31 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0163A60A-7DAB-4175-A7C0-99D65A3F54B9} - System32\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001 => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe [2015-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1943847C-FBE2-48FB-BDB8-57D89B05D7DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2A158861-BFC5-40C5-B726-B9C82C91AE4F} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Phyllis\AppData\Local\GeniusBox\client.exe" <==== ATTENTION
Task: {2B06538C-D045-4EAC-81F5-083D3A45979C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {3365089A-FE20-40B5-BBC4-6164EE661838} - System32\Tasks\Validate Installation => C:\Users\Phyllis\AppData\Local\GeniusBox\updater.exe [2014-10-21] ()
Task: {3507FB48-A79C-4EC1-859A-620896307FFE} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {39B2B9F9-2894-493E-8057-7D38AFEF0098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {4A586DDA-3C66-4519-9C3F-B664C3700E7E} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {70A1086B-4DEC-4204-9D39-B12A120F4AA4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {7F7E40E3-7F08-45A2-9C14-82F715B95B93} - System32\Tasks\TidyNetwork Update => C:\Users\Phyllis\AppData\Local\TidyNetwork\petnupdate.exe
Task: {803233EC-0D4E-4FC5-B1AB-6AE12D5015E1} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {8F06AB3C-97FF-4CDC-B537-493AECE56316} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-27] (Adobe Systems Incorporated)
Task: {9E50A75A-7515-42E2-8C9A-7201E3524228} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {A8CC2786-A45B-4A1C-AB4D-3BDBBAAA2749} - System32\Tasks\RunTool => C:\Users\Phyllis\AppData\Local\d5a66b5f-40a9-41d5-8ed7-ea50462ae8db\install_temp.exe [2015-03-06] () <==== ATTENTION
Task: {B312054A-0FE9-453A-8DA0-8200F2CC727E} - System32\Tasks\Check Updates => C:\Users\Phyllis\AppData\Local\GeniusBox\updater.exe [2014-10-21] ()
Task: {B4BFEE7E-908D-477F-BC58-D41DE4F160FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {D06C9E0A-ED6D-49AB-9114-2B373F56ED84} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D7E35D50-0DB2-498B-AB2D-8BA7C363E461} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {E32F07BA-F98A-4A3E-B3C3-5AA3640C89D4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {F2114DE3-8651-47E7-84B9-9A1EAA2BB63D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001 => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe [2015-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F21EBE57-3B6A-423B-A1D0-905E378B42BD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {FF6BC345-C2AA-496B-8EBD-0B35D9B313AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001.job => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001.job => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-10-27 14:31 - 2014-10-27 14:31 - 00154624 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
2013-09-21 04:22 - 2013-09-21 04:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 19:13 - 2012-08-13 19:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2015-06-27 10:11 - 2015-06-27 10:11 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-07-01 07:37 - 2015-07-01 08:49 - 00078848 _____ () C:\Program Files (x86)\user extensions\Client.exe
2014-10-27 14:31 - 2014-10-27 14:31 - 00071168 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node
2015-04-04 10:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-04 10:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-04 10:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-04 10:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-04 10:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-29 16:52 - 2015-06-29 16:52 - 00098816 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32api.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00110080 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pywintypes27.dll
2015-06-29 16:52 - 2015-06-29 16:52 - 00364544 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pythoncom27.dll
2015-06-29 16:52 - 2015-06-29 16:52 - 00045568 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_socket.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 01160704 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_ssl.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00320512 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32com.shell.shell.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00713216 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_hashlib.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 01175040 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._core_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00805888 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._gdi_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00811008 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._windows_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 01062400 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._controls_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00735232 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._misc_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00128512 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_elementtree.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00127488 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pyexpat.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00557056 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pysqlite2._sqlite.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00087552 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_ctypes.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00119808 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32file.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00108544 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32security.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00007168 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\hashobjs_ext.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00167936 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32gui.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00018432 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32event.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00038912 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32inet.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00011264 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32crypt.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00070656 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._html2.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00027136 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_multiprocessing.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00035840 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32process.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00686080 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\unicodedata.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00122368 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._wizard.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00024064 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32pipe.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00025600 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32pdh.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00525640 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\windows._lib_cacheinvalidation.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00010240 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\select.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00017408 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32profile.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00022528 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32ts.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00078336 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._animate.pyd
2012-10-30 01:00 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-10-15 09:45 - 2012-10-15 09:45 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2015-03-18 13:53 - 2015-03-06 23:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-18 13:53 - 2015-03-06 23:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-18 13:53 - 2015-03-06 23:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Phyllis\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Phyllis\Downloads\RE Suspicious sign in prevented.eml:OECustomProperty
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Phyllis\Desktop\pix 53 carver\SeaquesteredMarineSide (1).jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "HostManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "AOL Fast Start"
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6D30DC84AE17C59FB8CC40451744E7AB"
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "Google Update"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{98168707-AA5B-452F-A613-D067EA35FE50}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{F9988F25-6824-4C14-8235-A2A8F15B4C07}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [{D0D39E67-5FB3-48F9-80A2-B01E25CDD65C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
FirewallRules: [{926DCDF0-D16F-4CCB-B793-FD8107957073}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
FirewallRules: [{1AA4E022-12B7-4B08-AEC0-BED414C43BC5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{89386268-7B92-463B-B7DF-E8CABA2EFCB4}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{FE6BC02A-1F44-4F5D-909D-0C8564E5FCAF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D53C9DFF-3272-447D-9546-7E0681CDB137}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1839EB9C-DCB1-4069-B6A4-53D56871A281}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6564FC84-C5BE-4A39-A5EC-B82ECF9440E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2421E26-1457-4393-AAAA-8F50CC2852BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64068A51-F4C5-4CC5-8408-43EE58A88ADF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{963F96AA-0CBF-4BAA-B9ED-38DFF980CB18}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{3F45AB4D-B5A4-4397-B396-F8AD23D8650B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{2345F2FA-7958-4D27-BF41-FD6B37DFA190}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{AAE8B27C-8251-4FA2-925E-8CEEC0F014B3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{71A85861-8900-41C0-965E-B2B09CC980ED}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{EA2FDF7C-01D9-474D-9E9F-47CFAB473D4B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{61BBD4A5-5F28-4047-B7E3-ADD72B5EE036}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{D919DD88-0EF3-4BD4-8BD3-C4132C1F0562}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{D2F73A73-AE97-4DD2-ABEA-BE549E99B7BD}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{1FCF534E-26FC-4D01-A6D2-F78753C074CE}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
FirewallRules: [{C8A83E8C-8F82-4929-871B-CCD7ADC10561}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
FirewallRules: [{79EBD8CE-5F0D-4B5A-B9CB-D389903034BA}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{474E2BB3-6F66-4493-87DB-78ECA6020E8F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{5013F375-E4B4-49AC-BB34-3572B738319D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{0BA91AB0-EB33-48C7-AB72-29C498D38F33}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{C0DAEA4B-3980-4122-A680-3676149F260E}] => (Allow) LPort=1900
FirewallRules: [{D735D71A-BF7C-4585-AD10-C13C9F5702D3}] => (Allow) LPort=2869
FirewallRules: [{B13C748B-2446-4AFD-A916-91C3CE2ACBB3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{6FB1A62D-9AE8-4B3D-9059-2D728F844E07}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{55D0AE06-9A02-436E-A226-37EC453A1030}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{ED6E6646-924D-48FC-A57D-3B73E9D8A1C7}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{CD64282F-58A5-49A1-A9BD-200D9529324C}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{B0FBA136-98BC-4A93-8974-30A13086DB29}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{D49AE64C-1F75-45B7-AF0E-1B116D46B33B}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{55C6AB12-3D71-42C3-AC4E-111D1B37B405}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1AA642E3-72D4-4EE8-B69A-66C2E8F7CBE3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{9712696F-EA77-4D8C-8496-67B349C32BC1}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{E1F0C470-0613-4357-8EA9-64A6C88F875B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{4F2016E5-BFAC-4FD0-8B53-55746BEE48CB}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
FirewallRules: [{6E58273B-7D80-4CEB-84AF-BF7B122DE0CC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
FirewallRules: [{26C0E845-1103-422A-803A-CEB09C3FAB82}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8AFF4797-B98B-4E99-9B8E-4654ABC2AF6C}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{673BA428-4396-4B92-A268-0DE0D30C426A}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
FirewallRules: [{5CC3A0A9-D308-4EB2-88E6-EC04F3CDD719}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
FirewallRules: [{AC8E64B6-BE85-43BF-8711-C02A78CED2D4}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
FirewallRules: [{FC0126F8-E01F-4921-831D-D6CDAD7A4F59}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
FirewallRules: [{64F54A0F-BE87-47EE-A1D9-7DB2D5604310}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
FirewallRules: [{04A56819-9881-4843-BF72-7D038E2E8D9E}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
FirewallRules: [{ED37534C-1EA5-418B-A0D1-33A0F4213B21}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
FirewallRules: [{F308671B-CE04-4EFF-898A-50D5712617D2}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
FirewallRules: [{222647D9-C985-4529-9B62-383AB99893DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{805DBC66-592B-44F6-B4D1-6466BDC3FFFF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
FirewallRules: [{88662074-B82A-4555-AF78-4AC45598D7AC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
FirewallRules: [{A789F4C2-9AE5-43DC-AC81-17D99757449A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{22CC9CA0-96E1-4206-8231-9F481E379576}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DDEC92A3-CE27-452D-ADFA-62456F913DCA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D40ACD08-E3D1-41CA-9A20-07897199F643}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{18DB1E04-660E-4414-A3FB-0199E0699A9D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{67267434-E4ED-46E3-9308-4EAE1DC46EE4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/29/2015 05:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20905 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a34
Start Time: 01d0b2c68b1d17ad
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: a62386a6-1ebe-11e5-bee5-008cfa249fa0
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/29/2015 04:52:48 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
System errors:
=============
Error: (06/23/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.
Error: (06/23/2015 00:14:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
Error: (06/23/2015 00:14:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.
Error: (06/23/2015 00:13:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
Error: (06/23/2015 00:13:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fhsvc service.
Error: (06/23/2015 11:28:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (06/19/2015 10:08:54 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (06/19/2015 10:08:54 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (06/19/2015 10:08:49 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (06/19/2015 10:08:49 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office:
=========================
Error: (03/16/2013 09:55:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-06-29 17:20:07.179
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:02.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:02.098
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:01.879
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:01.535
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:01.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:01.098
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:00.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:00.097
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:37:59.863
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 3980.22 MB
Available physical RAM: 1686.99 MB
Total Pagefile: 8076.22 MB
Available Pagefile: 4787.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (TI10653400C) (Fixed) (Total:585.71 GB) (Free:509.06 GB) NTFS
Drive f: (passport 1) (Fixed) (Total:931.48 GB) (Free:900.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D3FA1866)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of log ============================
Following the instructions, I have downloaded and run the FRST tool. Logs are attached below.
Attempt to run the aswMBR software gives the following error:
This application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the commands-line sxstrace.exe tool for more detail.
The software doesn't even appear to load, just gives the error message.
What is next?
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Phyllis (administrator) on FLISS-PC on 01-07-2015 09:29:11
Running from C:\Users\Phyllis\Downloads
Loaded Profiles: Phyllis (Available Profiles: Phyllis)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\user extensions\Client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1354478747\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-14] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [MyScrapNook_12 Browser Plugin Loader 64] => C:\PROGRA~2\MYSCRA~2\bar\1.bin\12brmon64.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [GoogleChromeAutoLaunch_6D30DC84AE17C59FB8CC40451744E7AB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-06] (Google Inc.)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE [72312 2012-10-15] (AOL Inc.)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\MountPoints2: {3c5fdbdf-2607-11e4-bebc-008cfa249fa0} - "F:\VZW_Software_upgrade_assistant.exe"
IFEO\bbqleads.exe: [Debugger] TaskList.exe
IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe
IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe
IFEO\bbqquotes.exe: [Debugger] TaskList.exe
IFEO\ContentExplorer.exe: [Debugger] TaskList.exe
IFEO\donutleads.exe: [Debugger] TaskList.exe
IFEO\donutquotes.exe: [Debugger] TaskList.exe
IFEO\internetenhancer.exe: [Debugger] TaskList.exe
IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe
IFEO\pastaleads.exe: [Debugger] TaskList.exe
IFEO\pastaquotes.exe: [Debugger] TaskList.exe
IFEO\theanswerfinder.exe: [Debugger] TaskList.exe
IFEO\wajam.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe
IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe
IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-03-24]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-10-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => 127.0.0.1:5050
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-19] => 127.0.0.1:5050
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-20] => 127.0.0.1:5050
ProxyEnable: [S-1-5-21-2892764592-418514559-672794576-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2892764592-418514559-672794576-1001] => http=127.0.0.1:57186;https=127.0.0.1:57186
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-2892764592-418514559-672794576-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {F4330669-21DD-4EC9-9229-36A6B961BCE7} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> DefaultScope {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {048D2143-D367-4A45-A69F-DC3A25832DEC} URL =
SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {35e9438f-19d4-4516-b2ac-59ba9241de4d} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^9N^xdm002^YYA^us&si=COK3wKzAtMACFQ5rfgodtZAAdw&ptb=FCDBCF0F-F543-421E-AAF8-B743328E2503&ind=2014082718&n=780c769e&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
BHO: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
BHO: No Name -> {6E89E1D3-C66F-41C4-A648-CD91544E99C3} -> No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-11] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-11] (Oracle Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2015-02-19] (AOL Inc.)
Toolbar: HKU\S-1-5-21-2892764592-418514559-672794576-1001 -> &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox64.dll No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2011-12-22] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{37EE4EAA-F923-4C4E-94C4-59DB13A42E09}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F536BD9A-462E-4927-858A-2809FA0FA4B8}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2014-06-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2014-06-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-09-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-11] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-14] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-09-18] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2892764592-418514559-672794576-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Phyllis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-20] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-12-11]
Chrome:
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.msn.com/?pc=U147D&ocid=U147DDHP"
CHR Profile: C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-30]
CHR Extension: (Entanglement Web App) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-11-30]
CHR Extension: (Google Docs) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-30]
CHR Extension: (Google Drive) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-30]
CHR Extension: (YouTube) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-30]
CHR Extension: (eBay) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-11-30]
CHR Extension: (Google Search) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-30]
CHR Extension: (Pandora) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-11-30]
CHR Extension: (Google Sheets) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-30]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-11-30]
CHR Extension: (Hangouts) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-11-30]
CHR Extension: (Google Play) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-11-30]
CHR Extension: (Evernote Web) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-11-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Poppit!) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-11-30]
CHR Extension: (iLivid) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]
CHR Extension: (Gmail) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-30]
CHR Profile: C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17]
CHR Extension: (Google Docs) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
CHR Extension: (Google Drive) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17]
CHR Extension: (Groovorio New Tab) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm [2014-12-17]
CHR Extension: (YouTube) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
CHR Extension: (Google Search) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
CHR Extension: (Google Sheets) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17]
CHR Extension: (Bookmark Manager) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]
CHR Extension: (Gmail) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2892764592-418514559-672794576-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 09:29 - 2015-07-01 09:30 - 00030386 _____ C:\Users\Phyllis\Downloads\FRST.txt
2015-07-01 09:09 - 2015-07-01 09:09 - 02112512 _____ (Farbar) C:\Users\Phyllis\Downloads\FRST64.exe
2015-07-01 08:56 - 2015-07-01 08:56 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-FLISS-PC-Windows-8.1-(64-bit).dat
2015-07-01 08:54 - 2015-07-01 08:54 - 04720448 _____ C:\Users\Phyllis\Downloads\tweaking.com_registry_backup_setup (1).exe
2015-07-01 08:54 - 2015-07-01 08:54 - 00002262 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-07-01 08:54 - 2015-07-01 08:54 - 00000000 ____D C:\RegBackup
2015-07-01 08:54 - 2015-07-01 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-07-01 08:54 - 2015-07-01 08:54 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-07-01 08:51 - 2015-07-01 08:51 - 04720448 _____ C:\Users\Phyllis\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-01 07:37 - 2015-07-01 08:49 - 00000000 ____D C:\Program Files (x86)\user extensions
2015-06-23 11:26 - 2015-06-23 11:26 - 00095119 _____ C:\Users\Phyllis\Downloads\CHK_859_052413_062215.QFX
2015-06-20 15:20 - 2015-06-20 15:20 - 00000000 ____D C:\Users\Phyllis\AppData\Local\GWX
2015-06-18 15:36 - 2015-06-29 17:34 - 00000688 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001.job
2015-06-18 15:36 - 2015-06-18 15:36 - 00003692 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001
2015-06-15 09:05 - 2015-06-15 09:05 - 00000000 ____D C:\Users\Phyllis\Downloads\CRDT RPT
2015-06-09 12:29 - 2015-06-09 12:29 - 00284832 _____ C:\WINDOWS\Minidump\060915-34328-01.dmp
2015-06-09 11:13 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-09 11:13 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-09 11:13 - 2015-05-25 06:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 11:13 - 2015-05-25 06:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 11:13 - 2015-05-22 06:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-09 11:13 - 2015-05-21 06:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-09 11:13 - 2015-04-24 19:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-09 11:13 - 2015-04-24 19:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-09 11:13 - 2015-04-16 15:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-09 11:13 - 2015-04-15 23:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-09 11:13 - 2015-04-13 15:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-09 11:13 - 2015-04-13 15:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-09 11:13 - 2015-04-09 17:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-09 11:13 - 2015-04-09 17:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-09 11:13 - 2015-04-08 15:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 11:13 - 2015-04-08 15:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 11:13 - 2015-04-01 15:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-09 11:13 - 2015-04-01 15:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-09 11:13 - 2015-03-31 21:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-09 11:13 - 2015-03-31 21:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-09 11:13 - 2015-03-31 21:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-09 11:13 - 2015-03-31 21:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-09 11:13 - 2015-03-31 20:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-09 11:13 - 2015-03-31 20:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-09 11:13 - 2015-03-31 20:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-09 11:13 - 2015-03-31 19:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-09 11:13 - 2015-03-31 19:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-09 11:13 - 2015-03-31 19:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-09 11:13 - 2015-03-31 19:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-09 11:13 - 2015-03-31 19:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-09 11:13 - 2015-03-31 19:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-09 11:13 - 2015-03-19 20:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-09 11:13 - 2015-03-19 20:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-09 11:13 - 2015-03-19 19:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-09 11:13 - 2015-03-19 19:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-09 11:13 - 2015-03-01 18:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 11:13 - 2015-03-01 18:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 11:12 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-09 11:12 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-09 11:12 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-09 11:12 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-09 11:12 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-09 11:12 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-09 11:12 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-09 11:12 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-09 11:12 - 2015-05-22 19:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-09 11:12 - 2015-05-22 19:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-09 11:12 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-09 11:12 - 2015-05-22 19:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-09 11:12 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-09 11:12 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-09 11:12 - 2015-05-22 19:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-09 11:12 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-09 11:12 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-09 11:12 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-09 11:12 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-09 11:12 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-09 11:12 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-09 11:12 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-09 11:12 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-09 11:12 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-09 11:12 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-09 11:12 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-09 11:12 - 2015-05-22 11:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-09 11:12 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-09 11:12 - 2015-05-22 11:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-09 11:12 - 2015-05-22 11:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-09 11:12 - 2015-05-22 11:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-09 11:12 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-09 11:12 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-09 11:12 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-09 11:12 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-09 11:12 - 2015-05-22 10:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-09 11:12 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-09 11:12 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-09 11:12 - 2015-05-21 09:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-08 10:58 - 2015-06-08 10:59 - 00000000 ____D C:\Users\Phyllis\Desktop\SWIM STEP
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 09:29 - 2015-04-02 20:59 - 00000000 ____D C:\FRST
2015-07-01 09:29 - 2014-05-20 14:09 - 00000592 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001.job
2015-07-01 09:19 - 2013-11-13 01:45 - 01182611 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 09:01 - 2012-12-02 13:00 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 09:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-01 09:00 - 2012-12-02 13:03 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2892764592-418514559-672794576-1001
2015-07-01 08:32 - 2014-06-27 07:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-01 07:37 - 2013-12-09 15:55 - 00003934 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{17C8D484-C225-452C-9A37-17C1C75A4BE3}
2015-06-30 13:23 - 2014-03-24 13:11 - 00000000 ____D C:\Users\Phyllis\Desktop\QB FILES
2015-06-30 13:13 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-06-29 16:53 - 2013-11-13 09:31 - 00000000 ___DO C:\Users\Phyllis\SkyDrive
2015-06-29 16:51 - 2013-08-22 07:46 - 00315615 _____ C:\WINDOWS\setupact.log
2015-06-29 16:51 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-29 16:51 - 2012-12-02 13:00 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-29 16:50 - 2013-09-29 20:55 - 00104304 _____ C:\WINDOWS\PFRO.log
2015-06-29 16:50 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-29 08:54 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-24 14:50 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-24 14:33 - 2014-06-07 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-06-19 20:02 - 2014-12-12 11:09 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 20:02 - 2014-12-12 11:09 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 10:09 - 2013-11-13 01:30 - 00000000 ____D C:\Users\Phyllis
2015-06-18 15:36 - 2014-05-20 14:09 - 00003596 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001
2015-06-15 08:50 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-09 12:29 - 2015-03-02 16:44 - 633630134 _____ C:\WINDOWS\MEMORY.DMP
2015-06-09 12:29 - 2015-03-02 16:44 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-09 12:12 - 2013-08-22 07:44 - 00499704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-09 12:07 - 2014-12-12 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-09 12:07 - 2014-07-12 10:49 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-09 12:07 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-09 12:07 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-09 11:38 - 2013-07-30 16:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-09 11:21 - 2012-12-13 04:10 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 11:19 - 2012-12-14 16:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-08 10:59 - 2013-09-29 21:04 - 00867660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-04 13:39 - 2014-11-19 16:21 - 00001024 _____ C:\.rnd
==================== Files in the root of some directories =======
2013-03-22 17:39 - 2013-03-22 17:39 - 0037681 _____ () C:\Users\Phyllis\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-11-30 12:19 - 2014-12-01 10:19 - 0000063 _____ () C:\Users\Phyllis\AppData\Roaming\WB.CFG
2014-10-22 08:49 - 2014-10-22 08:50 - 0234768 _____ () C:\Users\Phyllis\AppData\Local\aff_setup.exe
2014-10-22 08:49 - 2014-10-22 08:49 - 0000064 _____ () C:\Users\Phyllis\AppData\Local\ee5e50e89e154a1da709cd7363ac771c
2014-03-24 13:38 - 2015-01-02 14:27 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some files in TEMP:
====================
C:\Users\Phyllis\AppData\Local\Temp\install_temp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-29 17:15
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Phyllis at 2015-07-01 09:30:29
Running from C:\Users\Phyllis\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2892764592-418514559-672794576-500 - Administrator - Disabled)
Guest (S-1-5-21-2892764592-418514559-672794576-501 - Limited - Disabled)
Phyllis (S-1-5-21-2892764592-418514559-672794576-1001 - Administrator - Enabled) => C:\Users\Phyllis
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AOL Sync 1.0.0 (HKLM-x32\...\AOL Sync) (Version: 1.0.0 - )
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DealAlly (HKU\.DEFAULT\...\DealAlly) (Version: 1 - Jet Applications)
Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
Dropbox (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{682A3328-9621-4BAD-91FA-873A076610C4}) (Version: 1.21.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Full Tilt Poker.Net (HKLM-x32\...\{E07B7A31-E160-466D-A003-3BB7B8989D52}) (Version: 5.6.20.WIN.FullTilt.NET - )
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.2.1.2856 (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\GoToMeeting) (Version: 7.2.1.2856 - CitrixOnline)
Hoist Search (HKU\.DEFAULT\...\Hoist Search) (Version: 1 - Hoist Search)
Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 2.0.1.110 - Xacti, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.26411 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Juniper_Setup_Client) (Version: 7.4.4.38461 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\Juniper_Term_Services) (Version: 7.1.12.21827 - Juniper Networks)
Maptech Chartbook Companion CD (with Offshore Navigator Lite) (HKLM-x32\...\Offshore Navigator Lite) (Version: - )
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.3.49 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
QuickBooks (x32 Version: 19.0.4014.705 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0013 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2892764592-418514559-672794576-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
09-06-2015 11:15:14 Windows Update
16-06-2015 19:44:20 Scheduled Checkpoint
24-06-2015 14:32:21 Installed Software Updater
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2015-03-18 13:31 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0163A60A-7DAB-4175-A7C0-99D65A3F54B9} - System32\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001 => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe [2015-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1943847C-FBE2-48FB-BDB8-57D89B05D7DD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2A158861-BFC5-40C5-B726-B9C82C91AE4F} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Phyllis\AppData\Local\GeniusBox\client.exe" <==== ATTENTION
Task: {2B06538C-D045-4EAC-81F5-083D3A45979C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {3365089A-FE20-40B5-BBC4-6164EE661838} - System32\Tasks\Validate Installation => C:\Users\Phyllis\AppData\Local\GeniusBox\updater.exe [2014-10-21] ()
Task: {3507FB48-A79C-4EC1-859A-620896307FFE} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {39B2B9F9-2894-493E-8057-7D38AFEF0098} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {4A586DDA-3C66-4519-9C3F-B664C3700E7E} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.8.0.32\SymErr.exe
Task: {70A1086B-4DEC-4204-9D39-B12A120F4AA4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {7F7E40E3-7F08-45A2-9C14-82F715B95B93} - System32\Tasks\TidyNetwork Update => C:\Users\Phyllis\AppData\Local\TidyNetwork\petnupdate.exe
Task: {803233EC-0D4E-4FC5-B1AB-6AE12D5015E1} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {8F06AB3C-97FF-4CDC-B537-493AECE56316} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-27] (Adobe Systems Incorporated)
Task: {9E50A75A-7515-42E2-8C9A-7201E3524228} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {A8CC2786-A45B-4A1C-AB4D-3BDBBAAA2749} - System32\Tasks\RunTool => C:\Users\Phyllis\AppData\Local\d5a66b5f-40a9-41d5-8ed7-ea50462ae8db\install_temp.exe [2015-03-06] () <==== ATTENTION
Task: {B312054A-0FE9-453A-8DA0-8200F2CC727E} - System32\Tasks\Check Updates => C:\Users\Phyllis\AppData\Local\GeniusBox\updater.exe [2014-10-21] ()
Task: {B4BFEE7E-908D-477F-BC58-D41DE4F160FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {D06C9E0A-ED6D-49AB-9114-2B373F56ED84} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D7E35D50-0DB2-498B-AB2D-8BA7C363E461} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {E32F07BA-F98A-4A3E-B3C3-5AA3640C89D4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-09] (Microsoft Corporation)
Task: {F2114DE3-8651-47E7-84B9-9A1EAA2BB63D} - System32\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001 => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe [2015-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F21EBE57-3B6A-423B-A1D0-905E378B42BD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {FF6BC345-C2AA-496B-8EBD-0B35D9B313AA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2892764592-418514559-672794576-1001.job => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2892764592-418514559-672794576-1001.job => C:\Users\Phyllis\AppData\Local\Citrix\GoToMeeting\2856\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-10-27 14:31 - 2014-10-27 14:31 - 00154624 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
2013-09-21 04:22 - 2013-09-21 04:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 19:13 - 2012-08-13 19:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2015-06-27 10:11 - 2015-06-27 10:11 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-07-01 07:37 - 2015-07-01 08:49 - 00078848 _____ () C:\Program Files (x86)\user extensions\Client.exe
2014-10-27 14:31 - 2014-10-27 14:31 - 00071168 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node
2015-04-04 10:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-04 10:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-04 10:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-04 10:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-04 10:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-29 16:52 - 2015-06-29 16:52 - 00098816 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32api.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00110080 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pywintypes27.dll
2015-06-29 16:52 - 2015-06-29 16:52 - 00364544 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pythoncom27.dll
2015-06-29 16:52 - 2015-06-29 16:52 - 00045568 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_socket.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 01160704 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_ssl.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00320512 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32com.shell.shell.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00713216 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_hashlib.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 01175040 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._core_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00805888 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._gdi_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00811008 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._windows_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 01062400 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._controls_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00735232 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._misc_.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00128512 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_elementtree.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00127488 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pyexpat.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00557056 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\pysqlite2._sqlite.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00087552 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_ctypes.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00119808 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32file.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00108544 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32security.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00007168 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\hashobjs_ext.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00167936 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32gui.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00018432 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32event.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00038912 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32inet.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00011264 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32crypt.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00070656 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._html2.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00027136 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\_multiprocessing.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00035840 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32process.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00686080 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\unicodedata.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00122368 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._wizard.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00024064 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32pipe.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00025600 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32pdh.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00525640 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\windows._lib_cacheinvalidation.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00010240 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\select.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00017408 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32profile.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00022528 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\win32ts.pyd
2015-06-29 16:52 - 2015-06-29 16:52 - 00078336 _____ () C:\Users\Phyllis\AppData\Local\Temp\_MEI29162\wx._animate.pyd
2012-10-30 01:00 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-10-15 09:45 - 2012-10-15 09:45 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
2015-03-18 13:53 - 2015-03-06 23:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-18 13:53 - 2015-03-06 23:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-18 13:53 - 2015-03-06 23:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Phyllis\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Phyllis\Downloads\RE Suspicious sign in prevented.eml:OECustomProperty
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2892764592-418514559-672794576-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Phyllis\Desktop\pix 53 carver\SeaquesteredMarineSide (1).jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "HostManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "AOL Fast Start"
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_6D30DC84AE17C59FB8CC40451744E7AB"
HKU\S-1-5-21-2892764592-418514559-672794576-1001\...\StartupApproved\Run: => "Google Update"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{98168707-AA5B-452F-A613-D067EA35FE50}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [TCP Query User{F9988F25-6824-4C14-8235-A2A8F15B4C07}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [{D0D39E67-5FB3-48F9-80A2-B01E25CDD65C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
FirewallRules: [{926DCDF0-D16F-4CCB-B793-FD8107957073}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\AOLBrowser\aolbrowser.exe
FirewallRules: [{1AA4E022-12B7-4B08-AEC0-BED414C43BC5}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{89386268-7B92-463B-B7DF-E8CABA2EFCB4}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
FirewallRules: [{FE6BC02A-1F44-4F5D-909D-0C8564E5FCAF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D53C9DFF-3272-447D-9546-7E0681CDB137}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1839EB9C-DCB1-4069-B6A4-53D56871A281}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6564FC84-C5BE-4A39-A5EC-B82ECF9440E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2421E26-1457-4393-AAAA-8F50CC2852BD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64068A51-F4C5-4CC5-8408-43EE58A88ADF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{963F96AA-0CBF-4BAA-B9ED-38DFF980CB18}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
FirewallRules: [{3F45AB4D-B5A4-4397-B396-F8AD23D8650B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{2345F2FA-7958-4D27-BF41-FD6B37DFA190}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{AAE8B27C-8251-4FA2-925E-8CEEC0F014B3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{71A85861-8900-41C0-965E-B2B09CC980ED}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{EA2FDF7C-01D9-474D-9E9F-47CFAB473D4B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{61BBD4A5-5F28-4047-B7E3-ADD72B5EE036}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{D919DD88-0EF3-4BD4-8BD3-C4132C1F0562}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{D2F73A73-AE97-4DD2-ABEA-BE549E99B7BD}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
FirewallRules: [{1FCF534E-26FC-4D01-A6D2-F78753C074CE}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
FirewallRules: [{C8A83E8C-8F82-4929-871B-CCD7ADC10561}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1354478747\ee\aolsoftware.exe
FirewallRules: [{79EBD8CE-5F0D-4B5A-B9CB-D389903034BA}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{474E2BB3-6F66-4493-87DB-78ECA6020E8F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
FirewallRules: [{5013F375-E4B4-49AC-BB34-3572B738319D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{0BA91AB0-EB33-48C7-AB72-29C498D38F33}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe
FirewallRules: [{C0DAEA4B-3980-4122-A680-3676149F260E}] => (Allow) LPort=1900
FirewallRules: [{D735D71A-BF7C-4585-AD10-C13C9F5702D3}] => (Allow) LPort=2869
FirewallRules: [{B13C748B-2446-4AFD-A916-91C3CE2ACBB3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{6FB1A62D-9AE8-4B3D-9059-2D728F844E07}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{55D0AE06-9A02-436E-A226-37EC453A1030}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{ED6E6646-924D-48FC-A57D-3B73E9D8A1C7}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{CD64282F-58A5-49A1-A9BD-200D9529324C}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{B0FBA136-98BC-4A93-8974-30A13086DB29}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{D49AE64C-1F75-45B7-AF0E-1B116D46B33B}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{55C6AB12-3D71-42C3-AC4E-111D1B37B405}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1AA642E3-72D4-4EE8-B69A-66C2E8F7CBE3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{9712696F-EA77-4D8C-8496-67B349C32BC1}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{E1F0C470-0613-4357-8EA9-64A6C88F875B}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
FirewallRules: [{4F2016E5-BFAC-4FD0-8B53-55746BEE48CB}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
FirewallRules: [{6E58273B-7D80-4CEB-84AF-BF7B122DE0CC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7b\aolbrowser.exe
FirewallRules: [{26C0E845-1103-422A-803A-CEB09C3FAB82}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8AFF4797-B98B-4E99-9B8E-4654ABC2AF6C}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{673BA428-4396-4B92-A268-0DE0D30C426A}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
FirewallRules: [{5CC3A0A9-D308-4EB2-88E6-EC04F3CDD719}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
FirewallRules: [{AC8E64B6-BE85-43BF-8711-C02A78CED2D4}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
FirewallRules: [{FC0126F8-E01F-4921-831D-D6CDAD7A4F59}] => (Allow) C:\Program Files (x86)\TOSHIBA\System Setting\TOSHIBASystemSetting.exe
FirewallRules: [{64F54A0F-BE87-47EE-A1D9-7DB2D5604310}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
FirewallRules: [{04A56819-9881-4843-BF72-7D038E2E8D9E}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
FirewallRules: [{ED37534C-1EA5-418B-A0D1-33A0F4213B21}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
FirewallRules: [{F308671B-CE04-4EFF-898A-50D5712617D2}] => (Allow) C:\Program Files (x86)\TurboTax\Deluxe 2014\32bit\TurboTax.exe
FirewallRules: [{222647D9-C985-4529-9B62-383AB99893DC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{805DBC66-592B-44F6-B4D1-6466BDC3FFFF}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
FirewallRules: [{88662074-B82A-4555-AF78-4AC45598D7AC}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.7c\waol.exe
FirewallRules: [{A789F4C2-9AE5-43DC-AC81-17D99757449A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{22CC9CA0-96E1-4206-8231-9F481E379576}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DDEC92A3-CE27-452D-ADFA-62456F913DCA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D40ACD08-E3D1-41CA-9A20-07897199F643}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{18DB1E04-660E-4414-A3FB-0199E0699A9D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{67267434-E4ED-46E3-9308-4EAE1DC46EE4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/30/2015 01:14:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/29/2015 05:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20905 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: a34
Start Time: 01d0b2c68b1d17ad
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: a62386a6-1ebe-11e5-bee5-008cfa249fa0
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20905_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (06/29/2015 04:52:48 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)
Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
Error: (06/29/2015 09:00:09 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
System errors:
=============
Error: (06/23/2015 02:50:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.
Error: (06/23/2015 00:14:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
Error: (06/23/2015 00:14:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.
Error: (06/23/2015 00:13:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
Error: (06/23/2015 00:13:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fhsvc service.
Error: (06/23/2015 11:28:37 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
Error: (06/19/2015 10:08:54 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (06/19/2015 10:08:54 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (06/19/2015 10:08:49 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (06/19/2015 10:08:49 AM) (Source: DCOM) (EventID: 10010) (User: FLISS-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office:
=========================
Error: (03/16/2013 09:55:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-06-29 17:20:07.179
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:02.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:02.098
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:01.879
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:01.535
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:01.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:01.098
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:00.332
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:38:00.097
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-24 15:37:59.863
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 3980.22 MB
Available physical RAM: 1686.99 MB
Total Pagefile: 8076.22 MB
Available Pagefile: 4787.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (TI10653400C) (Fixed) (Total:585.71 GB) (Free:509.06 GB) NTFS
Drive f: (passport 1) (Fixed) (Total:931.48 GB) (Free:900.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D3FA1866)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of log ============================