Solved Sxssrv.dll rootkit detected I think

[Phil Hunter]

Regrun shows a rootkit in Sxssrv.dll. Cannot get rid of it. What steps need to be done. I just ran GMER scan.
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-05 09:24:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0003 465.76GB
Running: gkcr9v2e.exe; Driver: C:\Users\Kathleen\AppData\Local\Temp\kxlcrpoc.sys

---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031fb000 63 bytes [00, 00, 0D, 02, 4D, 64, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff800031fb040 6 bytes [39, 56, 06, 00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[4100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075991465 2 bytes [99, 75]
.text C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe[4100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759914bb 2 bytes [99, 75]
.text ... * 2
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5024] C:\Windows\syswow64\kernel32.dll!FindResourceW 0000000075605939 5 bytes JMP 0000000100440980
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5024] C:\Windows\syswow64\kernel32.dll!FindResourceA 000000007561e98b 5 bytes JMP 0000000100440930
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5024] C:\Windows\syswow64\user32.DLL!LoadStringW 0000000075f08eb9 5 bytes JMP 0000000100440fd0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5024] C:\Windows\syswow64\user32.DLL!LoadStringA 0000000075f0db21 5 bytes JMP 0000000100441110
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5024] C:\Windows\syswow64\user32.DLL!LoadMenuW 0000000075f14391 5 bytes JMP 0000000100440b40
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5024] C:\Windows\syswow64\user32.DLL!LoadMenuA 0000000075f24eef 5 bytes JMP 0000000100440ad0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5024] C:\Windows\syswow64\user32.DLL!CreateDialogParamA 0000000075f25246 5 bytes JMP 00000001004409d0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[5024] C:\Windows\syswow64\user32.DLL!CreateDialogParamW 0000000075f310dc 5 bytes JMP 0000000100440a50
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075991465 2 bytes [99, 75]
.text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[8956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759914bb 2 bytes [99, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Sidebar\sidebar.exe [4288:4628] 000007feeac36b44
Thread C:\Program Files\Windows Sidebar\sidebar.exe [4288:4736] 000007feea48f3e0
Thread C:\Program Files\Windows Sidebar\sidebar.exe [4288:4940] 000007feea48f3e0
Thread C:\Program Files\Windows Sidebar\sidebar.exe [4288:5476] 000007fee8e0f5a0
Thread C:\Program Files\Windows Sidebar\sidebar.exe [4288:5488] 000007fee8de9fe4
Thread C:\Program Files\Windows Sidebar\sidebar.exe [4288:5492] 000007fee8de98ac
Thread C:\Program Files\Windows Sidebar\sidebar.exe [4288:5544] 000007feea48f3e0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5040:6032] 000007fefbd12bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5040:1736] 000007fedafd4830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5040:6240] 000007fef3525124
Thread C:\Program Files (x86)\Lenovo\System Update\Tvsukernel.exe [3992:8076] 00000000727c0dc7
Thread C:\Program Files (x86)\Lenovo\System Update\Tvsukernel.exe [3992:7172] 00000000728736af
---- Processes - GMER 2.1 ----
Process C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP11SL6N\gkcr9v2e.exe (*** suspicious ***) @ C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP11SL6N\gkcr9v2e.exe [7556](2014-09-04 19:44:44) 0000000000400000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
---- EOF - GMER 2.1 ----

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Phil Hunter]

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/5/2014
Scan Time: 5:28:02 PM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.05.09
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kathleen
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 651648
Time Elapsed: 10 hr, 37 min, 0 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 4
PUP.Optional.Conduit, C:\Users\Kathleen\AppData\LocalLow\entrusted\hk64tbentr.dll, Quarantined, [f0a9f7d2cab1999d80331817ff01659b],
PUP.Optional.Conduit, C:\Users\Kathleen\AppData\LocalLow\entrusted\hktbentr.dll, Quarantined, [c1d8a2277dfe1b1b04afdb5431cf28d8],
PUP.Optional.Conduit, C:\Users\Kathleen\AppData\LocalLow\entrusted\ldrtbentr.dll, Quarantined, [34652d9c3d3e59ddad064be4d8287888],
PUP.Optional.Conduit, C:\Users\Kathleen\AppData\LocalLow\entrusted\tbentr.dll, Quarantined, [8514f3d64b3044f2b1026ec15ba518e8],
Physical Sectors: 0
(No malicious items detected)

(end)

 

[Phil Hunter]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2011 5:02:35 PM
System Uptime: 9/6/2014 5:55:44 AM (7 hours ago)
.
Motherboard: LENOVO | | 2847D2U
Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz | U2E1 | 2201/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 126.33 GiB free.
D: is CDROM (CDFS)
E: is Removable
Q: is FIXED (NTFS) - 10 GiB total, 2.569 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Synaptics SMBus Driver
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_20F917AA&REV_03\3&11583659&0&FB
Manufacturer: Synaptics
Name: Synaptics SMBus Driver
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_20F917AA&REV_03\3&11583659&0&FB
Service: SmbDrvI
.
Class GUID: {dad27e18-2598-4484-98b0-5dba8e007f6a}
Description: Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter
Device ID: ROOT\AMPPAL\0000
Manufacturer: Intel Corporation
Name: Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter
PNP Device ID: ROOT\AMPPAL\0000
Service: AMPPAL
.
==== System Restore Points ===================
.
RP352: 8/31/2014 7:46:58 PM - Windows Update
RP353: 8/31/2014 8:08:08 PM - WD SmartWare Installer
RP354: 8/31/2014 8:20:40 PM - WD SmartWare Installer
RP355: 8/31/2014 9:37:57 PM - Windows Update
RP356: 9/1/2014 3:00:13 AM - Windows Update
RP357: 9/1/2014 10:15:49 AM - RegRun Virus Scan
RP358: 9/1/2014 2:19:37 PM - Windows Update
RP359: 9/1/2014 3:35:40 PM - RegRun Virus Scan
RP360: 9/1/2014 7:00:02 PM - RegRun Virus Scan
RP361: 9/1/2014 7:19:08 PM - DLL-Files Fixer Mon, Sep 01, 14 19:19
RP362: 9/1/2014 7:37:34 PM - RegRun Virus Scan
RP363: 9/2/2014 1:33:51 PM - RegRun Virus Scan
RP364: 9/2/2014 7:24:33 PM - RegRun Virus Scan
RP365: 9/3/2014 9:04:52 AM - RegRun Virus Scan
RP366: 9/3/2014 9:32:30 AM - RegRun Virus Scan
RP367: 9/4/2014 2:56:24 PM - Windows Update
.
==== Installed Programs ======================
.
Registry Patch to arrange icons in Device and Printers folder of Windows 7
Access Help
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader X (10.1.11)
All American Cluster Frame-(CRFTBLS)
ArcSoft MediaConverter 8
Audible Download Manager
avi.NET 3.5.1.0
BCL easyConverter SDK 3 (Word Version) 64
Belarc Advisor 8.4
Blueberry Combo Pack 2-(Gypsys)
Burnin' Love Glitter Papers-(acreatn)
Canon CanoScan LiDE 210 User Registration
Canon Easy-PhotoPrint EX
Canon Inkjet Printer Driver Add-On Module
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon My Printer
Canon PIXMA iP8500
Canon Solution Menu EX
Canon Utilities ImageBrowser EX
CanoScan LiDE 210 Scanner Driver
CanoScan LiDE 600F
Cat Overlays 1
Catalina Savings Printer
Christmas Frames-(LLLCrtn)
Christmas Ornament Frames-(LLLCrtn)
Christmas Papers-(LLLCrtn)
Christmas Snow
Christmas Traditions Paper-(DCS)
Christmas Traditions QPage-(acreatn)
Christmas Word Art 2-(LLLCrtn)
ColorDot Papers
Colorful Memories
Coupon Printer for Windows
Create Recovery Media
CyberLink PowerDirector 12
CyberLink PowerDirector 12 Content Pack Essential
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX 9 Runtime
Dll-Files Fixer
Do Not Track Me Add-on 2.2.9.515
Document Express DjVu Plug-in
Elevated Installer
Family Tree Maker 2012
Felt Creative-(GB4U)
Free Audio Converter version 5.0.30.1029
Garmin Express
Garmin Express Tray
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Update
I.R.I.S. OCR
iCloud
In The Spotlight Paper Pack-(LLLCrtn)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless WiFi Software Driver
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
InterVideo WinDVD 8
Java 7 Update 45
Java Auto Updater
Java(TM) 6 Update 16 (64-bit)
JMicron Flash Media Controller Driver
Junk Mail filter update
Lenovo Patch Utility 64 bit
Lenovo Power Management Driver
Lenovo System Interface Driver
Lenovo System Update
Lenovo ThinkVantage Toolbox
Lenovo Welcome
Let Freedom Ring Extra Alpha-(jsscrap)
LightScribe System Software
LightScribe Template Labeler
Lovely Winter Glitters Addon-(BC)
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Message Center Plus
Messenger Companion
Metric Collection SDK
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MM5 Our Memories Calendar-(StyRock)
MM5 Winter Whispers-(DSP)
Mobile Broadband
MobileMe Control Panel
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Memories Suite 5.0
On Screen Display
Our Heritage Corner Cluster-(Kathryn)
Photo Explosion Album SE
PhotoFiltre
PIXELA AAC LC CODEC
Power Manager
Pretty Lace Paper Pack 1
Publish to Photo Frame
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recover Files 3.29
Red Candy Stripe Alphabet-(DCS)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
RegRun Reanimator
Remember When-(CSC)
Rescue and Recovery
RoboForm 7-9-2-5 (All Users)
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Express Labeler 3
Safari
Scan2PC
School Years Quickpages
Scrap It Simple Papers-(BC)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shabtastic Monograms-(jsscrap)
SmartSound Quicktracks 5
Snowflake Kisses Quickpage2-(TBAB)
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Sparkler QuickPage-(MgR)
System Migration Assistant
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Communications Utility
Touchdown Navy-(LinJane)
Trend Micro Titanium
Trend Micro Titanium Maximum Security
Twenty Fourteen Extra Papers-(acreatn)
UnHackMe 7.20 release
Uniquely Fabulous Frames-(TBAB)
Unwipe
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
VD64Inst
Verizon Wireless Mobile Broadband Self Activation
WD Quick View
WD SmartWare
WD SmartWare Installer
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
9/6/2014 5:57:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
9/5/2014 4:33:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZeroConfigService service.
9/4/2014 6:03:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1450.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10904.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/4/2014 6:03:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1450.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10904.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/4/2014 6:03:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1450.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10904.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/4/2014 5:45:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/4/2014 2:37:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/4/2014 11:14:21 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
9/3/2014 8:48:05 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
9/2/2014 9:55:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Core Update Service service.
9/2/2014 8:24:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service.
9/2/2014 12:09:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
9/2/2014 12:09:40 PM, Error: Service Control Manager [7000] - The Garmin Core Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/1/2014 6:49:26 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/1/2014 12:56:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 10 for Windows 7 for x64-based Systems (KB2909210).
9/1/2014 12:56:52 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2976627).
9/1/2014 12:48:06 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
8/31/2014 8:20:33 PM, Error: Service Control Manager [7034] - The WD Drive Manager service terminated unexpectedly. It has done this 1 time(s).
8/31/2014 8:00:23 PM, Error: Service Control Manager [7022] - The Intel® Centrino® Wireless Bluetooth® + High Speed Service service hung on starting.
8/31/2014 5:43:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
8/31/2014 5:43:21 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/31/2014 5:26:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.
8/31/2014 5:15:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/31/2014 5:15:46 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/31/2014 5:11:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/31/2014 4:30:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install.
8/31/2014 4:24:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3126.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...6.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x800705b4 Error description: This operation returned because the timeout period expired.
8/31/2014 4:24:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3126.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...6.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x800705b4 Error description: This operation returned because the timeout period expired.
8/31/2014 4:13:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDBackup service.
8/31/2014 3:52:30 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/31/2014 3:52:30 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/31/2014 3:51:28 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
8/31/2014 3:50:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3126.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024001b Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/31/2014 3:50:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.3126.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x8024001b Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/31/2014 3:42:57 PM, Error: volmgr [46] - Crash dump initialization failed!
8/31/2014 10:08:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.5.216.0 (KB2949787).
8/31/2014 10:04:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
.
==== End Of File ===========================

 

[Phil Hunter]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239
Run by Kathleen at 12:02:43 on 2014-09-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2937.951 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\LENOVO\HOTKEY\shtctky.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\UnHackMe\hackmon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.roboform.com
uDefault_Page_URL = hxxp://lenovo.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: <No Name>: - LocalServer32 - <no file>
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [PWMTRV] rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
StartupFolder: C:\Users\Kathleen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
uPolicies-Explorer: NoDriveAutoRun- = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-Explorer: NoDriveAutoRun- = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Leave a note for Been users - C:\Program Files (x86)\YippyHUB\Basement\BackgroundEngine.exe/205
IE: &Remove from Been Clickstream - C:\Program Files (x86)\YippyHUB\Basement\BackgroundEngine.exe/206
IE: &Save as Been Favorite - C:\Program Files (x86)\YippyHUB\Basement\BackgroundEngine.exe/204
IE: &Thumbs Down - C:\Program Files (x86)\YippyHUB\Basement\BackgroundEngine.exe/202
IE: &Thumbs Up - C:\Program Files (x86)\YippyHUB\Basement\BackgroundEngine.exe/201
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.6.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9F8AC2D3-FA81-40E7-BCD8-B3954251B30D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9F8AC2D3-FA81-40E7-BCD8-B3954251B30D}\2656C6B696E6E2439356 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9F8AC2D3-FA81-40E7-BCD8-B3954251B30D}\8457E6475627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9F8AC2D3-FA81-40E7-BCD8-B3954251B30D}\F475E45425D20534F5E4564777F627B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FAE7C893-00EA-439D-AC9A-5D276E75374F} : DHCPNameServer = 4.2.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli ACGina
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {45DB34C3-955C-11D3-ABEF-444553540001} - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-4 55280]
R0 TMEBC;TMEBC;C:\Windows\System32\drivers\TMEBC64.sys [2013-9-20 50976]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2009-6-29 23592]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-3 45856]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2014-8-31 15472]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2013-9-20 85936]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-2-13 770528]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-11-8 250712]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2014-8-31 44024]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2014-8-31 110128]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2014-8-31 62456]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-9-5 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-9-5 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2014-8-31 125424]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2014-8-31 125488]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-7-22 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-7-22 296312]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-2-8 3386608]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-9-10 139264]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-9-16 174168]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-9-5 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-9-5 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-9-5 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 Power Manager DBC Service;Power Manager Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-11-4 1668896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-4 295424]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2013-9-20 100640]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2013-9-20 303392]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-9-20 305760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-4 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-8-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-8-4 166384]
S3 becldr3Service;BCL EasyConverter SDK 3 Loader;C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [2013-7-3 263168]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-4-4 35840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-1 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-2-8 273136]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-2-23 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-2-23 177152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2014-8-31 1664800]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-4 313840]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-8-4 1124848]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-18 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-06 16:43:55 -------- d-----w- C:\mbmb
2014-09-06 11:08:35 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{93FB062D-A208-4A07-9003-85A202C6CA08}\mpengine.dll
2014-09-05 15:02:27 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-05 15:01:10 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-05 15:01:10 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-05 15:01:10 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-05 15:01:08 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-05 15:01:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 20:05:00 11319192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-02 18:40:37 -------- d-----w- C:\Users\Kathleen\AppData\Local\{D72F9033-DBAE-467F-90C8-637765D79665}
2014-09-02 15:28:30 -------- d-----w- C:\Windows\SysWow64\Garmin
2014-09-02 03:20:16 -------- d-----w- C:\Program Files (x86)\Belarc
2014-09-02 02:36:18 31744 ----a-w- C:\Windows\System32\sxssrv.dll
2014-09-02 00:16:14 24576 ----a-w- C:\Windows\SysWow64\sxssrv.dll
2014-09-02 00:15:46 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\dll-files.com
2014-09-02 00:15:39 -------- d-----w- C:\ProgramData\Logs
2014-09-02 00:15:33 19392 ----a-w- C:\Windows\System32\roboot64.exe
2014-09-02 00:15:25 -------- d-----w- C:\Program Files (x86)\Dll-Files.com Fixer
2014-09-01 19:07:36 -------- d-----w- C:\Program Files (x86)\RegUtility
2014-09-01 19:03:23 -------- d-sh--w- C:\Users\Kathleen\AppData\Local\EmieUserList
2014-09-01 19:03:23 -------- d-sh--w- C:\Users\Kathleen\AppData\Local\EmieSiteList
2014-09-01 18:07:59 10747904 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-09-01 05:42:48 -------- d-----w- C:\Users\Kathleen\AppData\Roaming\PwrMgr
2014-09-01 04:09:59 13824 ----a-w- C:\Windows\System32\mshta.exe
2014-09-01 04:09:57 142336 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2014-09-01 04:09:56 48128 ----a-w- C:\Windows\System32\imgutil.dll
2014-09-01 03:00:09 -------- d-----w- C:\Windows\Temp17E3557D-D80E-0766-C001-F813280DD9C1-Signatures
2014-09-01 02:40:59 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-09-01 02:40:58 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-09-01 02:40:58 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-09-01 02:40:58 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-09-01 02:40:53 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-09-01 02:40:53 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-09-01 02:40:13 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-09-01 02:40:13 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-09-01 02:38:50 -------- d-s---w- C:\Windows\System32\CompatTel
2014-09-01 01:15:15 -------- d-----w- C:\Program Files\Western Digital
2014-09-01 00:57:58 -------- d-----w- C:\Users\Kathleen\AppData\Local\Lenovo
2014-09-01 00:48:16 163840 ----a-w- C:\Windows\System32\umpo.dll
2014-08-31 23:53:44 53248 ----a-r- C:\Users\Kathleen\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe
2014-08-31 23:53:41 -------- d-----w- C:\Program Files\Common Files\Lenovo
2014-08-31 23:35:42 15472 ----a-w- C:\Windows\System32\drivers\smiifx64.sys
2014-08-31 22:57:04 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-08-31 22:57:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-08-31 22:57:01 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-08-31 22:57:00 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-08-31 22:57:00 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-08-31 22:55:59 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-08-31 22:54:39 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-08-31 22:53:33 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-31 22:53:33 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-31 22:52:14 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-31 22:52:12 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-31 22:52:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-31 22:52:12 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-31 22:52:11 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-31 22:52:11 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-31 22:52:11 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-31 22:51:06 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-08-31 22:51:06 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-08-31 22:51:05 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-08-31 22:51:04 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-08-31 22:51:04 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-08-31 22:51:02 538112 ----a-w- C:\Windows\SysWow64\objsel.dll
2014-08-31 22:51:01 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-08-31 22:51:01 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-08-31 22:51:00 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-08-31 22:50:59 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-08-31 22:50:59 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-08-31 22:50:59 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-08-31 22:50:59 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-08-31 22:50:59 51200 ----a-w- C:\Windows\SysWow64\cngprovider.dll
2014-08-31 22:50:59 49664 ----a-w- C:\Windows\SysWow64\adprovider.dll
2014-08-31 22:50:59 48128 ----a-w- C:\Windows\SysWow64\capiprovider.dll
2014-08-31 22:50:59 47616 ----a-w- C:\Windows\SysWow64\dpapiprovider.dll
2014-08-31 22:50:59 36864 ----a-w- C:\Windows\SysWow64\dimsroam.dll
2014-08-31 22:50:57 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-08-31 22:50:57 35328 ----a-w- C:\Windows\SysWow64\wincredprovider.dll
2014-08-31 22:49:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-08-31 22:49:32 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-08-31 22:49:31 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-08-31 22:49:31 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-08-31 22:49:29 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-31 22:49:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-08-31 22:49:00 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-08-31 22:49:00 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-08-31 22:48:59 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-08-31 22:48:58 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-08-31 22:48:58 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-08-31 22:48:57 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-08-31 22:48:57 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-08-31 22:48:57 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-08-31 22:48:57 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-08-31 22:48:56 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-08-31 22:48:56 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-08-31 22:48:55 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-08-31 22:48:55 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-08-31 22:48:11 -------- d-----w- C:\Users\Kathleen\AppData\Local\Tvsukernel
2014-08-31 22:44:43 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-08-31 22:44:42 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-08-31 22:44:38 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-31 22:44:38 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-31 22:44:37 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-31 22:44:33 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-31 22:44:31 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-31 21:59:08 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-08-31 21:59:08 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-08-31 21:59:08 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-08-31 21:59:07 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-08-31 21:59:07 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-08-31 21:58:53 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-08-31 21:52:35 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-31 21:52:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-31 21:31:02 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-31 21:30:59 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3CDEF187-30AF-439D-B4CE-898FEBEE73E2}\gapaengine.dll
2014-08-31 21:04:05 -------- d-----w- C:\Users\Kathleen\AppData\Local\Western_Digital_Technolog
2014-08-31 20:49:04 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-31 20:48:41 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-31 20:48:41 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-31 20:48:26 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-31 20:48:26 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-31 20:48:26 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-31 20:48:26 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M ====================
.
2014-09-01 20:10:31 283160 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2014-09-01 01:48:34 2 --shatr- C:\Windows\winstart.bat
2014-08-31 22:43:49 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-31 22:43:47 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-25 11:06:00 2855200 ----a-w- C:\Windows\System32\PWMCP64V.cpl
2014-06-25 11:06:00 2692896 ------w- C:\Windows\PWMBTHLV.EXE
2014-06-25 11:06:00 20736 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2013-05-26 17:52:23 509192096 ----a-w- C:\Program Files (x86)\PSPP_X3_TBYB.exe
2013-02-11 17:26:55 40437664 ----a-w- C:\Program Files (x86)\QuickTimeInstaller (1).exe
2012-12-21 14:21:54 12838536 ----a-w- C:\Program Files (x86)\RoboForm-Setup.exe
2012-11-25 20:48:56 32699368 ----a-w- C:\Program Files (x86)\jre-7u9-windows-x64.exe
2012-11-24 04:37:58 10595800 ----a-w- C:\Program Files\DataVaultWindowsV4_8_98 (2).exe
2012-11-24 04:34:24 10595800 ----a-w- C:\Program Files\DataVaultWindowsV4_8_98 (1).exe
2012-11-24 04:29:42 10595800 ----a-w- C:\Program Files\DataVaultWindowsV4_8_98.exe
2012-11-24 03:46:14 14774481 ----a-w- C:\Program Files\DataVaultWindowsV4_8_78 (1).exe
2012-11-20 22:38:58 6868024 ----a-w- C:\Program Files (x86)\Ti_52_win_EN_AMSP20_hfb1095.exe
2012-11-20 22:11:50 18237976 ----a-w- C:\Program Files (x86)\Firefox Setup 16.0.2.exe
2012-11-19 03:31:42 14774481 ----a-w- C:\Program Files\DataVaultWindowsV4_8_78.exe
2012-11-18 16:02:48 31160808 ----a-w- C:\Program Files (x86)\jre-7u9-windows-i586.exe
2012-11-17 22:17:26 40437664 ----a-w- C:\Program Files (x86)\QuickTimeInstaller(1).exe
2012-11-16 21:54:51 40437664 ----a-w- C:\Program Files (x86)\QuickTimeInstaller.exe
2012-11-07 12:57:54 8669472 ----a-w- C:\Program Files (x86)\Windows7UpgradeAdvisorSetup.exe
2012-11-07 12:57:45 38808920 ----a-w- C:\Program Files (x86)\FileFormatConverters.exe
2012-08-14 01:27:13 16814136 ----a-w- C:\Program Files\Firefox Setup 14.0.1.exe
2012-07-25 04:22:26 589524144 ----a-w- C:\Program Files\FamilyTreeMaker2012ESD_AncestryCS.exe
2012-06-16 00:56:55 403968 ----a-w- C:\Program Files (x86)\PublishToPhotoFrame.msi
2011-11-05 02:20:06 300408 ----a-w- C:\Program Files (x86)\SoftonicDownloader_for_photofiltre.exe
2011-09-22 11:23:05 161720 ------w- C:\Program Files (x86)\2pres.dll
.
============= FINISH: 12:03:07.13 ===============

 

[Broni]

You're running two AV programs, TrendMicro and MSE.
You must uninstall one of them.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]

 

[Phil Hunter]

RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Kathleen [Admin rights]
Mode : Remove -- Date : 09/06/2014 16:10:30
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4208041570-4174915042-3882207907-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> REPLACED (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4208041570-4174915042-3882207907-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> REPLACED (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4208041570-4174915042-3882207907-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.roboform.com -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4208041570-4174915042-3882207907-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.roboform.com -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[IE:Addon] System : &RoboForm Toolbar [{724d43a0-0d85-11d4-9908-00400523e39a}] -> DELETED
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] ece773a522e282e2fd66f84dea9d852f
[BSP] c3919c619aa6dd87363abedeb1e0ec40 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] a0601257067ac7800b8a63ee60e5ea34
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 7727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_09062014_160818.log

 

[Phil Hunter]

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.09.06.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
Kathleen :: KATHLEEN-THINK [administrator]
9/6/2014 4:31:04 PM
mbar-log-2014-09-06 (16-31-04).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 321982
Time elapsed: 36 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

 

[Phil Hunter]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17239
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.194000 GHz
Memory total: 3079520256, free: 368816128
Downloaded database version: v2014.09.06.07
Downloaded database version: v2014.08.21.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 92BEC880
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 2457600
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2459648 Numsec = 953831416
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 956291072 Numsec = 20480000
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18
Partition information:
Partition 0 type is Other (0xb)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 15826881
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 8103395328 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Phil Hunter]

ComboFix 14-09-05.01 - Kathleen 09/07/2014 17:04:50.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2937.1418 [GMT -5:00]
Running from: c:\users\Kathleen\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {5D349EF8-873B-C657-917F-F1D93E101A7C}
SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\Ti_52_win_EN_AMSP20_hfb1095.exe
c:\programdata\Roaming
c:\programdata\uninstaller.exe
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\users\Kathleen\1033.mst
c:\users\Kathleen\Documents\~WRL0293.tmp
c:\users\Kathleen\Documents\~WRL1066.tmp
c:\users\Kathleen\Documents\~WRL1634.tmp
c:\users\Kathleen\Documents\~WRL3195.tmp
c:\users\Kathleen\Documents\~WRL3719.tmp
c:\users\Kathleen\jre-6u5-windows-i586-p-s.exe
c:\users\Kathleen\MFInstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-08-07 to 2014-09-07 )))))))))))))))))))))))))))))))
.
.
2014-09-07 22:00 . 2014-09-07 22:00 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{932AD6AB-7820-4A6B-BF5F-DEE22A864FD9}\offreg.dll
2014-09-07 21:46 . 2014-08-21 16:24 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{932AD6AB-7820-4A6B-BF5F-DEE22A864FD9}\mpengine.dll
2014-09-06 21:30 . 2014-09-06 22:08 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-06 21:28 . 2014-09-06 21:28 -------- d-----w- c:\users\Kathleen\New folder
2014-09-06 21:28 . 2014-09-06 21:28 -------- d-----w- c:\users\Kathleen\malwarebytestoolkit
2014-09-06 20:54 . 2014-09-06 20:54 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
2014-09-06 20:54 . 2014-09-06 20:54 -------- d-----w- c:\programdata\RogueKiller
2014-09-06 16:43 . 2014-09-06 16:45 -------- d-----w- C:\mbmb
2014-09-05 15:02 . 2014-09-07 22:00 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-05 15:01 . 2014-09-06 21:28 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-05 15:01 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-05 15:01 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-05 15:01 . 2014-09-05 15:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-05 15:01 . 2014-09-05 15:01 -------- d-----w- c:\programdata\Malwarebytes
2014-09-02 15:28 . 2014-09-02 15:28 -------- d-----w- c:\windows\SysWow64\Garmin
2014-09-02 03:20 . 2014-09-02 03:20 -------- d-----w- c:\program files (x86)\Belarc
2014-09-02 02:36 . 2014-09-02 02:36 31744 ----a-w- c:\windows\system32\sxssrv.dll
2014-09-02 00:16 . 2014-09-02 00:35 24576 ----a-w- c:\windows\SysWow64\sxssrv.dll
2014-09-02 00:15 . 2014-09-02 00:15 -------- d-----w- c:\users\Kathleen\AppData\Roaming\dll-files.com
2014-09-02 00:15 . 2014-09-02 00:15 -------- d-----w- c:\programdata\Logs
2014-09-02 00:15 . 2014-06-10 17:27 19392 ----a-w- c:\windows\system32\roboot64.exe
2014-09-02 00:15 . 2014-09-03 13:46 -------- d-----w- c:\program files (x86)\Dll-Files.com Fixer
2014-09-01 19:07 . 2014-09-01 20:26 -------- d-----w- c:\program files (x86)\RegUtility
2014-09-01 19:03 . 2014-09-01 19:03 -------- d-sh--w- c:\users\Kathleen\AppData\Local\EmieUserList
2014-09-01 19:03 . 2014-09-01 19:03 -------- d-sh--w- c:\users\Kathleen\AppData\Local\EmieSiteList
2014-09-01 18:07 . 2014-07-25 13:49 10747904 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2014-09-01 05:42 . 2014-09-01 05:42 -------- d-----w- c:\users\Kathleen\AppData\Roaming\PwrMgr
2014-09-01 04:09 . 2014-09-01 04:09 13824 ----a-w- c:\windows\system32\mshta.exe
2014-09-01 04:09 . 2014-09-01 04:09 142336 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2014-09-01 04:09 . 2014-09-01 04:09 774144 ----a-w- c:\windows\system32\jscript.dll
2014-09-01 04:09 . 2014-09-01 04:09 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-09-01 04:09 . 2014-09-01 04:09 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-09-01 03:00 . 2014-09-01 03:00 -------- d-----w- c:\windows\Temp17E3557D-D80E-0766-C001-F813280DD9C1-Signatures
2014-09-01 02:40 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-09-01 02:40 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-01 02:40 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-09-01 02:40 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-09-01 02:40 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-01 02:40 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-09-01 02:40 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-09-01 02:40 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-01 02:38 . 2014-09-01 02:38 -------- d-s---w- c:\windows\system32\CompatTel
2014-09-01 01:15 . 2014-09-01 01:15 -------- d-----w- c:\program files\Western Digital
2014-09-01 00:57 . 2014-09-04 22:06 -------- d-----w- c:\users\Kathleen\AppData\Local\Lenovo
2014-09-01 00:48 . 2011-01-14 06:23 163840 ----a-w- c:\windows\system32\umpo.dll
2014-08-31 23:53 . 2014-08-31 23:53 53248 ----a-r- c:\users\Kathleen\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe
2014-08-31 23:53 . 2014-08-31 23:53 -------- d-----w- c:\program files\Common Files\Lenovo
2014-08-31 23:35 . 2013-05-22 21:17 15472 ----a-w- c:\windows\system32\drivers\smiifx64.sys
2014-08-31 22:57 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-08-31 22:57 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-08-31 22:57 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-08-31 22:57 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-08-31 22:57 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-08-31 22:55 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-08-31 22:54 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-08-31 22:53 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-31 22:53 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-31 22:52 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-31 22:52 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-31 22:52 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-31 22:52 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-31 22:52 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-31 22:52 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-31 22:52 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-31 22:51 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-08-31 22:51 . 2014-03-04 09:20 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2014-08-31 22:51 . 2014-03-04 09:43 455168 ----a-w- c:\windows\system32\winlogon.exe
2014-08-31 22:51 . 2014-03-04 09:47 5550016 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-08-31 22:51 . 2014-03-04 09:44 722944 ----a-w- c:\windows\system32\objsel.dll
2014-08-31 22:51 . 2014-03-04 09:17 538112 ----a-w- c:\windows\SysWow64\objsel.dll
2014-08-31 22:51 . 2014-03-04 09:44 424960 ----a-w- c:\windows\system32\KernelBase.dll
2014-08-31 22:51 . 2014-03-04 09:16 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2014-08-31 22:51 . 2014-03-04 09:43 44544 ----a-w- c:\windows\system32\dimsroam.dll
2014-08-31 22:50 . 2014-03-04 09:43 57344 ----a-w- c:\windows\system32\cngprovider.dll
2014-08-31 22:50 . 2014-03-04 09:43 52736 ----a-w- c:\windows\system32\dpapiprovider.dll
2014-08-31 22:50 . 2014-03-04 09:43 56832 ----a-w- c:\windows\system32\adprovider.dll
2014-08-31 22:50 . 2014-03-04 09:43 53760 ----a-w- c:\windows\system32\capiprovider.dll
2014-08-31 22:50 . 2014-03-04 09:17 47616 ----a-w- c:\windows\SysWow64\dpapiprovider.dll
2014-08-31 22:50 . 2014-03-04 09:17 36864 ----a-w- c:\windows\SysWow64\dimsroam.dll
2014-08-31 22:50 . 2014-03-04 09:17 51200 ----a-w- c:\windows\SysWow64\cngprovider.dll
2014-08-31 22:50 . 2014-03-04 09:17 48128 ----a-w- c:\windows\SysWow64\capiprovider.dll
2014-08-31 22:50 . 2014-03-04 09:17 49664 ----a-w- c:\windows\SysWow64\adprovider.dll
2014-08-31 22:50 . 2014-03-04 09:44 39936 ----a-w- c:\windows\system32\wincredprovider.dll
2014-08-31 22:50 . 2014-03-04 09:17 35328 ----a-w- c:\windows\SysWow64\wincredprovider.dll
2014-08-31 22:49 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-08-31 22:49 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-08-31 22:49 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-08-31 22:49 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-08-31 22:49 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-31 22:49 . 2014-05-30 08:08 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-08-31 22:49 . 2014-05-30 08:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-08-31 22:49 . 2014-05-30 07:52 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-08-31 22:48 . 2014-05-30 07:52 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-08-31 22:48 . 2014-05-30 08:08 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-08-31 22:48 . 2014-05-30 08:08 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-08-31 22:48 . 2014-05-30 08:08 340992 ----a-w- c:\windows\system32\schannel.dll
2014-08-31 22:48 . 2014-05-30 07:52 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-08-31 22:48 . 2014-05-30 07:52 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-08-31 22:48 . 2014-05-30 07:52 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-08-31 22:48 . 2014-05-30 08:08 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-08-31 22:48 . 2014-05-30 07:52 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-08-31 22:48 . 2014-05-30 08:08 22016 ----a-w- c:\windows\system32\credssp.dll
2014-08-31 22:48 . 2014-05-30 07:52 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-08-31 22:48 . 2014-08-31 22:48 -------- d-----w- c:\users\Kathleen\AppData\Local\Tvsukernel
2014-08-31 22:47 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-31 22:44 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-08-31 22:44 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-08-31 22:44 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-31 22:44 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-31 22:44 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-31 22:44 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-31 22:44 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-31 21:59 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-08-31 21:59 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-08-31 21:59 . 2014-02-04 02:35 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-08-31 21:59 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-08-31 21:59 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-08-31 21:58 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-08-31 21:52 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-31 21:52 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-31 21:04 . 2014-08-31 21:04 -------- d-----w- c:\users\Kathleen\AppData\Local\Western_Digital_Technolog
2014-08-31 20:49 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-31 20:49 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-31 20:49 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-31 20:49 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-01 20:10 . 2013-09-21 04:29 283160 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-09-01 01:48 . 2013-01-27 00:23 2 --shatr- c:\windows\winstart.bat
2014-08-31 22:43 . 2012-04-04 23:05 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-31 22:43 . 2011-05-24 21:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-31 20:54 . 2011-08-11 16:44 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-25 11:53 . 2011-03-31 22:15 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-01 04:41 . 2011-04-01 16:30 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-06-25 11:06 . 2010-11-04 07:01 2692896 ------w- c:\windows\PWMBTHLV.EXE
2014-06-25 11:06 . 2010-11-04 07:01 2855200 ----a-w- c:\windows\system32\PWMCP64V.cpl
2014-06-25 11:06 . 2010-11-04 07:01 20736 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2013-05-26 17:52 . 2013-05-26 19:09 509192096 ----a-w- c:\program files (x86)\PSPP_X3_TBYB.exe
2013-02-11 17:26 . 2013-02-11 17:25 40437664 ----a-w- c:\program files (x86)\QuickTimeInstaller (1).exe
2012-12-21 14:21 . 2012-12-09 16:59 12838536 ----a-w- c:\program files (x86)\RoboForm-Setup.exe
2012-11-25 20:48 . 2012-11-18 16:00 32699368 ----a-w- c:\program files (x86)\jre-7u9-windows-x64.exe
2012-11-24 04:37 . 2012-11-24 04:37 10595800 ----a-w- c:\program files\DataVaultWindowsV4_8_98 (2).exe
2012-11-24 04:34 . 2012-11-24 04:34 10595800 ----a-w- c:\program files\DataVaultWindowsV4_8_98 (1).exe
2012-11-24 04:29 . 2012-11-24 04:29 10595800 ----a-w- c:\program files\DataVaultWindowsV4_8_98.exe
2012-11-24 03:46 . 2012-11-24 03:45 14774481 ----a-w- c:\program files\DataVaultWindowsV4_8_78 (1).exe
2012-11-20 22:11 . 2012-11-20 22:11 18237976 ----a-w- c:\program files (x86)\Firefox Setup 16.0.2.exe
2012-11-19 03:31 . 2012-11-19 03:31 14774481 ----a-w- c:\program files\DataVaultWindowsV4_8_78.exe
2012-11-18 16:02 . 2012-11-18 16:02 31160808 ----a-w- c:\program files (x86)\jre-7u9-windows-i586.exe
2012-11-17 22:17 . 2012-11-17 22:16 40437664 ----a-w- c:\program files (x86)\QuickTimeInstaller(1).exe
2012-11-16 21:54 . 2012-11-16 21:53 40437664 ----a-w- c:\program files (x86)\QuickTimeInstaller.exe
2012-11-07 12:57 . 2012-11-07 12:57 8669472 ----a-w- c:\program files (x86)\Windows7UpgradeAdvisorSetup.exe
2012-11-07 12:57 . 2012-11-07 12:56 38808920 ----a-w- c:\program files (x86)\FileFormatConverters.exe
2012-08-14 01:27 . 2012-08-14 01:26 16814136 ----a-w- c:\program files\Firefox Setup 14.0.1.exe
2012-07-25 04:22 . 2012-07-25 04:07 589524144 ----a-w- c:\program files\FamilyTreeMaker2012ESD_AncestryCS.exe
2012-06-16 00:56 . 2012-06-16 00:56 403968 ----a-w- c:\program files (x86)\PublishToPhotoFrame.msi
2011-11-05 02:20 . 2011-11-05 02:19 300408 ----a-w- c:\program files (x86)\SoftonicDownloader_for_photofiltre.exe
2011-09-22 11:23 . 2011-09-23 04:05 161720 ------w- c:\program files (x86)\2pres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-11-08 1095000]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2013-01-16 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-12-04 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\program files (x86)\ThinkPad\Utilities\PWMTR64V.DLL" [2014-06-25 6359328]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-07-22 5562736]
.
c:\users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 Power Manager DBC Service;Power Manager Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys;c:\windows\SYSNATIVE\DRIVERS\tmnciesc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 17:46 454176 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:42]
.
2014-09-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2014-09-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10081312]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-10-09 229824]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-05-29 60920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://duckduckgo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Leave a note for Been users - c:\program files (x86)\YippyHUB\Basement\BackgroundEngine.exe/205
IE: &Remove from Been Clickstream - c:\program files (x86)\YippyHUB\Basement\BackgroundEngine.exe/206
IE: &Save as Been Favorite - c:\program files (x86)\YippyHUB\Basement\BackgroundEngine.exe/204
IE: &Thumbs Down - c:\program files (x86)\YippyHUB\Basement\BackgroundEngine.exe/202
IE: &Thumbs Up - c:\program files (x86)\YippyHUB\Basement\BackgroundEngine.exe/201
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Editor - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: RoboForm TaskBar Icon - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {{320AF880-6646-11D3-ABEE-C5DBF3571F4E} - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files (x86)\Siber Systems\AI RoboForm\roboform.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4208041570-4174915042-3882207907-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4208041570-4174915042-3882207907-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\UnHackMe\hackmon.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2014-09-07 17:33:48 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-07 22:33
.
Pre-Run: 138,415,755,264 bytes free
Post-Run: 138,533,634,048 bytes free
.
- - End Of File - - 42C6AE0497B858AB126F3B4406C1FF7C
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[Phil Hunter]

# AdwCleaner v3.309 - Report created 07/09/2014 at 18:48:10
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Kathleen - KATHLEEN-THINK
# Running from : C:\Users\Kathleen\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\entrusted
Folder Found : C:\Users\Kathleen\AppData\LocalLow\entrusted
***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\entrusted
Key Found : HKCU\Software\AppDataLow\Software\iWon
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\entrusted
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{076D6805-301A-47C1-BC0A-A04A53CEF820}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDF7B675-5438-4D59-A142-CE1349D279A5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.4
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239

*************************
AdwCleaner[R0].txt - [11001 octets] - [07/09/2014 18:48:10]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11062 octets] ##########

 

[Phil Hunter]

# AdwCleaner v3.309 - Report created 07/09/2014 at 21:09:09
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Kathleen - KATHLEEN-THINK
# Running from : C:\Users\Kathleen\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\entrusted
Folder Deleted : C:\Users\Kathleen\AppData\LocalLow\entrusted
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photofiltre_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{076D6805-301A-47C1-BC0A-A04A53CEF820}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDF7B675-5438-4D59-A142-CE1349D279A5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\entrusted
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\entrusted
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239

*************************
AdwCleaner[R0].txt - [11311 octets] - [07/09/2014 18:48:10]
AdwCleaner[S0].txt - [10992 octets] - [07/09/2014 21:09:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11053 octets] ##########

 

[Phil Hunter]

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Kathleen on Sun 09/07/2014 at 21:32:28.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
~~~ Files
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Kathleen\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Users\Kathleen\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Kathleen\appdata\locallow\couponalert_2pei"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\dll-files.com fixer"
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0008C322-85AF-477D-8942-2671870743B8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0032F4CF-D3E1-4C02-B147-71967BCE9221}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{00B3B661-D02C-4280-B9F1-C50B2B316C55}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{010B9644-8708-4F02-9F05-91CCB0592F4D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{018DCF5F-57DE-4EC6-8D5E-57228659AEAF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0199E31B-482F-43DA-B1D6-7D25C66B73BF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{01C94EFD-AB07-424C-AC6B-44D85E4B5B7B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0239DCB2-6D75-4DF9-B4E5-A09BB869BF39}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{02F7BBDF-19C3-427D-A90A-D9EC6E0406D3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{03CFFF48-544D-4370-AEA9-A720ABE5A500}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{041BB414-FFD2-43F4-94A3-CD75D126357C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{04291F4E-E030-4AB2-BE45-1080C8A8B326}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{043C43E6-9B0F-4E30-A306-21ABAAC41DC6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{04AF2BE8-AAC6-45C3-A846-6DB847BBDD8B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0569E52E-C4D7-4E1B-BFC8-DFEB181386C7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{05EBF4DB-2F0F-4C58-ACD2-3C4C665A80DA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{05F3145B-1634-4F98-A70A-7FE6CF5D69CF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{067B13EE-A4B1-429D-A3CC-BC8067579A9E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{06E98976-7B18-4865-944B-0DFB426E8167}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{07A620D9-53D1-4AD0-9DCC-25EDD637A088}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{07B1A90A-C4B5-4551-ADE0-9254193A4788}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0826D1E7-D9B9-4F03-91C5-7A1BD2CC07A3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{08FA29C6-3BA3-41F7-9262-1BC7215DE997}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{093A5D29-2E82-4E59-9852-97383E2BD4CD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{099813C0-66E5-4107-88BE-5AEEA3215383}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{09EB625C-A994-4D77-BA84-CC61A7131681}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0A2ADBD7-23E9-4FED-8CC9-508F8F26A876}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0A6F1D8F-E9E0-4EB2-98D5-7A3ABCD456B3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0A95415C-497A-4C5D-8A4A-F94F5B38B5A7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0AB987BA-DBEF-4C09-93D8-6AE27BC331C4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0AD12307-8ED5-43D8-90C2-BC8331E25CBE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0AE42828-2495-4807-9EDC-6FEB6E4875E5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0B14C80B-F34B-4CE1-BA03-70A5B8C60199}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0B317CCB-917E-4448-93BC-E0DA192B47D2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0B6E1739-9CD3-4CBA-BE23-C86AC7E465AD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0C0AD319-FC88-4FC5-B0E3-30DDF1A5BB29}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0C7EBB8A-3D92-45C8-BA18-C4AF7B1C064A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0D202673-44F4-4B6D-A07D-432F8296FF32}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0D3BBFD6-1813-4D11-8C6F-F205F94E4338}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0D67EF78-1D5A-4AC0-B0C6-A603BBB39F4E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0D70491A-F0B5-4004-ABEF-4B2C4A82570E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0DCD5133-9351-469F-BA49-D2D21431A199}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0E254928-BAB9-40CF-9025-E96AC454FE7E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0EC87854-C789-4436-8502-729DDEB331A5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0F05DDE4-63AA-4026-A7C3-78E1C60111FD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0FAA514A-8880-46AB-8A5E-533DAF3823AF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0FCBD7C7-27A8-485F-A32D-11494BA8636A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{0FE66866-A33E-463F-9A1F-0B922687F1C2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{10A7D401-8B62-4AD6-A523-1CC18316A3A9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{11519C99-6658-4655-AEDB-FAB44E82A041}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1239BDDB-E717-49A9-9A5D-6995D6784CEE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{12960121-A90B-4CB5-94D3-9DCAE69DB91D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{133DE1AB-B1A9-48FA-AB4F-9C81222D35F0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1345A4B7-8E88-4ECB-BCD0-75F2845459E4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{13AC878B-DB13-478D-BF71-19D787C76872}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{13F4E58E-A7F4-45DF-9423-EFA3B4924A97}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1415FA6F-DED4-46A1-82AB-35DD81ADC5AF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1426531C-BFA7-412E-9285-3DEB16143AF0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{14D43E22-0104-4091-8915-A656600E0455}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1547681B-3D09-4413-864E-E0146CE8021D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{15DAC3F2-EE10-4720-A005-1FE3113EEAC3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{16222B68-98FB-44C6-83F4-D7108C2378DC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{17214C84-76B0-42A7-90B7-4B4326DB8520}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{176B174D-3B28-4B12-861C-0F6FCC4E553E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{177D9A60-F507-4CEF-B012-2FB121A3E52C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{179E9B61-26CD-4E81-A8EE-CECBF29721D7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{17BE439F-DA77-46D9-A3D3-94C6302DF6B7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{17C4D574-F430-4065-960D-B385B1A81E3C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{193AFCEB-354A-4654-9336-29E5D7E8424D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{19762F45-3D65-403B-BE31-08D05AB6BE00}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{198E6EB6-9F06-436C-A3D4-D43D543EDCB1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{19CE0220-3285-4A27-B57F-C066658C0EDD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{19F26BCB-7386-47C9-9805-385410E3CE9D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1A00F2E1-8265-4014-8303-1DD233581BE5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1A10CA62-D849-418F-B432-2D7253CCC616}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1A85D0C9-6B5D-4292-8B93-AEB27D9860DC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1AB16FF3-755E-4C0B-BC49-2A04E17DE3A4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1AE65552-1E8D-413B-BD92-180823C02F96}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1B8ACB8C-34AD-4785-94C3-A580C41B9BD8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1BBEF48A-D457-477E-AE5F-26B177CF8523}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1BC64D48-59EF-4852-8656-712778AF5B2A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1C53FB81-384D-4BED-8095-C34BB417AB3B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1C5A5089-A3E9-4F98-9557-1B8F0ABDE81A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1C691B48-9585-4DCF-91E4-3A44C174E658}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1C90CE38-93E9-4FB9-8719-A869C405798D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1C9E5BA1-50B5-4D31-A3D9-6BC308A5DCF0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1CAB9B84-7CA8-49E2-8E2E-2789A84E0B53}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1CC9F53E-43D8-412F-8574-E930F1E4E777}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1D27CA07-CB30-4613-BC56-A5A3142AB015}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1D2B3E88-9670-43E3-83F6-357D6FDEBF0C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1D2DEE11-6A3E-4512-8AF7-B9694703F27D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1D3529F0-AADA-44F0-9A0A-3ACF14471EB2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1D39C85E-B524-4661-A4F3-EE98FE6BFBC8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1D5B886D-D5A8-4D10-A1C9-4946E1A8C9AC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1D829FB1-F43B-485D-A863-1ABC5CEC0E95}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1D8BB40A-495E-4FEB-A643-2A5D49FB3A49}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1D96F06F-8E1E-4A45-BDA1-B7F108DB82BD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1E0B1BFA-AEE3-4322-9179-DF49348B47CA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1E294C5D-ED9B-454E-93A4-76DFA466345A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1E39FFAC-F48F-4644-9387-493319FB7CD5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1EDC47AC-FFC4-406C-A359-AC8763AA71D3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1EF51118-D88A-4346-AC19-A9372E5DE3BE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1F4E838F-62B8-4D51-AFC4-CCE9564B627B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{1FBC3F52-6C5C-400F-B300-FFCF7F8DB08A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2022340F-334F-4F6A-9325-D3D2B005465D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{20641790-213F-40B3-B1EF-9422DB18CA29}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{20DE0A16-2875-42D0-9B90-04740E086585}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{20F16792-1C7C-406F-94CC-2A852D600CBE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{213B9784-B8A9-4423-B89A-5229FA579D42}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2145DAF1-76BF-4CEE-AB67-DAD07353A694}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2154F4D0-C7BC-47DB-89BD-886EDCEE462E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{216DD08D-970A-441A-B09D-2991D2E16945}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{21826925-0BE2-4FAB-97CE-B0EE845FD5D5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{21AA41BB-6F2B-4A7C-9392-467B41D966E4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{21D5840D-926E-49FF-B61C-239F416F9F7A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{22104954-2493-4A78-95F3-576F086FF436}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{225EA295-DA53-4826-AD70-435F78A65CFA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{226D82F0-BC5F-4ACA-9EED-D2AE9EBEF359}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2298F7DC-5F16-4625-98D9-E8B20F53F0EE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{22B77026-F5E2-4191-9A87-F3E6ACEFE52D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{22B7870A-58A4-43A7-B6A4-35C1FBD3CBFA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{22BEBE6E-FBEF-493A-88B6-951E2BE25ADD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{230A6528-877D-41DF-ADD0-6BB784486D6A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2314A8E9-0DFA-478B-A6C2-445A6C6FBDD6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{231C4E3D-D5DD-457E-83AB-8BADDDFEE51A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{23372930-FEFE-4D9D-8540-380CAA75BBB1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{234B3505-DB0D-4D29-8EE8-FDC14820FC5C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{238F6CE6-8F63-4CD3-9EBF-FA9272A04ED1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{23CE4F9D-C1FE-4402-A72B-CEA2B783D26F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{24143162-E88C-4C63-B0D6-78BED407A392}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{24A3E4B1-AD5E-4964-B79D-857AD5A2680C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{24FD6A44-A701-4B1C-B2C7-787D6B184B45}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{254CFDCE-A69C-4851-955A-576E69FBE3AF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{257C6FD6-AA3D-4206-A139-85F7679FABFF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{259AC7C9-3BF2-414A-B366-D4C052080EFD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{26121C93-D8F9-473A-966C-ECC0E3691A91}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{268A6684-E495-4F32-88E9-6475DEBB9E99}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{26DB0D50-23E5-4239-8E12-1363E4520B79}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{26DD2ADA-6D6C-4025-8465-793F1207F58B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{28133FF8-7B0B-4CDD-AB79-09D0EF703F97}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{288BC4E4-3B5A-4EA3-9B72-F47ECFCB9704}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{28D28D4F-5EC4-46CD-86FE-389D8D2E565C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{29255F16-BFA2-407E-BFE4-C3F3DE385ACF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{292AC391-BC3C-4995-8A02-699D0E721066}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{297195B8-F7B4-484F-A8E5-311076700371}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2989988E-4FF9-4B53-A096-9F27923C2ADE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{29EF19F6-7A49-454E-9DBF-0AC752328077}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2A6089C8-C43B-4268-9568-29D00B29D19B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2B042528-DC43-4286-B530-A473F8D42063}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2B0757D5-722F-470B-9B42-33A19DA6A8EF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2B58EE4E-622D-455E-8E1F-E7332919B299}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2C27B177-A8DF-4A68-904E-776BC6677489}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2C7239B1-165F-4EC2-BBD4-41A945F62DC8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2CD5C59B-0680-47AF-878B-320110CAB1DF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2D020B0F-F64B-4547-AD5F-AED40CADFFAE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2D1FCE44-11EB-4319-87FB-AD7ED439D734}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2D3E7075-5866-47DC-849B-49532AF73F66}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2D6BB0DA-D057-4232-931C-3DB3B70D10B9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2E084D23-3273-425B-ADA8-7F72FF51107B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2E168D39-1EF5-4D32-BC51-8707B825E80E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2E7BE698-D69C-4B1A-BA0D-821A641256BE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2ECD9014-B06D-4AEA-A49B-F95C5542432C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2F269615-AD76-4B0C-870F-722C17594094}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2F59C4F0-78CB-4192-BCAE-51BE67ABCC8F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{2F98D0D8-A439-494B-8F95-DB3B541FC32C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3015483D-7270-4C6D-A8BE-F4731EA6D4A3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{301E6749-BF30-4BAE-9FD9-10E328D01561}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{305A6456-0EC4-45B1-998C-375A5839AFBB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{306C7317-864A-4B2D-87D5-F6F5CCFB1B90}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{309924C3-EE5B-4297-B0AB-E6125A4F0C32}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{30A2B065-81AF-4F25-A95B-B362285ECCD6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{30B5D3B4-C875-415D-B1B0-354FBFDD47F8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{31634D89-3BB3-477D-A81B-52FE86EA258F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{316977F5-3432-4394-BA62-B8E624EC55E2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{31855CC1-5110-4F11-A5C7-73247AD528A2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3204378E-42FA-48F2-BE31-69C0A0B95977}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3205CF8D-5E02-499E-9C9C-00194DAA93B2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{32446750-7FD1-43E2-A4B6-55A3A68284BA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{32868E06-1888-48B5-A802-32798731F3CE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{329CC19E-56AA-4E03-BEF3-F636BADF7A86}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{32C6598E-4C6D-4880-A750-8E2E572C453F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{32FF0051-F9B4-4445-BE26-121B538E0C6C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{33473CDE-F203-4E84-B263-FC658CB85B19}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3384B746-CB47-4C48-B413-EC53C898707B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{33B87281-C696-4FC2-A22A-EEDE8CB8F823}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{34913F65-28EF-4028-B9E8-0DEF811394AC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{35B201DC-7E65-4420-A66C-242A976B751E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{36973F81-413D-4C4D-A785-8F5E75084833}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3739E73D-FDE8-4710-8E04-ABA79AE2C611}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{37551C5C-0201-4E80-9BAC-89E064DFDBB2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{377097D6-D905-416F-9A6A-23D1916D064F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3771C38A-7647-44C2-9E32-2BFEC229CE8D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{377B10D4-A4E3-463C-95D0-76C134C313C3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{37924C37-C76F-4512-8DBA-E92D65C53592}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3796C029-B1E1-4F8B-AC7D-3414292FA085}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{37B56ABB-A549-4459-989B-ABA25A4719F8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{38271241-9D06-43CD-A19B-2BB6AF7D01A1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{389FEBA5-8D66-4393-A80C-A8DFADA21ADA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{38AF6640-08DB-4C51-AD95-337D57B9D0C4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{38F95B6C-C1E3-496F-85EC-6ABD7E4BE1ED}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{38FD646C-96CC-4FE6-90C9-72F8E78D886D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{39103772-EE07-4227-9AA0-E71073A68C70}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3925EE9F-E30B-4E52-A8BC-29C0C9FF7AC4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3927920F-F68F-4630-B2EA-CE913F22C7C0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3A1D3A42-2C17-4A60-8BB8-E7B235BDFDE4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3A9875E6-76A4-45A6-BCA5-2777C20566DF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3AF3718F-FAC9-4C52-846A-B98E23E99770}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3B7E112F-231E-4F9F-A082-069EDC2A4E68}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3BA361B6-1AF5-4586-A4A9-1F220999A86E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3BA818D6-3EF7-41F6-AEEF-3830A90C77A8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3BCEAC8F-4D5C-4EA7-B963-0803C803A384}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3BE08118-108C-41AA-AA39-CA47A0498762}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3C04267D-D8F1-42C4-8772-C762891C5B1A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3C273150-F45E-44D6-955E-C83C4E42DEB6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3C28618C-3A96-48D2-9183-2F54B5D095FF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3C487B27-9282-42D8-89DD-A0214ED3B1B0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3C9ECC0B-28DD-440F-8CDE-1878613C66E4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3CBBD1D3-101A-4DF5-8D02-B37FAB0D5652}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3DB88AD3-1458-413C-AB02-43FE767F8EDF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3DDF27E4-9704-4CE6-B5FA-314E5D400479}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3EAC42DB-4CAD-47BC-A112-DCE4341CA318}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3EB8223F-F20E-40F1-9D8E-639A5C3D6C70}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3F26B436-541F-439A-A40E-577D54D51A08}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3F339B9F-5C7D-4C1B-94CB-E4CE6B590BE9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{3F4630C2-63D8-448F-B27D-5E78F2890E38}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{40CF90D6-1853-4638-B31F-80AC4A1F4878}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{41438D98-51CA-452E-8751-DCBBA89A53DF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{41669F44-7387-430C-922E-9153562A62C4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4174DA55-C2FA-441A-A550-CC8291DBAA22}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{417C6A7A-3E7F-4D17-A1D7-C6E02750B3E8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{41A69E59-DBEF-4536-9D2E-7ECFDABDAE09}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{421B3D21-B1E2-40F1-911F-DD864EC7A9E2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{425A2DFC-CB44-4687-BF00-AF80980776BA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{42A30CF2-CA2A-4CB0-8633-072B060E9DF4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{42FF3E83-D53B-4B36-B8B2-7C4B21CBF7F5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{43722B45-5397-47AA-B575-9F2A7B77C716}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{44358481-95A5-4B85-B0B0-E6FBCC4FD0EE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{44ED652F-C124-4345-9E0C-5C5526BAF888}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{459EFE22-9A6D-459B-9342-3E557875D63F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{460DF91B-3BD7-431F-B9EC-B29AABE106A4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{462F21BA-790D-46AF-9FA2-64BF6371B366}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{46584684-83D1-46EA-90F6-B0C50E1C2561}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{465FD791-CBE7-449E-A1A3-2D1346B4DF14}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{46725BBA-D2AC-445E-9AD4-A4C8F2FACF49}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{47360C1C-3961-4ED3-A132-E11B9C62DBB1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4737B493-1C93-49EE-A8BC-BD2675226F7D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4756E289-A2BA-4B01-A27C-B5DAC93E5B4D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4757283D-CF14-4FB7-9094-CD2473A44EEA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{47DC78D8-36F9-4D42-A646-216646D3F865}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{47F9360B-683C-43CF-92EC-4393A0263274}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{48179BB3-BFC3-4E7C-B92A-3D0C2146445E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{483A736B-E8C9-4708-AF44-C60F34FEF949}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{487D943B-D2BA-4AD2-A175-0DD3AC98791A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{48F77AA7-E961-494F-B397-ABB094F06628}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4A2DADE6-E38D-4A3D-86BD-44D4442F61F1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4A7C7BD9-2156-44C0-8F1E-AD5A2BE34109}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4AC3CA1B-87C3-44DD-9E3F-8A24B6B0A695}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4B64BF22-9865-4B25-BD93-A28B9336D953}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4BED4FF1-6617-4004-8056-FAF0258F709B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4C3AD6E4-D053-4539-8FB2-C1C8F69597E9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4C486485-7FBD-48F5-BA1F-0FB923E0A34E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4CA5920D-592C-4B7D-BA12-3E9BC7EDB644}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4CBE0AF0-29EE-4EC6-A824-6C68F8D7B776}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4CE0E225-0B4D-4840-8B1A-DAEEB681AC9D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4D8CC440-EE63-4089-A4D1-96B9B7816CB2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4D94AC55-1623-4E18-987C-B2A8B240349B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4DB70CAA-F10E-49E3-AE1C-A5E9D3204590}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4DBEDE57-2B68-4D14-AA7E-71BEEA4BA18F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4DCB3247-B9C1-427D-94B5-44628EA3C4EF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4DF3A8C1-D1E9-4D23-910F-936E0FA33B49}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4DF7D494-0011-4104-9028-E463E31F8150}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4E06E2D6-6071-47C2-AA29-658A1F72AB36}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4E0BB2E3-566A-477D-AE2D-609686752ECB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4E20F779-D930-48B3-8BDD-C208FF931E4A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4EF9633B-CDA5-483B-AE65-5A293D1B36D4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4F3DDBFC-38CA-4512-BE95-0BA59AD209F8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{4FA26430-8AAE-484E-BB44-3F352D3DE9C7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{508FE275-DCC2-424A-9653-AEC418208BA2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{50F70267-66F9-4C55-92E2-0206B505D355}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5106206F-944A-44A6-A4FD-A8F4E5E4C32F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5300E148-21CE-4E61-A345-A2B995356D4E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{53F3F3FD-1382-4CED-8F85-418245AA1DC6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{54389E06-B7BF-4F98-93D4-FDE6FFEFB95B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{545E4308-4E6A-4971-A900-DCA5CC93BC2A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{54FAB9BF-46FE-4BE1-B1A1-D28870245C71}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{54FEF125-2155-4CAD-B3FA-8B09BB7F5DE4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{552EE102-E442-4564-830C-663BE90065D3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{556CC12C-865B-4082-9334-84F7EC5C86B7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{563A7E7F-A67F-4DDF-82C6-FAEC3AD36773}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{565C5623-5531-450C-94D9-1F08FF354BD8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{567F1E73-5742-40AD-A0C6-5F0F82DF31A5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{56CC3D92-D912-4F89-92E9-535EA274CD78}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{56E06535-E975-4480-9AB6-5AAD6A8989AB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{56FD850E-5408-4DB1-A7E6-B908DDFA4105}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{571F538A-0A90-45C3-8F6E-E3300651243D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5772AF30-B336-4971-87B3-63954EE133B9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5789313F-F4EA-4983-8B29-48591EE6889D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{578D9C58-C1FA-4D27-8D42-66C632F6FA49}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{588C9934-F2C1-41A6-B6AE-FD8BCEFD1EC8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{58F03941-8177-4EFC-BBF4-7509BAE48F50}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{59A22A7A-929A-4AB0-B399-BB1807868112}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{59DC141A-E341-4F49-8F69-3B9522234E61}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5A36963F-C90E-4777-9882-15A5FE13F7D5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5A68C834-DF73-4687-96DA-BB7E5DC67CB6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5A89AF9C-313D-46AC-A2ED-2556FC792A2B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5ABB1212-5E2A-46ED-8DEF-CFE40845666B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5B22D379-7B44-441C-A46A-774CA41A98AE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5B3ADCCE-5D17-466C-AF3F-B465817FF1E1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5B6BBDA5-B29D-45DE-B196-600A3EB6B890}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5BC4D90F-74B3-4D41-A5F7-7373157489A5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5C11A27A-1BEB-4FA9-96C0-967298A002EB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5C1E3EED-1AD8-43C7-9234-7C76D14044AB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5C8BAA83-52C0-4B95-933D-BCE169A59EDC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5CA66919-0612-4FEA-8BEE-F5C819F996A1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5D4A48C0-6C55-48C5-95AF-89648DBA3AD7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5D7BC4ED-14E7-4343-82D7-1DA65D4B926D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5D967458-AD03-4BE0-973B-B69A5C21F765}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5E2AC4AA-F67A-44C2-98C8-2E314345EC33}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5ECC7F22-E59B-4509-8066-52DED7B524C5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5F1E9C99-3335-4B88-9C65-8EA74C7C69FD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{5F5DAC92-EE93-407C-B585-A78C1DEC976C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{601948C1-11F7-472F-8982-F30E81C5D5C4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{60A36997-8E34-4376-960B-553D7CA327AA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{60AE2D6E-24FF-45EC-BE56-FCE29B00AA4D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6189CBE9-F4BD-4F3D-BA91-A9E03009E345}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6191209E-FBA6-4A35-98FA-80A0778E0C88}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{62A2BDE2-2545-4827-8D54-0B12C9E5A269}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{63144450-611B-4B2D-B0C5-779A962BABFF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{636EE621-8C82-466F-BB04-A0010D0141EA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{63C18018-7DDD-419B-A684-F929FFD456F7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6453C6FD-1725-426A-8F69-E844F8D948D0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6536449D-F534-45A4-AB9E-4A2CED68A995}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{65B80C3C-6EAD-4CFE-8DEF-2A16A56814F7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{66117665-E490-4008-B0AF-7F0DC9B68CB5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{66290A3F-8BAC-49F2-8EE7-6F8C2B32135A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6665594C-68AE-4BE0-B184-4DE008C34B31}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{66DEA793-EDD0-4060-A30F-946A07736A9E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{66EBBB05-D602-4679-8637-06F88CA8A301}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{66FF159E-6011-4B48-AF84-5127509E3270}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{674A0F19-D6B3-4137-A32F-990D545AE7EE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6787D1B2-B7E4-42CF-9BA5-DE8D4CAC83BA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{67B05648-7316-4964-B871-3FA6BF439A8C}

 

[Phil Hunter]

Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{67BBDC53-260D-40EE-A264-82EDFBC686B5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{67D3EF85-D2E9-40B4-BCF5-EB07BFE3FB3B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{68420CC0-860F-4B23-8BDA-3022ACC14CC3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{68613820-B267-47EB-AE12-5649C2628FE0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6919A49F-2A6A-45F7-9E24-1C0940525B78}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{698FC583-3AB9-489C-8C21-1D0D6395EBA0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6A45E431-5266-409A-AE06-6C65CD14ABDA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6A7E99E9-C181-4A74-984A-F7B5001A94E7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6A9899AE-B095-4E49-ABEF-7DBFA4422ADF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6ABB2513-CFFC-431E-821C-6A18132759A1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6AD212AF-9849-49A5-BB13-35805DEDFED8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6B08B05C-DD82-4C8A-B667-39BDC1F5A359}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6C97B4A2-8BC9-4DCB-9619-73C47E9CD242}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6CAA14CC-D595-47EE-ACB5-8F1173D98EB9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6D825835-BEDB-4171-B350-792BC47E7B8E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6D8B055F-8AA2-48A6-8D14-5A5D9E2C063A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6DC7A568-C1DC-4692-9452-27AAEB76C04E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6DC9C44A-617B-4655-B2D9-84FB2E2677DF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6DCEECD6-9024-4EF4-A6AA-0EEA8CA6D6F2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6EDE5073-61B1-40BD-83BC-9B3589D26D54}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6F408B39-4FD6-49EA-8C75-7337954E9DA2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{6F823A4E-C597-4968-93FA-EAD98DD8C78B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{704B2017-143B-4274-B169-65C80C41FDA8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{704D4DD7-F93B-42DC-9AE8-AC39F76F10C7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{70B8BBB9-A463-474A-8785-CFA703882A9A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{70BADF4A-52E0-4112-9B36-FA8EC6FA2BF7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{70CE7122-65D2-490F-8213-BB4C708A309B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{70D7DDA0-29F8-41C1-8C59-D61C5135C424}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{71DA36FF-5DA2-4516-8FB6-B3E670F71FDE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{72A09576-1CBD-4350-AC63-F5F3DF124AEA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{72B9EDC3-AAE2-4A2F-86C5-6C4ADCE71722}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{72D5F232-1536-4002-9C2D-7E8C584F657C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{72E1ABEA-4E5F-498E-BEFF-17A82BBDA5BB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{73285D02-37B2-48FB-AA89-ED830F976184}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{73453A0C-1874-4042-B134-6114E7B0FABC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{739BA6BB-208A-4BDA-B79F-DE1703B40318}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{73B44D43-3A52-43DF-91E2-C0B5AA54F679}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{73F2C3E2-0A40-4905-BB85-1D77717A5237}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{74158A74-976E-4DAE-BF6B-B1A532D86DB9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7471F7F9-65FA-4779-AFE7-D6866E8C64BF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{748474DA-0D67-4810-B9BA-C74519A4DFE9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{74B62002-527A-4522-95E4-2F7AD798CFF6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{75F8FDA9-9B5A-4CAC-8A45-455DAC95F7D6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{767CCD2A-D5B4-4115-8EFC-CF31BAA17127}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{76818052-0683-4A63-890A-10B5F3DF441F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{76B2E43D-F2F4-4D09-9693-F824BCC1B86D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{773115DC-36AB-408B-801F-7D17502EECF0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{77A81471-16FD-454E-BCF0-19CEE497C9C8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{786F3697-97EC-4A5D-B29C-A0CDE71C829F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{788F330A-808F-4D73-ABCF-30933192E403}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{78D6291A-E634-4B96-A82A-9C4339FB0AC7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{78D9F58F-653F-4A50-ACB4-72E00ACD7BC8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{78E50599-C4BE-47FA-9B3C-305177DCE3FF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{78F5129E-C20B-426A-82A2-E5C529D0F430}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7966748B-19B6-4F98-8C78-818675D0A3A2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{796BA651-10F2-4EBC-92D5-C5617B3C1E8A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{799AE279-617F-474B-9DFF-5EB23138EE1C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7A54F7DC-FAED-43A6-B9FD-047F64A5FFF1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7B503580-8FEA-4DD4-A203-9AC5C3C3225F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7B7AEE88-40C9-4EA9-894A-EA480C1FA2CD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7B9C7A60-1EE8-4F91-9EF0-571EDAB23AD1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7C19E92A-9FB1-47AF-89C7-5E5505A4E68D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7C78A0D7-1E1B-47EE-8800-82A68F2BBA01}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7CC446A2-1D3F-4E48-B05B-6DEFC8F50B07}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7CF6F940-DF8F-44B1-8A96-C98DEB19F67B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7CFF3191-2BF2-42C4-9694-544A114C7868}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7D40A9C2-A92A-4995-B811-FDB66B883251}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7DCBD96C-9360-491E-BBA4-4281CEA37516}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7E174A8A-2E62-4C4E-9681-90D503A557EF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7E4D1962-B215-408A-95F2-9944FBC34A45}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7E9552FB-2A48-42E6-98C7-EE61F397BF2D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7ECCF8AD-619C-4913-8B09-4F182798959B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7EEB0FF9-D8DD-4482-9666-ECBF3359AE27}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7EF64AE4-7E60-4AF9-9E0B-8F0DEFBF1AE6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7F33313C-1C39-4769-B2E8-C87B05FAFCCE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7F736864-2B88-4AD0-925C-F47E5A2E673A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{7FCC4039-08F9-481D-BE5F-AD8ABFEE782F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{80593499-ECB6-4F20-89A0-0A3A5750F970}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{806B5A12-A004-4CD6-A0A2-DD04D55D633F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{80B4A87C-C36A-4D6F-A6F1-975C90C1D7ED}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{80F72422-C5C3-401E-B592-757F1F5DEDB1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{827472DE-C3EE-4F30-B8AC-A6687CDB8DBD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{829A5C51-6364-457E-8E74-1F37EE6D2197}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8345BBCB-0EB2-40F1-8C42-4D36F6670FC5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{83C75719-D45A-45EA-820D-74F44E4B7F0E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{841045D9-1010-4493-ACFE-58735582F38D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8418221D-90FF-4B2B-B755-00AB72B560E7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{84F509A2-79A2-4869-AAE3-6926317E653F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8512865A-6445-45A8-AB65-760F30938483}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8535C445-8ED6-49D6-BFF1-09FD31B5ECEA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{854AB35D-FB95-4A18-9ACF-20D3A4473DA7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8550785C-F395-42B2-9FFE-C59E8F6666A0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8578F55F-E468-4704-AC00-73E559D2E033}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{85C950CA-8DF2-4E1E-9392-B23C4F150261}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{85FB20C1-CC7B-4F3C-9297-63A2A9B4FD9A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{86515367-3151-4BC5-8131-ABA0E5884560}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8748350F-7A8A-4F85-BC84-207EF4CAF849}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{87641466-3310-421F-8CBB-FA99B42DE5A5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8767F6BF-B8E4-45DA-B2F3-1EF0D5822642}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{876808A0-0E78-4442-AF4F-C2F74CD118CE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{878813FD-CDE9-4DD4-BC22-17553ABDA305}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{87B15FF9-FF4B-4F17-8AB5-F2EC77A7676D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{88646E5D-9DDB-4C18-B7B0-874BC26E5DBD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8903DFA5-A7D9-46F0-A76F-E3C6A2401CF8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8920279D-A60D-4A3D-9B90-CEE3670767E8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8962A6A5-7391-4D3B-89AA-3FE5099D3FCB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{89D4C817-9C24-428A-858D-C9A775A19559}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8A7EF9F1-206A-496A-B8F9-50D75974608D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8B1DF437-C46D-46FB-8F4E-C2F3097DCE0C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8B3809BA-BC43-44A1-A8AB-EBC70B883619}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8B530583-7727-4815-9D03-D177E987E4C9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8B7D5FFB-57D4-4585-8EE7-5750E4303F9F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8B9DF1BE-5A01-4225-A77A-14B69608E489}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8BBA8DA9-FCE1-4803-964A-2629786856B8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8BCC7EFF-DA78-4B57-A253-C2A88C0682D1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8C3F8F5B-DEA4-4B57-AE36-E61EA3B5E020}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8C46A5DF-F5B2-41F3-B453-3009DDB3E005}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8C8EDEF5-AE56-40E8-9E88-4C2DCF5CE64F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8CADC153-CD22-4137-BF81-417E58543807}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8CDBB8C7-E52C-4597-80C7-F17CC966E6A8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8D9FDE13-A6A4-473B-A9B4-6F945D1785A0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8DD90141-7058-498D-9AFA-C8F509C9C980}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8DEB4993-6C59-45A9-9EAC-B503C380BAA4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8DF4040B-420C-4FB1-AA57-9BC23F3E3C5F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8E099079-7201-40B7-88BC-51D718DA899E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8E1ED93B-9970-41B2-952B-627E942BCF0A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8EACF534-61C6-4998-A793-EE02B7F72FF0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8EF13C5E-CAE1-4EBA-9882-6DF5A78B25B6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8F3F2616-1238-4437-815B-452735D7EE94}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8F84ACCC-3272-4C4A-8170-2FCEFFC2CF8D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8FD833A8-9005-457A-844C-4AB3F2995221}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{8FD84E84-CD22-4C86-B806-E1AE8BC224AF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9004A129-E9C5-4E7C-8B42-D70CEBA15E22}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{903BACF5-0034-4543-B289-200D54517090}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{90478F5A-97E3-4769-A2A6-8468B1EDE918}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9071D10F-5C39-4316-AB28-F8DCDF6A8D99}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{909C1712-F1E1-4D09-B686-FFE438B471ED}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{90DB7A41-C8F0-41D9-8438-3C5CCB2F4B95}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{90DC2F7A-80A7-4172-83EA-25B0A4DBF230}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9196B4FF-860D-4272-AD15-CAE7DDCB3A14}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{91CE9816-9EF8-4D7E-9ED1-39AE581BF451}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{91D57AE9-BB92-4616-9E6B-9F31F8399834}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{926E6610-2E40-4B1C-9B2B-9D89E9DC0E8D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{92A91A90-07D7-4772-9C91-FC865822FB5C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{93289213-5FEB-4589-990E-20CD56977A76}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{934A5D2C-4105-4C29-AFC8-32D3F8A0C2AC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{93790DEF-DCC5-4998-A3CE-152CF1A92C29}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{94A691C3-4845-4893-8212-3164DFBA841A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{94C27CD5-49F3-4597-8520-59AB309A9C08}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9547B2F2-F692-469E-A49E-EC03A1F0392F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{96541C14-8D75-4998-AF4F-3CAB409B4A07}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{966C3C3C-429C-43E6-951C-17D9E9FDF05D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{969CD074-5F87-47E1-B42D-514FD0A43292}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{96BA313B-1E52-457C-BA29-EA302AEF5EFD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{96F6B0D7-8778-49BA-B2F9-AF6FC3E7731B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{97653B27-4411-462A-8DD8-2ADA40F9419C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{97A2B0E1-6288-4BC0-A487-5AD68B6AB702}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{97F15EF2-0CDE-4996-B2BE-4AAF46A135B1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9807E07B-CF32-4812-82D4-36233F39D5DF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{983F2C3B-A576-4E0D-90DA-7BC2D2947E35}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{985F4514-6C67-4BE1-9A6D-C1F0A505C0E6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{98699D09-5D91-42F9-B9E9-062946BB82A7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{987000BA-E44D-4CA6-B7BD-52F2012E21DD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{98991A6C-3346-42F2-B843-7D417310AD93}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{98BA3BD2-4820-4E58-80C7-B78B4B1EBE51}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{990BF593-028F-4A07-BA4B-84E905A1462C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{995BCFF4-105A-4F7E-9F6D-AF3B4A4D65D0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9960C9C4-A987-4FCA-966A-6D565D6412D3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{998DAD99-4F32-43EA-BD74-BC2FA3C2BC36}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9AF4BD15-F6FD-4CCF-949D-5589DC36C7B7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9B39A360-E03C-4E3A-B191-96009DDD3BAD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9BBCF0D9-689C-4F0E-AE09-9A692CC902A4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9BF31530-3C59-4278-AD9E-01D2DB444E32}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9C12072B-49B5-49EB-9882-AF33CC23D98F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9C88B952-5ECF-4461-9D57-B8B70CB8B90B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9C90554C-1F88-4D24-855A-E0FE5C8F575D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9CD287E9-C543-464F-9E1A-224D56E4D0D2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9E69666F-DD99-4C93-A5D0-1CB15C5E9233}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9F5B173B-54A9-449B-B8F1-F8E2C48C42A8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9F82A292-1914-43B8-8E5B-748B3092473B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{9FCDABDC-F1FE-4B49-8A53-98A61FBF2209}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A09CB83E-229D-4AE7-B5F3-FAE0E493190E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A0F6979E-636D-4FC1-BB7C-91F41D9502D1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A20660BF-958C-4417-936B-98208AE88B8A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A22EE464-2BF8-49C6-BBA5-1E4C263F1F93}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A29FA8BD-B9C0-4E6D-88E3-79444067DC76}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A34510BD-DF8D-47B7-9789-1D9E1B148B2A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A34806E1-DBF3-4B00-93FF-E2588151C20F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A3633E5C-004A-45B0-AB20-9A9A150170C3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A37B4E52-0934-4F5C-9335-1B547789219E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A52188A1-7BF7-432B-92C0-17739CC9AF49}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A553FF41-E60A-4870-B55B-0EFD2AF9062D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A598532F-3F97-4329-A708-F36CC5551C0A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A6619B50-404B-4848-9887-ADBD246EDFDE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A68BA91F-7C4E-454A-8DAE-6A35D0C9C329}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A6D5ECB1-D008-41FB-A7B5-1E742EAA930F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A6FC38DD-3354-42AC-8BE8-76DB7E58063C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A74E31E0-E105-4E97-B3FD-6FAB64DD1C41}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A7555291-A883-40A7-B9BB-B610E4F303B1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A78D6733-52D6-4E17-98B6-494541B71915}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A83F8A6D-9829-4A21-93E0-18E2E09E8583}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A8CCDE2A-79E8-4949-9733-2AF118C9D8E1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A8DF56E8-B7A9-46D1-AC5D-BA42B107CE49}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A96B4177-844C-4991-8243-9C65E7BF899B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A97ED3C1-51A9-4590-AA72-074F35D505F4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A9F1E10E-E1AD-48FC-809A-06CAD6443F03}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{A9F9C1A4-34E8-4A67-A040-AE84C2762525}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{AB498C95-8A35-4F0E-86EC-C1A455C0D630}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{AB5BFACA-6288-44D5-BD38-F00B76A42C01}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{AC9909DB-6919-423B-B698-7F27478F116E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{ACF44CE4-17C2-4102-A543-D6766AC57F63}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{AE2245EE-95A5-4798-BFE4-078F675DD789}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{AE496367-F3A9-4441-B5E2-EB9D60774936}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B017E89B-000C-435D-A5F1-486C1FD00F59}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B01C1F79-EA7E-4947-9E35-0B0785AE5856}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B169DD54-5EFD-481E-8553-2F72E4C5D776}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B1703E5B-4413-4DDE-98D2-EEC8981A596D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B1850871-93ED-4B6B-982E-CE9ACD8190C1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B19BBA45-E21F-4725-BD82-0C95BB24A0A6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B3479E91-515D-4F7C-8C53-964ADE1A1509}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B386F433-2CFD-4FDA-B4A6-4B17AD735B3D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B39D8BDF-A429-4B1E-9AF7-9CF8C2A63929}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B416CA67-D308-42E3-BEB0-F20CCCCCD6C8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B531262C-7B52-49BE-87C9-C55B7F4FD742}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B5E76E81-B383-46EC-807B-555EB98AAF67}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B6FA2A40-713D-4E3C-8DB4-85E1A655009E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B87B85F7-3A64-47A5-BA0C-8BE1066EC220}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B87DE93D-485A-40CA-9040-52B8369C4B58}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B89A4135-BECF-4E66-84B8-FD2D3A254A47}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B8FBC292-44DC-4881-AA04-B2A80A939A7B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B94CEBB6-C30D-4FC1-AA2E-64245EA3F9C2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B96B93E8-5E46-46CC-A5DA-30DA04597CC1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{B98C0532-B8BE-49D4-93EE-3E9315395CFA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BA0E046D-F45F-47D3-98F4-D95A700F18E1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BA231ADE-2F15-4A75-98E7-C5981FC9DCB6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BA4BAF22-D994-43A4-B072-F29D2F2DF47D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BAB5D669-62F8-44AE-B84F-1A749C8BF32D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BAC41F7D-26B8-425F-BFA7-92AC77E16581}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BAF131EA-A224-4647-93D9-0304BA916642}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BB1BD961-61F3-44AC-9C2C-2CD2291D5499}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BB555CE5-B23E-4600-8939-7D3EBF7C375E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BB74EA31-C9E4-46DD-80E4-3E43C31ED78A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BC7C10AC-A990-4AA9-9198-13EC4CDB9204}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BD54DCF0-9F57-46D6-A46A-D649DBCEC971}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BDA10014-55D6-45C3-AF56-CD2FD2DFD38E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BE09F605-B56A-41E3-8772-79C454709B37}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BE161F22-3833-4E0C-B46D-9AF8802B39DD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{BF18E495-1FED-401C-A865-74B8B79C2993}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C01F8244-D270-4EE3-A8FF-B42AE0ED43FB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C0470AEA-32CE-4413-B532-CD6D4DB5C91C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C07AE71D-B154-41C1-B848-8939DA767264}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C1960681-0240-4974-AA1D-011F030C3A88}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C1D25854-8F60-4385-9D53-D294C9C27598}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C2DBED6C-322C-47A9-8B49-2564140D1B7C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C2EEB27D-A3CA-407F-946B-405D611CF8C7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C3AF3D1C-2D9C-4306-B355-F9E81DE49938}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C3BF76C0-F1C1-445E-990E-688481A1B4D8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C3CF38A8-A519-48E4-BBE8-142174FB7F09}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C3E9BCB2-FF82-4064-822D-BAFCF79665F0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C47A1812-B7C3-41BD-A37E-DF71A63FD0A4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C4A6DDBD-5953-4C55-9080-0886B68EA6FF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C4ACE461-3ED5-4C2E-AF13-B5B183CED406}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C517CF09-A94A-48B7-8541-E5249CAECC61}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C519D6E7-63BF-4857-A1B4-9ADC928DB267}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C67DD858-B89B-45A4-9F3F-2ED3942A354A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C6C3E41C-CFC1-415C-8AB3-D4CE8C6F1CF8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C717AEF1-B21B-4ED7-958F-7AEF22ABBC94}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C7B5A604-32FF-465B-A9C5-FB0246A34118}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C7B88FBB-078B-4B71-9010-C788D7D468F5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C7C4BC73-E6B6-4606-85BC-C086873C1C0A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C87E8B8E-C53E-4016-AD0C-E3B87AE11652}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C8FCFF3E-DA7C-4271-80EC-0F7FD4A2E526}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C9180002-D074-440E-A527-2AC80B902FF4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{C92A6456-FBE1-49D8-A6CB-B0030E72122B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CA5E6C59-E1AC-4CB1-A8E3-43E168DB9BA5}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CA706798-6256-4F65-99E6-9550118FDDDB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CAF2D5C7-62F4-4E1C-9341-3332A7D50942}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CB231C08-0B56-49AE-BEA9-974A59FF1AEC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CB646B13-A2F7-4CC3-8A8B-4F137874EE1A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CB872968-8C45-4E4F-A8CE-6AB011EA7C17}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CBA5A51D-A921-4AD4-B944-89BB01933717}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CD0252F7-29ED-497E-83CF-EB0892797A18}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CD1A4C25-D827-42DC-AFC1-97F7D7E436DE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CD5375BC-C7CC-41C0-BEB9-816274E8A2B2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CD87BB50-74C3-4FF1-9FC2-E65F5639C574}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CD9227A4-1877-486D-9635-29F4F71158CC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CDEEA7EB-16D8-4A2C-ABAB-8C6EE2D2A630}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CEA16C4D-03E6-4A47-A3B1-89C2DB560A99}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CF02783A-742F-4427-BDAE-D71D0B6D555C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CF128929-B5F1-4B78-AAC8-F2E2A4BCE3B4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CF1515EC-388D-4B51-A486-B392E47C91FA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CF84F70D-18D3-40EB-9B93-A1D5C3A400BD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{CFCAE5DC-E3D0-489D-B766-B842AA39BCEF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D011ED66-3CF5-45D6-9C56-C72A7375CC13}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D03C4AA8-6693-48E2-9996-F29B993D91BA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D09B0B07-BFCF-496B-8B22-FDC436E08812}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D1215169-5001-4870-8FCE-4F04F79AAB70}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D1503ED4-51A1-4278-8316-0C1C66C6F13E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D2049920-6E2E-4FE7-94BA-A0AB3905323A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D20563BD-B566-45B7-B9A7-B1B7BA051697}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D26277FE-5DBA-461F-B66E-689BBE9386A2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D26BEABC-E6AF-4D49-AAE4-25584A080B9B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D281A6C5-CD6B-42FC-9357-BA7DF67E55F9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D2FB7703-4B15-46AA-A72B-7A91F9808E3F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D363B7CF-A9BC-4F29-AA72-2934C10976C1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D3832D50-7340-4864-B95C-B7051ABD58A1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D3BD2733-B2FA-423C-A4FF-6BC1F12AB0AB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D50591A6-3605-4959-B01B-6CFF7F5EAE4F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D51F0DBC-12A4-4BF7-887E-4034BD3976DA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D6D6BB11-6233-4DD2-961F-DD99D9CAADD7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D72F9033-DBAE-467F-90C8-637765D79665}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D790BCD3-87E3-4029-8DAD-2AD90E04F15C}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D7EE36DD-E9B3-4A4D-BF27-96FAA55D9E5D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D81C1599-53EF-40C6-B6A3-DE9664A4EB30}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D84262FB-0408-4033-8150-29E76DF2130B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D85B0AA1-B8B3-41EA-9AF5-E8E440D752A0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D8E72CEE-5F23-48A8-9337-4D75ACFBBF52}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{D9107502-42FA-4FA0-AE84-204A0A498D49}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DA33D1A2-D751-49F5-9F00-1D4753C19BCD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DA6653DD-8595-455D-BCB4-ECC521CE4B0B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DA84BDE9-D194-4A47-8A09-6FD420030080}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DAA93A0D-EC9D-4F97-96C9-7E0D2DEF82D7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DADCE4C0-79DB-46E8-BD52-E7F4EA1DEA66}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DB419F5B-CF5D-4A2E-B482-7691F28081D7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DB88D18F-021F-4EC7-A27C-E455430FDB29}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DBABFB1C-681D-48AA-8DA6-67FCCF132A90}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DBDDBEE9-19C1-4066-8119-7DFA2A4395FE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DBDF8D97-EBBE-406C-82FF-AAC488AEA918}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DC72B72E-EDC3-43E5-94A9-198438C44D0F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DC80EDEB-435F-4F1E-AFF5-1992ADA99BB8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DCF1B6FB-8043-4F3E-ABD9-66C56148F7BD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DD3413A5-EF53-42B3-A393-B3E5B4689E6F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DD4DFAE3-E714-4DA8-92CF-D702F928A6BB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DDCAE363-844B-4540-893F-800070A6DAEB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DE114E1D-30E3-4846-976F-3E69DE59BA4A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DE4E127B-16E3-4DB3-9C59-392C5AFD0316}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{DF9806E2-91FA-4812-9CFB-12D3BD9DB608}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E000D31E-81AD-47B0-952A-8705DDD2DA05}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E00B9C23-E041-4603-B1A0-C1134E11DE7F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E027E235-748B-4AFB-8991-9FD0C606436D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E0562C28-FE55-44F1-AB6E-004CA94027B6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E098B474-19A2-44DB-9865-35487E4A400D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E0C72135-1D97-4296-A907-6C9041CAD8B7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E1028D31-004C-4924-9F2E-F9265E56CF6E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E1859875-1382-4C0F-99E5-9393FB3DAA7E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E1C5E7B1-08CC-4E17-86F9-5228F2D3540E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E1EC0D83-81A3-434A-AAE9-E08FF3A59D18}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E1EF55DF-F30C-44BB-9643-788F6B83ABA4}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E2082A35-6E37-4F1A-8969-B84BC63E2F61}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E26FE5BD-1113-4CFB-BEC4-4D6D2EF8E477}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E27954E9-4DC7-4F15-9F5D-4486997F5AEC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E27ED3F1-BF9E-49CF-887A-C9794940E142}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E29603BC-B8FE-4084-B87E-ADC358710CCB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E3ABD1F0-FF6C-4775-81C6-8098C7DE0245}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E4DD327A-BFCB-4628-85BC-4A67A1C327F3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E55BC946-E25A-4B11-AE6D-77C26D1AD20B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E575F8A5-708D-4744-BC86-12EF2D7E4A81}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E61B5B0C-A59E-4821-BAC3-006E17552AA9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E62D9294-4EF3-4DEC-826B-78AA06FCF4DA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E671DA3B-ADA1-4766-A259-3812BF1FB101}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E6CCF5FE-1AB3-4933-95D7-056CCB0DAA61}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E6D5B2F8-DE01-42FA-BF4D-04A06820B423}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E6DB05DF-88C7-4D67-A769-E18E17B8F822}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E774AB8B-E390-467A-8ADF-4E1129CC1E8F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E7874950-C7F0-441E-B29C-5FD6E80277DD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E7BDE372-6ABA-4938-B806-46EA4D3186C0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E84A7472-9E8D-43A1-A497-4FF17C771E4E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E858B3F6-CCA2-4016-8701-CB222633D80F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E8638A32-BA7D-4535-BCE9-96809ABFBBF1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E8871D92-296A-45BF-9A49-D2597FB3135A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E8C3BF50-9E0A-4650-ACB6-4FA33FE2F05A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E8EDFD9D-073D-4F54-AD66-AB1791859024}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E92B89EA-B662-47A3-8EB8-B264CB679F3A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E9369080-75EE-4595-919A-E335C638FE33}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{E9E53EB1-B0B6-42DC-A2E1-0A6F22C079AE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EA06A8B6-EDA6-408B-B84E-29567433A487}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EA29BED3-0A3D-4B40-A45E-575B09A0B63F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EA918CA7-CA73-4F70-B0A0-77AE62C011A1}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EAC4F55E-ECC5-4297-903D-751EF811AEED}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EACC781F-2CBA-41E7-AF0C-ED3EB4E5E6BE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EADB600B-558C-4A0C-AB64-3174958E303B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EB66DDA8-5908-4568-90E9-BD95AE7ACA9E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EC7B8878-AC75-488B-95E2-E089B59ED7BC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{ED1D6E51-206C-4014-86CE-D4A0DC1D6E3D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{ED1F14D9-BD30-46F6-B06A-141060DF35C9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{ED5C050E-C35A-4593-986E-1C877D9C5682}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{ED83D7EF-1913-4BB0-8D30-A250F4C248F3}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{ED862574-8EBB-415A-81FE-8EED940479CC}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EE0CFDFE-0CAD-4526-A6E5-085B6ABE960F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EF4050FF-07B5-4AFA-B8A0-BAEEA4D8EA59}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EF8A93B8-4A9C-4E1F-8274-8305B2CCD6C8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{EFF99292-8384-44BF-B20C-D6B257C27AAA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F08E399B-2AD6-4F73-BB42-DFEF077BA57F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F0FC6CF3-1C85-43D0-8510-2F2CAB0E841F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F111A883-91CB-4CC7-B773-1A7DFFED63C0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F17AB493-E334-42EC-8EFA-AB9E0561004E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F1DD2FB4-4B1E-453F-8337-C5365054CA23}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F1EFB9A2-2DC8-4170-AC21-B2A26693A37A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F1F14BA8-F7C0-471D-85CD-3E0F6FEAF07D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F2875627-1398-411F-A462-C67596261B4A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F396136B-946A-457A-90DE-EE87DA5F2340}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F3CBC060-37FC-44E5-9E11-77779F785438}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F4145F36-137E-4E7E-B36F-8F53D872A4AD}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F41FA2BA-8FE3-4200-9E1E-88ED7047D888}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F4450104-CBDC-44F0-A085-E6CD81E9D5AB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F4FACD3D-56CC-4F6A-8FAA-3079C4777C07}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F4FD34CE-CBA0-45BB-8998-F38C4A8F9284}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F589E10D-847A-49F1-BA1A-DB69D2CAB2E0}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F5D06342-B3D9-41CF-BC73-5CC55107D81A}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F5F81512-94BC-48AA-BFF7-452665EEA3A2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F65C6118-5862-4FBB-938B-AFF3AD5AD834}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F693FE1A-2A69-4044-B340-7A518946E0EE}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F6A403E3-70C7-4334-ACBA-C29E573E7CC9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F7B62754-0265-45E7-A7EE-6F8D9B9504CF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F97625B9-5AD6-4C92-8538-E967ACBD9D1F}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F985D640-3ED8-4B37-9AEC-6A507B3006A6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F9B7B706-B766-48C6-BF96-F31A51D36945}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{F9C2DA85-183A-456A-8E81-FFFD5857E3E9}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FA7FEBE9-CC1B-4F91-81B0-B9234401373B}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FAD8D841-BDBA-420E-A89D-90D96B421656}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FADC6181-3DA9-4B5F-86E6-33C1BAB49EF2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FB15179D-DE18-4613-A14F-74EDE1393C5E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FB33D269-5A74-40AC-A15D-0BA70C972B3E}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FB4199E8-E8C1-4EAE-AC97-B9DDE7554C06}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FB7FB6F4-8894-48B3-A1AB-D220D20F40AB}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FC08FBAE-A6F1-4A7C-8B25-B223A54BD860}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FC1FF8FB-CD86-4F83-B824-3630CDB7F5F2}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FD794231-9262-4E7A-8F26-E98637D26547}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FE578BC6-E51F-4839-8ED4-25886FC5C635}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FE6A371F-9998-4D75-B411-8B36788B89A6}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FE80D089-3E0E-45AA-B1B4-5425783024AA}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FE80F9F8-2839-4D01-9D0A-FF05314E1D98}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FEC7F292-3C6D-4729-9B48-9434AC3637E7}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FEE0EF45-B878-404C-86FF-3DABA69C39D8}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FF2C697C-8909-426E-A7EB-AAD37A321C1D}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FFD67306-F090-42CC-9983-AD0BBEFE45FF}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FFDA370A-1EB2-46BB-8690-EB2D650D1E10}
Successfully deleted: [Empty Folder] C:\Users\Kathleen\appdata\local\{FFDD80C9-6463-4B96-8384-DAC76A08F7EE}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/07/2014 at 21:41:50.13
End of JRT log

 

[Phil Hunter]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Kathleen (administrator) on KATHLEEN-THINK on 07-09-2014 21:53:12
Running from C:\Users\Kathleen\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380704 2009-07-08] (Lenovo.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10081312 2010-02-25] (Realtek Semiconductor)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-09-17] (Lenovo)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
HKU\S-1-5-21-4208041570-4174915042-3882207907-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4208041570-4174915042-3882207907-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4208041570-4174915042-3882207907-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2013-01-16] (Hewlett-Packard Company)
HKU\S-1-5-21-4208041570-4174915042-3882207907-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-12-04] (Siber Systems)
HKU\S-1-5-21-4208041570-4174915042-3882207907-1001\...\Policies\Explorer: [NoDriveAutoRun-] 0
HKU\S-1-5-21-4208041570-4174915042-3882207907-1001\...\Policies\Explorer: [NoDriveTypeAutoRun-] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * Partizan
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://duckduckgo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x03708C1C17CACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {07884882-ED94-42F2-81CE-1B75B40F299A} URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {07884882-ED94-42F2-81CE-1B75B40F299A} URL = https://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {EE09896E-0690-462D-8899-86981CD8F66C} URL = http://www.amazon.com/gp/search?ie=...camp=1789&creative=9325&keywords={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKCU - No Name - {0D792CB2-2654-4E99-A597-7FC317F04D61} - No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
DPF: HKLM-x32 {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.6.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Kathleen\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-04-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-02]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-09-01]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-09-20]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-12-09]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-09-01]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44064 2013-07-08] (ArcSoft, Inc.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254552 2012-08-08] ()
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-07-22] (Western Digital Technologies, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-03] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2013-01-26] (Greatis Software)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2014-09-01] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-06] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 sptd; System32\Drivers\sptd.sys [X]
U2 TMAgent; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 21:53 - 2014-09-07 21:53 - 00023485 _____ () C:\Users\Kathleen\Desktop\FRST.txt
2014-09-07 21:53 - 2014-09-07 21:53 - 00000000 ____D () C:\FRST
2014-09-07 21:52 - 2014-09-07 21:52 - 02105344 _____ (Farbar) C:\Users\Kathleen\Desktop\FRST64.exe
2014-09-07 21:41 - 2014-09-07 21:41 - 00086408 _____ () C:\Users\Kathleen\Desktop\JRT.txt
2014-09-07 21:32 - 2014-09-07 21:32 - 00000000 ____D () C:\Windows\ERUNT
2014-09-07 21:29 - 2014-09-07 21:29 - 01016261 _____ (Thisisu) C:\Users\Kathleen\Desktop\JRT.exe
2014-09-07 18:48 - 2014-09-07 21:09 - 00000000 ____D () C:\AdwCleaner
2014-09-07 18:47 - 2014-09-07 18:47 - 01370467 _____ () C:\Users\Kathleen\Desktop\AdwCleaner.exe
2014-09-07 17:46 - 2014-09-07 17:46 - 00037037 _____ () C:\Users\Kathleen\Desktop\combofix.txt
2014-09-07 17:33 - 2014-09-07 17:33 - 00037037 _____ () C:\ComboFix.txt
2014-09-07 17:28 - 2014-09-07 21:12 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-09-07 17:02 - 2014-09-07 17:36 - 00000000 ____D () C:\ComboFix
2014-09-07 17:02 - 2014-09-07 17:34 - 00000000 ____D () C:\Qoobox
2014-09-07 17:02 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-07 17:02 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-07 17:02 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-07 17:02 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-07 17:02 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-07 17:02 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-07 17:02 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-07 17:02 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-07 17:01 - 2014-09-07 17:29 - 00000000 ____D () C:\Windows\erdnt
2014-09-07 17:00 - 2014-09-07 17:00 - 05576440 ____R (Swearware) C:\Users\Kathleen\Desktop\ComboFix.exe
2014-09-06 16:30 - 2014-09-06 17:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-06 16:29 - 2014-09-06 16:29 - 00000000 ____D () C:\Users\Kathleen\Desktop\New folder
2014-09-06 16:28 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\Kathleen\New folder
2014-09-06 16:28 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\Kathleen\malwarebytestoolkit
2014-09-06 16:27 - 2014-09-06 16:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Kathleen\Desktop\mbar-1.07.0.1012.exe
2014-09-06 16:18 - 2014-09-06 16:18 - 00003240 _____ () C:\Users\Kathleen\Desktop\RKreport_DEL_09062014_161030.log
2014-09-06 15:54 - 2014-09-06 15:54 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-06 15:54 - 2014-09-06 15:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-06 15:53 - 2014-09-06 15:53 - 04857944 _____ () C:\Users\Kathleen\Desktop\RogueKiller.exe
2014-09-06 12:01 - 2014-09-06 12:03 - 00038841 _____ () C:\Users\Kathleen\Desktop\dds.txt
2014-09-06 12:01 - 2014-09-06 12:03 - 00022387 _____ () C:\Users\Kathleen\Desktop\attach.txt
2014-09-06 11:43 - 2014-09-06 11:45 - 00000000 ____D () C:\mbmb
2014-09-05 10:02 - 2014-09-07 21:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 10:01 - 2014-09-06 16:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 10:01 - 2014-09-05 10:01 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-05 10:01 - 2014-09-05 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 10:01 - 2014-09-05 10:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 10:01 - 2014-09-05 10:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 10:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-05 10:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-05 07:57 - 2014-09-05 07:58 - 00000000 ____D () C:\Users\Kathleen\Documents\gmerscans
2014-09-02 10:28 - 2014-09-02 10:28 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2014-09-01 22:20 - 2014-09-01 22:20 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-09-01 22:20 - 2014-09-01 22:20 - 00002135 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-09-01 22:20 - 2014-09-01 22:20 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-09-01 22:19 - 2014-09-01 22:19 - 03298800 _____ () C:\Users\Kathleen\Downloads\advisorinstaller.exe
2014-09-01 21:36 - 2014-09-01 21:36 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2014-09-01 19:16 - 2014-09-01 19:35 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxssrv.dll
2014-09-01 19:15 - 2014-09-01 19:15 - 00001103 _____ () C:\Users\Public\Desktop\Dll-Files Fixer.lnk
2014-09-01 19:15 - 2014-09-01 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2014-09-01 19:14 - 2014-09-01 19:15 - 05345152 _____ (Dll-Files.com ) C:\Users\Kathleen\Downloads\dff_fp3w-sxssrv.exe
2014-09-01 14:17 - 2014-09-01 14:17 - 10021424 _____ (Trend Micro Inc.) C:\Users\Kathleen\Downloads\RootkitBusterV5.0-1171.exe
2014-09-01 14:15 - 2014-09-01 14:15 - 00000000 ____D () C:\Users\Kathleen\Downloads\log
2014-09-01 14:14 - 2014-09-01 15:21 - 00000000 ____D () C:\Users\Kathleen\Downloads\TMRBLog
2014-09-01 14:14 - 2014-09-01 14:14 - 14839344 _____ (Trend Micro Inc.) C:\Users\Kathleen\Downloads\RootkitBusterV5.0-1171x64.exe
2014-09-01 14:07 - 2014-09-01 15:26 - 00000000 ____D () C:\Program Files (x86)\RegUtility
2014-09-01 14:03 - 2014-09-01 14:03 - 00000000 __SHD () C:\Users\Kathleen\AppData\Local\EmieUserList
2014-09-01 14:03 - 2014-09-01 14:03 - 00000000 __SHD () C:\Users\Kathleen\AppData\Local\EmieSiteList
2014-09-01 13:08 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-01 13:08 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-01 13:08 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-01 13:08 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-01 13:08 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-01 13:08 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-01 13:08 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-01 13:08 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-01 13:08 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-01 13:08 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-01 13:08 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-01 13:08 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-01 13:08 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-01 13:08 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-01 13:08 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-01 13:08 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-01 13:08 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-01 13:08 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-01 13:08 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-01 13:08 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-01 13:08 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-01 13:08 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-01 13:08 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-01 13:08 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-01 13:08 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-01 13:08 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-01 13:08 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-01 13:08 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-01 13:08 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-01 13:08 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-01 13:08 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-01 13:08 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-01 13:08 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-01 13:08 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-01 13:08 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-01 13:08 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-01 13:08 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-01 13:08 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-01 13:08 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-01 13:08 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-01 13:08 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-01 13:08 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-01 13:08 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-01 13:08 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-01 13:08 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-01 13:08 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-01 13:08 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-01 13:08 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-01 13:08 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-01 13:08 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-01 13:08 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-01 13:08 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-01 13:08 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-01 13:08 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-01 13:08 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-01 13:08 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-01 00:42 - 2014-09-01 00:42 - 00000000 ____D () C:\Users\Kathleen\AppData\Roaming\PwrMgr
2014-08-31 23:10 - 2014-08-31 23:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-31 23:10 - 2014-08-31 23:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-31 23:10 - 2014-08-31 23:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-31 23:10 - 2014-08-31 23:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-31 23:10 - 2014-08-31 23:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

 

[Phil Hunter]

2014-08-31 23:10 - 2014-08-31 23:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-31 23:10 - 2014-08-31 23:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-31 23:10 - 2014-08-31 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-31 23:09 - 2014-08-31 23:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-31 23:09 - 2014-08-31 23:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-31 23:09 - 2014-08-31 23:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-31 23:09 - 2014-08-31 23:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-31 22:00 - 2014-08-31 22:00 - 00000000 ____D () C:\Windows\Temp17E3557D-D80E-0766-C001-F813280DD9C1-Signatures
2014-08-31 21:40 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-31 21:40 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-31 21:40 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-31 21:40 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-31 21:40 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-31 21:40 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-31 21:40 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-31 21:40 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-31 21:38 - 2014-08-31 21:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-31 20:15 - 2014-08-31 20:15 - 00000000 ____D () C:\Program Files\Western Digital
2014-08-31 19:57 - 2014-09-04 17:06 - 00000000 ____D () C:\Users\Kathleen\AppData\Local\Lenovo
2014-08-31 19:48 - 2011-01-14 01:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2014-08-31 18:53 - 2014-08-31 18:53 - 00000000 ____D () C:\Program Files\Common Files\Lenovo
2014-08-31 18:35 - 2013-05-22 16:17 - 00015472 _____ (Lenovo Group Limited) C:\Windows\system32\Drivers\smiifx64.sys
2014-08-31 17:57 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-08-31 17:57 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-08-31 17:56 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-31 17:56 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-31 17:56 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-31 17:56 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-31 17:56 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-31 17:56 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-31 17:56 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-31 17:56 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-31 17:56 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-31 17:56 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-31 17:56 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-08-31 17:56 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-08-31 17:56 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-31 17:56 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-08-31 17:55 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-31 17:55 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-31 17:55 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-31 17:55 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-31 17:55 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-08-31 17:55 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-08-31 17:55 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-08-31 17:55 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-08-31 17:55 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-08-31 17:55 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-08-31 17:55 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-08-31 17:55 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-08-31 17:55 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-08-31 17:55 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-08-31 17:55 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-08-31 17:55 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-08-31 17:55 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-08-31 17:55 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-08-31 17:55 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-08-31 17:55 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-08-31 17:55 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-08-31 17:55 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-08-31 17:54 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-31 17:53 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-31 17:53 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-31 17:52 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-31 17:52 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-31 17:52 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-31 17:52 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-31 17:52 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-31 17:52 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-31 17:52 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-31 17:51 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-31 17:51 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-31 17:51 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-31 17:51 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-31 17:51 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-31 17:51 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-31 17:51 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-31 17:51 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-31 17:51 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-31 17:50 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-31 17:50 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-31 17:50 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-31 17:50 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-31 17:50 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-31 17:50 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-31 17:50 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-31 17:50 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-31 17:50 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-31 17:50 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-31 17:50 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-31 17:49 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-31 17:49 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-31 17:49 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-31 17:49 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-31 17:49 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-31 17:49 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-31 17:49 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-08-31 17:49 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-08-31 17:48 - 2014-08-31 17:48 - 00000000 ____D () C:\Users\Kathleen\AppData\Local\Tvsukernel
2014-08-31 17:48 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-31 17:48 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-31 17:48 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-31 17:48 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-31 17:48 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-31 17:48 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-31 17:48 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-31 17:48 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-31 17:48 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-31 17:48 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-31 17:48 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-31 17:47 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-31 17:47 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-31 17:46 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-31 17:46 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-31 17:46 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-31 17:46 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-31 17:46 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-31 17:46 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-31 17:46 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-31 17:46 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-31 17:46 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-31 17:46 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-08-31 17:46 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-08-31 17:46 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-08-31 17:46 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-08-31 17:46 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-08-31 17:46 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-08-31 17:46 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-08-31 17:46 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-08-31 17:46 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-08-31 17:46 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-08-31 17:46 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-08-31 17:46 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-08-31 17:44 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 17:44 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-31 17:44 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-31 17:44 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-31 17:44 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-31 17:44 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-08-31 17:44 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-08-31 16:59 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-08-31 16:59 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-08-31 16:59 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-08-31 16:59 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-08-31 16:59 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-08-31 16:58 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-08-31 16:52 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-31 16:52 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-31 16:35 - 2014-08-31 16:35 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-08-31 16:13 - 2014-08-31 16:13 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-31 16:04 - 2014-08-31 16:04 - 00000000 ____D () C:\Users\Kathleen\AppData\Local\Western_Digital_Technolog
2014-08-31 15:49 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-31 15:49 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-31 15:49 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-31 15:49 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-31 15:48 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-31 15:48 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-31 15:48 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-31 15:48 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-31 15:48 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-31 15:48 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-31 15:48 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-31 15:48 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-31 15:48 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-31 15:48 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-07 21:53 - 2014-09-07 21:53 - 00023485 _____ () C:\Users\Kathleen\Desktop\FRST.txt
2014-09-07 21:53 - 2014-09-07 21:53 - 00000000 ____D () C:\FRST
2014-09-07 21:52 - 2014-09-07 21:52 - 02105344 _____ (Farbar) C:\Users\Kathleen\Desktop\FRST64.exe
2014-09-07 21:41 - 2014-09-07 21:41 - 00086408 _____ () C:\Users\Kathleen\Desktop\JRT.txt
2014-09-07 21:40 - 2012-04-04 18:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-07 21:32 - 2014-09-07 21:32 - 00000000 ____D () C:\Windows\ERUNT
2014-09-07 21:29 - 2014-09-07 21:29 - 01016261 _____ (Thisisu) C:\Users\Kathleen\Desktop\JRT.exe
2014-09-07 21:19 - 2009-07-13 23:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-07 21:19 - 2009-07-13 23:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-07 21:18 - 2010-11-04 01:52 - 02060006 _____ () C:\Windows\WindowsUpdate.log
2014-09-07 21:18 - 2009-07-14 00:13 - 00801194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-07 21:13 - 2014-09-05 10:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 21:12 - 2014-09-07 17:28 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-09-07 21:11 - 2013-09-20 23:21 - 00212270 _____ () C:\Windows\PFRO.log
2014-09-07 21:11 - 2013-01-26 19:36 - 00000244 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-09-07 21:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-07 21:11 - 2009-07-13 23:51 - 00097886 _____ () C:\Windows\setupact.log
2014-09-07 21:09 - 2014-09-07 18:48 - 00000000 ____D () C:\AdwCleaner
2014-09-07 18:47 - 2014-09-07 18:47 - 01370467 _____ () C:\Users\Kathleen\Desktop\AdwCleaner.exe
2014-09-07 17:46 - 2014-09-07 17:46 - 00037037 _____ () C:\Users\Kathleen\Desktop\combofix.txt
2014-09-07 17:36 - 2014-09-07 17:02 - 00000000 ____D () C:\ComboFix
2014-09-07 17:34 - 2014-09-07 17:02 - 00000000 ____D () C:\Qoobox
2014-09-07 17:33 - 2014-09-07 17:33 - 00037037 _____ () C:\ComboFix.txt
2014-09-07 17:33 - 2013-09-16 16:14 - 00000000 ____D () C:\Users\Kathleen's Scanned Stuff
2014-09-07 17:29 - 2014-09-07 17:01 - 00000000 ____D () C:\Windows\erdnt
2014-09-07 17:22 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-07 17:20 - 2011-05-03 12:33 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-07 17:19 - 2009-07-13 21:34 - 94896128 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-07 17:19 - 2009-07-13 21:34 - 19660800 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-07 17:19 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-07 17:19 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-07 17:19 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-07 17:17 - 2011-03-31 17:02 - 00000000 ____D () C:\Users\Kathleen
2014-09-07 17:02 - 2013-10-10 03:09 - 00000000 ____D () C:\Users\Default
2014-09-07 17:00 - 2014-09-07 17:00 - 05576440 ____R (Swearware) C:\Users\Kathleen\Desktop\ComboFix.exe
2014-09-07 16:54 - 2011-05-03 12:33 - 00003510 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-07 16:54 - 2011-05-03 12:33 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-07 16:44 - 2011-06-20 06:35 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A5F9AA0E-C25B-42F0-B9AF-C5FF3CA5DCB6}
2014-09-07 16:37 - 2013-01-26 19:23 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-09-06 17:08 - 2014-09-06 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-06 16:29 - 2014-09-06 16:29 - 00000000 ____D () C:\Users\Kathleen\Desktop\New folder
2014-09-06 16:28 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\Kathleen\New folder
2014-09-06 16:28 - 2014-09-06 16:28 - 00000000 ____D () C:\Users\Kathleen\malwarebytestoolkit
2014-09-06 16:28 - 2014-09-05 10:01 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-06 16:27 - 2014-09-06 16:27 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Kathleen\Desktop\mbar-1.07.0.1012.exe
2014-09-06 16:18 - 2014-09-06 16:18 - 00003240 _____ () C:\Users\Kathleen\Desktop\RKreport_DEL_09062014_161030.log
2014-09-06 15:54 - 2014-09-06 15:54 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-06 15:54 - 2014-09-06 15:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-06 15:53 - 2014-09-06 15:53 - 04857944 _____ () C:\Users\Kathleen\Desktop\RogueKiller.exe
2014-09-06 15:51 - 2014-02-01 22:02 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-06 13:10 - 2010-11-04 02:25 - 00000000 ____D () C:\ProgramData\PCDr
2014-09-06 12:03 - 2014-09-06 12:01 - 00038841 _____ () C:\Users\Kathleen\Desktop\dds.txt
2014-09-06 12:03 - 2014-09-06 12:01 - 00022387 _____ () C:\Users\Kathleen\Desktop\attach.txt
2014-09-06 11:45 - 2014-09-06 11:43 - 00000000 ____D () C:\mbmb
2014-09-06 05:55 - 2011-04-13 11:42 - 00000000 ____D () C:\Windows\RegisteredPackages
2014-09-05 10:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-09-05 10:01 - 2014-09-05 10:01 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-05 10:01 - 2014-09-05 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 10:01 - 2014-09-05 10:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 10:01 - 2014-09-05 10:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 07:58 - 2014-09-05 07:57 - 00000000 ____D () C:\Users\Kathleen\Documents\gmerscans
2014-09-04 17:06 - 2014-08-31 19:57 - 00000000 ____D () C:\Users\Kathleen\AppData\Local\Lenovo
2014-09-03 12:20 - 2014-02-01 22:15 - 00000000 ____D () C:\Users\Kathleen\Desktop\Warrior
2014-09-03 09:46 - 2013-04-08 16:13 - 00000000 ____D () C:\Users\Kathleen\Documents\RegRun2
2014-09-03 09:45 - 2013-01-26 19:23 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-09-03 09:31 - 2013-01-26 19:24 - 00000000 ____D () C:\ProgramData\RegRun
2014-09-03 09:06 - 2013-08-31 11:47 - 00000553 ____H () C:\regrun.war
2014-09-02 13:40 - 2011-04-13 14:30 - 00000000 ____D () C:\Users\Kathleen\AppData\Local\Windows Live
2014-09-02 10:28 - 2014-09-02 10:28 - 00000000 ____D () C:\Windows\SysWOW64\Garmin
2014-09-01 22:20 - 2014-09-01 22:20 - 00002147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-09-01 22:20 - 2014-09-01 22:20 - 00002135 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-09-01 22:20 - 2014-09-01 22:20 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-09-01 22:19 - 2014-09-01 22:19 - 03298800 _____ () C:\Users\Kathleen\Downloads\advisorinstaller.exe
2014-09-01 21:36 - 2014-09-01 21:36 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2014-09-01 21:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-09-01 21:23 - 2010-11-04 02:04 - 00000000 ____D () C:\swshare
2014-09-01 19:35 - 2014-09-01 19:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxssrv.dll
2014-09-01 19:24 - 2011-05-04 12:23 - 00000000 ___RD () C:\Users\Kathleen\Documents\Notes
2014-09-01 19:15 - 2014-09-01 19:15 - 00001103 _____ () C:\Users\Public\Desktop\Dll-Files Fixer.lnk
2014-09-01 19:15 - 2014-09-01 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2014-09-01 19:15 - 2014-09-01 19:14 - 05345152 _____ (Dll-Files.com ) C:\Users\Kathleen\Downloads\dff_fp3w-sxssrv.exe
2014-09-01 17:34 - 2013-08-31 11:49 - 00000000 ____D () C:\Backsys
2014-09-01 15:26 - 2014-09-01 14:07 - 00000000 ____D () C:\Program Files (x86)\RegUtility
2014-09-01 15:21 - 2014-09-01 14:14 - 00000000 ____D () C:\Users\Kathleen\Downloads\TMRBLog
2014-09-01 15:10 - 2013-09-20 23:29 - 00283160 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-09-01 15:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-01 14:17 - 2014-09-01 14:17 - 10021424 _____ (Trend Micro Inc.) C:\Users\Kathleen\Downloads\RootkitBusterV5.0-1171.exe
2014-09-01 14:15 - 2014-09-01 14:15 - 00000000 ____D () C:\Users\Kathleen\Downloads\log
2014-09-01 14:14 - 2014-09-01 14:14 - 14839344 _____ (Trend Micro Inc.) C:\Users\Kathleen\Downloads\RootkitBusterV5.0-1171x64.exe
2014-09-01 14:03 - 2014-09-01 14:03 - 00000000 __SHD () C:\Users\Kathleen\AppData\Local\EmieUserList
2014-09-01 14:03 - 2014-09-01 14:03 - 00000000 __SHD () C:\Users\Kathleen\AppData\Local\EmieSiteList
2014-09-01 07:32 - 2013-02-05 14:42 - 00001428 _____ () C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-01 00:51 - 2009-07-13 23:45 - 00412856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 00:50 - 2012-05-15 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 00:50 - 2012-05-15 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 00:45 - 2009-07-14 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-01 00:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-01 00:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-01 00:43 - 2011-05-04 10:40 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-09-01 00:42 - 2014-09-01 00:42 - 00000000 ____D () C:\Users\Kathleen\AppData\Roaming\PwrMgr
2014-08-31 23:20 - 2011-04-13 14:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-31 23:15 - 2013-12-11 04:02 - 00206404 _____ () C:\Windows\IE11_main.log
2014-08-31 23:10 - 2014-08-31 23:10 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-08-31 23:10 - 2014-08-31 23:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-08-31 23:10 - 2014-08-31 23:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-08-31 23:10 - 2014-08-31 23:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-08-31 23:10 - 2014-08-31 23:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-08-31 23:10 - 2014-08-31 23:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-08-31 23:10 - 2014-08-31 23:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-08-31 23:10 - 2014-08-31 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-31 23:10 - 2014-08-31 23:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-31 23:09 - 2014-08-31 23:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-31 23:09 - 2014-08-31 23:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-08-31 23:09 - 2014-08-31 23:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-08-31 23:09 - 2014-08-31 23:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-31 22:27 - 2013-08-15 03:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-31 22:15 - 2012-07-24 23:34 - 00793808 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-31 22:00 - 2014-08-31 22:00 - 00000000 ____D () C:\Windows\Temp17E3557D-D80E-0766-C001-F813280DD9C1-Signatures
2014-08-31 21:51 - 2012-05-15 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-31 21:38 - 2014-08-31 21:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-31 20:48 - 2013-01-26 19:23 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-08-31 20:48 - 2013-01-26 19:23 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-08-31 20:48 - 2013-01-26 19:23 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-08-31 20:21 - 2013-05-14 09:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-31 20:20 - 2010-11-04 01:53 - 00079802 _____ () C:\Windows\DPINST.LOG
2014-08-31 20:15 - 2014-08-31 20:15 - 00000000 ____D () C:\Program Files\Western Digital
2014-08-31 20:15 - 2013-12-08 23:00 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-08-31 20:15 - 2011-04-13 11:56 - 00000000 ____D () C:\ProgramData\Western Digital
2014-08-31 20:15 - 2011-04-13 11:55 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-08-31 20:07 - 2013-01-26 19:23 - 00003342 _____ () C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2014-08-31 20:07 - 2013-01-26 19:23 - 00001022 _____ () C:\Users\Kathleen\Desktop\UnHackMe.lnk
2014-08-31 20:07 - 2013-01-26 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-08-31 20:02 - 2011-06-25 17:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-08-31 19:55 - 2011-05-03 12:33 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-31 19:17 - 2010-11-04 01:58 - 00003269 _____ () C:\RHDSetup.log
2014-08-31 19:17 - 2010-11-04 01:58 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-08-31 19:16 - 2010-11-04 01:58 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-08-31 18:53 - 2014-08-31 18:53 - 00000000 ____D () C:\Program Files\Common Files\Lenovo
2014-08-31 18:52 - 2010-11-04 01:55 - 00000000 ____D () C:\Program Files\Lenovo
2014-08-31 18:51 - 2010-11-04 02:15 - 00000000 ____D () C:\ProgramData\Lenovo
2014-08-31 18:51 - 2010-11-04 02:04 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-08-31 18:50 - 2010-11-04 02:03 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2014-08-31 18:49 - 2009-07-13 22:20 - 00000000 __RSD () C:\Windows\Media
2014-08-31 17:48 - 2014-08-31 17:48 - 00000000 ____D () C:\Users\Kathleen\AppData\Local\Tvsukernel
2014-08-31 17:43 - 2012-04-04 18:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-31 17:43 - 2012-04-04 18:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-31 17:43 - 2011-05-24 16:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 17:41 - 2011-09-07 16:41 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 17:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-08-31 16:42 - 2010-11-04 02:26 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-08-31 16:40 - 2010-11-04 01:55 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-08-31 16:35 - 2014-08-31 16:35 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-08-31 16:35 - 2010-11-04 02:25 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-31 16:13 - 2014-08-31 16:13 - 00000000 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-31 16:13 - 2010-11-04 02:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-31 16:04 - 2014-08-31 16:04 - 00000000 ____D () C:\Users\Kathleen\AppData\Local\Western_Digital_Technolog
2014-08-31 16:04 - 2011-05-03 12:33 - 00004250 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-31 15:44 - 2010-11-04 01:49 - 00000000 ____D () C:\Windows\CSC
2014-08-25 06:53 - 2011-03-31 17:15 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 21:07 - 2014-08-31 17:44 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-31 17:44 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-31 17:44 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
Files to move or delete:
====================
C:\Users\Default\LightScribeSimpleLabeler_1.18.26.7.exe
C:\Users\Default\LightScribeTemplateLabeler_1.18.26.7.exe
C:\Users\Default\LS_Update_1.18.26.7_.exe
C:\Users\Kathleen\aaw2008.exe
C:\Users\Kathleen\backup of drives keys.reg
C:\Users\Kathleen\DataVault.dat
C:\Users\Kathleen\db_pcc.dat
C:\Users\Kathleen\Firefox Setup 2.0.0.11.exe
C:\Users\Kathleen\HousecallLauncher64.exe
C:\Users\Kathleen\Thunderbird Setup 2.0.0.9.exe
C:\Users\Kathleen\Tmsrl.dat

Some content of TEMP:
====================
C:\Users\Kathleen\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-07 18:04
==================== End Of Log ============================

 

[Phil Hunter]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Kathleen at 2014-09-07 21:54:15
Running from C:\Users\Kathleen\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
All American Cluster Frame-(CRFTBLS) (HKLM-x32\...\7096-1000-0000-2562) (Version: 3.0 - StoryRock Inc.)
ArcSoft MediaConverter 8 (HKLM-x32\...\{936FA6E0-8A87-4A03-8004-138AB7A97637}) (Version: 8.0.0.21 - ArcSoft, Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
avi.NET 3.5.1.0 (HKLM-x32\...\avi.NET 3.5.1.0) (Version: - )
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Blueberry Combo Pack 2-(Gypsys) (HKLM-x32\...\7096-1000-0003-5965) (Version: 3.0 - StoryRock Inc.)
Burnin' Love Glitter Papers-(acreatn) (HKLM-x32\...\7096-1000-0000-7051) (Version: 3.0 - StoryRock Inc.)
Canon CanoScan LiDE 210 User Registration (HKLM-x32\...\Canon CanoScan LiDE 210 User Registration) (Version: - )
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon PIXMA iP8500 (HKLM\...\CANONBJ_Deinstall_CNMCP6L.DLL) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.3.0.5 - Canon Inc.)
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - )
CanoScan LiDE 600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802) (Version: - )
Cat Overlays 1 (HKLM-x32\...\7096-1000-0000-7590) (Version: 3.0 - StoryRock Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Christmas Frames-(LLLCrtn) (HKLM-x32\...\7096-1000-0000-8425) (Version: 3.0 - StoryRock Inc.)
Christmas Ornament Frames-(LLLCrtn) (HKLM-x32\...\7096-1000-0000-8548) (Version: 3.0 - StoryRock Inc.)
Christmas Papers-(LLLCrtn) (HKLM-x32\...\7096-1000-0000-8561) (Version: 3.0 - StoryRock Inc.)
Christmas Snow (HKLM-x32\...\7096-1000-0000-8606) (Version: 3.0 - StoryRock Inc.)
Christmas Traditions Paper-(DCS) (HKLM-x32\...\7096-1000-0000-8688) (Version: 3.0 - StoryRock Inc.)
Christmas Traditions QPage-(acreatn) (HKLM-x32\...\7096-1000-0000-8693) (Version: 3.0 - StoryRock Inc.)
Christmas Word Art 2-(LLLCrtn) (HKLM-x32\...\7096-1000-0000-8743) (Version: 3.0 - StoryRock Inc.)
ColorDot Papers (HKLM-x32\...\7096-1000-0000-9224) (Version: 3.0 - StoryRock Inc.)
Colorful Memories (HKLM-x32\...\7096-1000-0000-9261) (Version: 3.0 - StoryRock Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CyberLink PowerDirector 12 (x32 Version: 12.0.2109.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 Content Pack Essential (HKLM-x32\...\InstallShield_{7651DEE1-8B0D-41A0-90B8-D6D48380FE37}) (Version: 12 - CyberLink Corp.)
CyberLink PowerDirector 12 Content Pack Essential (x32 Version: 12 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 3.1.81 - Dll-Files.com)
Do Not Track Me Add-on 2.2.9.515 (HKLM-x32\...\Do Not Track Me Add-on_is1) (Version: 2.2.9.515 - Abine Inc)
Document Express DjVu Plug-in (HKLM-x32\...\{4D8E1ADE-CEA6-4A35-8D73-963F16C40FD3}) (Version: 6.1.27549 - Caminova, Inc.)
Elevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Felt Creative-(GB4U) (HKLM-x32\...\7096-1000-0001-2744) (Version: 3.0 - StoryRock Inc.)
Free Audio Converter version 5.0.30.1029 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hidden
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
In The Spotlight Paper Pack-(LLLCrtn) (HKLM-x32\...\7096-1000-0001-7282) (Version: 3.0 - StoryRock Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden
Intel(R) PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 16 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.55.0 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.00.02 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: - Lenovo)
Let Freedom Ring Extra Alpha-(jsscrap) (HKLM-x32\...\7096-3077-4632-8195) (Version: 1.0 - StoryRock Inc.)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}) (Version: 1.18.26.7 - LightScribe)
Lovely Winter Glitters Addon-(BC) (HKLM-x32\...\7096-1000-0004-6007) (Version: 3.0 - StoryRock Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MM5 Our Memories Calendar-(StyRock) (HKLM-x32\...\7096-1000-0004-3216) (Version: 3.0 - StoryRock Inc.)
MM5 Winter Whispers-(DSP) (HKLM-x32\...\7096-1000-0004-3236) (Version: 3.0 - StoryRock Inc.)
Mobile Broadband (HKLM-x32\...\{986AB50A-A527-4F6D-8E8B-87FC3F0C2DBA}) (Version: 3.6.0006 - Lenovo)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Memories Suite 5.0 (HKLM-x32\...\5497-8361-8125-9170) (Version: 5.0.0.86 - StoryRock, Inc.)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.73.00 - )
Our Heritage Corner Cluster-(Kathryn) (HKLM-x32\...\7096-1000-0003-6236) (Version: 3.0 - StoryRock Inc.)
Photo Explosion Album SE (HKLM-x32\...\{822944D4-BC5D-44AE-9315-16C174D318B0}) (Version: 4.0.2.10 - Nova Development)
PhotoFiltre (HKCU\...\PhotoFiltre) (Version: - )
PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.66.1 - Lenovo Group Limited)
Pretty Lace Paper Pack 1 (HKLM-x32\...\7096-1000-0002-4905) (Version: 3.0 - StoryRock Inc.)
Publish to Photo Frame (HKLM-x32\...\{6E6D21BA-82D7-451A-8B2C-465B3AC9824E}) (Version: 1.0.3.0 - Roger Lipscombe)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6053 - Realtek Semiconductor Corp.)
Recover Files 3.29 (HKLM-x32\...\Recover Files_is1) (Version: - Undelete & Unerase, Inc.)
Red Candy Stripe Alphabet-(DCS) (HKLM-x32\...\7096-1000-0002-5814) (Version: 3.0 - StoryRock Inc.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RegRun Reanimator (HKLM-x32\...\Greatis Reanimator_is1) (Version: - Greatis Software, LLC.)
Remember When-(CSC) (HKLM-x32\...\7096-1000-0004-6866) (Version: 3.0 - StoryRock Inc.)
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
RoboForm 7-9-2-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-2-5 - Siber Systems)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Small Business Edition (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Small Business Edition (x32 Version: 10.3.081 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan2PC (HKLM-x32\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.0.21 - Q)
School Years Quickpages (HKLM-x32\...\7096-1000-0002-6731) (Version: 3.0 - StoryRock Inc.)
Scrap It Simple Papers-(BC) (HKLM-x32\...\7096-1000-0002-6850) (Version: 3.0 - StoryRock Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shabtastic Monograms-(jsscrap) (HKLM-x32\...\7096-3077-4632-6966) (Version: 1.0 - StoryRock Inc.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Snowflake Kisses Quickpage2-(TBAB) (HKLM-x32\...\7096-1000-0002-8053) (Version: 3.0 - StoryRock Inc.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM-x32\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Sparkler QuickPage-(MgR) (HKLM-x32\...\7096-1000-0002-8493) (Version: 3.0 - StoryRock Inc.)
System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 5.72 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.26 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
Touchdown Navy-(LinJane) (HKLM-x32\...\7096-1000-0004-8427) (Version: 3.0 - StoryRock Inc.)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
Twenty Fourteen Extra Papers-(acreatn) (HKLM-x32\...\7096-1000-0004-6599) (Version: 3.0 - StoryRock Inc.)
UnHackMe 7.20 release (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Uniquely Fabulous Frames-(TBAB) (HKLM-x32\...\7096-1000-0003-2764) (Version: 3.0 - StoryRock Inc.)
Unwipe (HKLM-x32\...\{57BC9B68-78D7-4464-B6FE-1A0BB2D3737A}_is1) (Version: - Blitware Technology Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{C64A877E-DF8D-4017-AA82-000A77C6D809}) (Version: 3.1.4 - Smith Micro Software, Inc.)
WD Quick View (HKLM-x32\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================
01-09-2014 08:00:13 Windows Update
01-09-2014 15:15:49 RegRun Virus Scan
01-09-2014 19:19:37 Windows Update
01-09-2014 20:35:40 RegRun Virus Scan
02-09-2014 00:00:02 RegRun Virus Scan
02-09-2014 00:19:08 DLL-Files Fixer Mon, Sep 01, 14 19:19
02-09-2014 00:37:34 RegRun Virus Scan
02-09-2014 18:33:51 RegRun Virus Scan
03-09-2014 00:24:33 RegRun Virus Scan
03-09-2014 14:04:52 RegRun Virus Scan
03-09-2014 14:32:30 RegRun Virus Scan
04-09-2014 19:56:24 Windows Update
06-09-2014 21:23:37 virussxssrv
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-09-07 17:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1BF010C1-5BC9-40F7-9F58-EB1A6B1301B6} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-12-04] (Siber Systems)
Task: {2CF61DBE-49D4-403C-9E49-E4955C48481B} - System32\Tasks\JavaUpdateSched => C:\Windows\SysWOW64\jusched.exe
Task: {34D85213-FB24-4B34-8DFF-905FE0C89409} - System32\Tasks\{708F58BB-D67E-449B-9F31-01D43CEE27FF} => C:\Program Files (x86)\My Memories Suite\My Memories Suite.exe [2013-11-27] (StoryRock, Inc.)
Task: {3FF4D50F-4B82-4C97-AF68-4AC2CB9C04C3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {476020F0-2B6C-435A-B2AA-53CC393F6B9D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-29] (Synaptics Incorporated)
Task: {56291F2C-44F9-44C1-8142-1CC5AC076AB1} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {56DA844F-962D-4BD2-A946-9165FD49C6A6} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {68E3ACFA-F556-432D-AFF7-68AEF416F0FC} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2014-06-30] (Greatis Software)
Task: {6EE2B7BD-C289-458B-B248-59E7E3DF8842} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {70128A5C-7191-4350-AB70-FC80CBB62261} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {75CD45BC-D805-4959-9152-6C1C1F43360C} - System32\Tasks\{C18A6991-470D-4DA5-A1F4-200922EBA00B} => C:\Program Files (x86)\My Memories Suite\My Memories Suite.exe [2013-11-27] (StoryRock, Inc.)
Task: {7D784CA9-BA20-4C20-83D6-5B8D67997E59} - System32\Tasks\{E7391FBD-80ED-4080-897D-1372E27FC3A5} => Firefox.exe
Task: {86C25857-2CCE-4382-BF7F-330EBC90BE27} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {92080631-83FB-4CB0-BAE4-C8EC19EF94A4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.h...JDJKJKJBJPNHLKIBJLIKJNIJNKJCMJNNICMJNDJCMKJBJ"
Task: {97C38FAB-C856-4AB2-A5FF-66AF7213F404} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A625DA9A-EB40-46FE-A6A3-E12059E5632D} - System32\Tasks\Scanning => C:\Program Files (x86)\Scan2PC\Sc2PCSvc.exe [2009-08-10] ()
Task: {B2040566-C9BE-489D-BCC0-19FB103F3B51} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {CE98762D-DCE3-4F52-919F-F89049F01C43} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {CEF1DDFC-B805-420A-8A9B-24558342DB50} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CF53F5DA-60AD-4F75-B135-18C5611C50DB} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-06-25] (Lenovo Group Limited)
Task: {E3ED8877-1A25-4E92-AC5B-DE0A189B4B63} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {E787B979-6E15-4A3D-B40F-68E5682AFFEF} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {EA683657-BEAF-40E8-B9A4-DE9BDC6CE99C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-31] (Adobe Systems Incorporated)
Task: {F81553F1-F110-4375-B235-7E51CB171E2D} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe [2009-08-28] (Lenovo Limited Group Corporation)
Task: {F8FC4E5E-FA00-4B37-A19C-363A10D8D8EE} - System32\Tasks\{F35187B8-9E40-4B3F-B422-B6BC375B7022} => C:\Program Files (x86)\UnHackMe\reanimator.exe [2014-06-30] (Greatis Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2013-10-02 07:46 - 2012-08-08 21:36 - 00254552 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-11-04 02:02 - 2014-06-25 06:06 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ZeroConfigService => 2
==================== Faulty Device Manager Devices =============
Name: Synaptics SMBus Driver
Description: Synaptics SMBus Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: SmbDrvI
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter
Description: Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter
Class Guid: {dad27e18-2598-4484-98b0-5dba8e007f6a}
Manufacturer: Intel Corporation
Service: AMPPAL
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-09-07 17:17:20.550
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-07 17:17:20.267
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-04-13 13:45:50.537
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Kathleen\Desktop\ip8500x64190en\cnmpar21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-04-13 13:45:50.522
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Kathleen\Desktop\ip8500x64190en\cnmpar21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 2936.86 MB
Available physical RAM: 1448.52 MB
Total Pagefile: 5871.9 MB
Available Pagefile: 3931.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:129.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (CD_ROM) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS
Drive e: (USB20FD) (Removable) (Total:7.53 GB) (Free:7.53 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.57 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 92BEC880)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
==================== End Of Log ============================

 

[Broni]

Catalina Savings Printer.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Phil Hunter]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Kathleen at 2014-09-08 08:54:35 Run:1
Running from C:\Users\Kathleen\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKCU - No Name - {0D792CB2-2654-4E99-A597-7FC317F04D61} - No File
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - No File
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 sptd; System32\Drivers\sptd.sys [X]
U2 TMAgent; No ImagePath
C:\Users\Default\LightScribeSimpleLabeler_1.18.26.7.exe
C:\Users\Default\LightScribeTemplateLabeler_1.18.26.7.exe
C:\Users\Default\LS_Update_1.18.26.7_.exe
C:\Users\Kathleen\aaw2008.exe
C:\Users\Kathleen\backup of drives keys.reg
C:\Users\Kathleen\DataVault.dat
C:\Users\Kathleen\db_pcc.dat
C:\Users\Kathleen\Firefox Setup 2.0.0.11.exe
C:\Users\Kathleen\HousecallLauncher64.exe
C:\Users\Kathleen\Thunderbird Setup 2.0.0.9.exe
C:\Users\Kathleen\Tmsrl.dat
C:\Users\Kathleen\AppData\Local\Temp\Quarantine.exe

*****************
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}" => Key deleted successfully.
"HKCR\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0D792CB2-2654-4E99-A597-7FC317F04D61} => value deleted successfully.
"HKCR\CLSID\{0D792CB2-2654-4E99-A597-7FC317F04D61}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value deleted successfully.
"HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}" => Key not found.
"HKCR\PROTOCOLS\Handler\belarc" => Key deleted successfully.
"HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}" => Key not found.
"HKCR\PROTOCOLS\Handler\tmbp" => Key deleted successfully.
"HKCR\CLSID\{1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\tmpx" => Key deleted successfully.
"HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\tmtb" => Key deleted successfully.
"HKCR\CLSID\{04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42}" => Key not found.
"HKCR\PROTOCOLS\Handler\tmtbim" => Key deleted successfully.
"HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10}" => Key not found.
Amsp => Unable to stop service
Amsp => Error deleting Service
catchme => Service deleted successfully.
sptd => Service deleted successfully.
TMAgent => Service deleted successfully.
C:\Users\Default\LightScribeSimpleLabeler_1.18.26.7.exe => Moved successfully.
C:\Users\Default\LightScribeTemplateLabeler_1.18.26.7.exe => Moved successfully.
C:\Users\Default\LS_Update_1.18.26.7_.exe => Moved successfully.
C:\Users\Kathleen\aaw2008.exe => Moved successfully.
C:\Users\Kathleen\backup of drives keys.reg => Moved successfully.
C:\Users\Kathleen\DataVault.dat => Moved successfully.
C:\Users\Kathleen\db_pcc.dat => Moved successfully.
C:\Users\Kathleen\Firefox Setup 2.0.0.11.exe => Moved successfully.
C:\Users\Kathleen\HousecallLauncher64.exe => Moved successfully.
C:\Users\Kathleen\Thunderbird Setup 2.0.0.9.exe => Moved successfully.
C:\Users\Kathleen\Tmsrl.dat => Moved successfully.
C:\Users\Kathleen\AppData\Local\Temp\Quarantine.exe => Moved successfully.
==== End of Fixlog ====

 

[Phil Hunter]

I think I have posted everything asked for. Let me know if anything else needs to be done.

 

[Broni]

How is computer doing?

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Internet Explorer users - Click on this link to open ESET OnlineScan.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    [/LIST]
    [*]Check [I]"YES, I accept the Terms of Use."[/I]
    [*]Click the [b]Start[/b] button.
    [*]Accept any security warnings from your browser.[/*]
    [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
    [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
    Do NOT checkmark [I]"Use custom proxy settings"[/I]
    [*]Click the [b]Start[/b] button.
    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    [*]When the scan completes, click [b]List Threats[/b][/*]
    [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    [*]Click the [b]Back[/b] button.
    [*]Click the [b]Finish[/b] button.
    [/LIST]

 

[Phil Hunter]

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader 10.1.11 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Phil Hunter]

Farbar Service Scanner Version: 21-07-2014
Ran by Kathleen (administrator) on 08-09-2014 at 20:18:33
Running from "C:\Users\Kathleen\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****