[RESOLVED] "windows installer" problem - malwarebytes & dds logs

Printable View

Show 40 post(s) from this thread on one page

April 4th, 2014, 12:40 PM
terryZ

registry mechanic removed yesterday. no change in "problem".

next time i'll be able to run ESET is monday evening.

i'll report on tuesday.
April 4th, 2014, 01:32 PM
Broni

http://discussions.virtualdr.com/
April 8th, 2014, 09:52 AM
terryZ

eset ran overnight. output follows:

C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbk323C.tmp HTML/Phishing.DHL.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbk4418.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbk49C1.tmp HTML/Iframe.gen trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbk7230.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbk8405.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbk906.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbk9ACF.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbkB2DA.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbkB86F.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbkE2A9.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbkF0D.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKZI87EZ\wbkF36D.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbk11EB.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbk13CB.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbk234A.tmp HTML/Phishing.DHL.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbk3A48.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbk5581.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbk59B1.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbk66A.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbk8C8A.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbk90C.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbkA280.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbkD1C2.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbkEB81.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6MURJ59\wbkF2AD.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKTKCVXF\wbk1877.tmp HTML/Fraud.AV trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKTKCVXF\wbk281E.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKTKCVXF\wbk3332.tmp HTML/Phishing.DHL.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKTKCVXF\wbk3CE6.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKTKCVXF\wbkCE8F.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKTKCVXF\wbkEE70.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKTKCVXF\wbkEE9.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
C:\Users\Schramm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKTKCVXF\wbkF88E.tmp HTML/Phishing.LinkedIn.A trojan cleaned by deleting - quarantined
April 8th, 2014, 09:59 AM
terryZ

i'll re-run FRST at first opportunity. i have to leave early today (MD appt). i don't remember if FRST is a quick or long scan; ie, whether i can run it when he's at lunch or need to run it overnight.

in case i haven't said this before, thanks a lot, broni, for taking the time to help me with this.
April 8th, 2014, 03:37 PM
terryZ

i'll find out for myself. he's supposed leaving before i do today. i'll run it then.
April 8th, 2014, 04:45 PM
terryZ

managed to run FRST before i left. here is the output:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Schramm (administrator) on BOBS on 08-04-2014 15:16:48
Running from C:\Users\Schramm\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Agere Systems) C:\Windows\system32\agr64svc.exe
() C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
( ) C:\Windows\system32\LMabcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
( ) C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Creative) C:\Windows\CNYHKey.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\Schramm\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\MHotkey.exe
(Chicony) C:\Windows\ModLedKey.exe
() C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
(Chicony) C:\Windows\ChiFuncExt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6455840 2008-08-04] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-08-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM-x32\...\Run: [LchDrvKey] - C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] - C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Smart Copy] - C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe [53248 2008-05-21] (IOI)
HKLM-x32\...\Run: [P2Go_Menu] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-2992264124-1819922224-2624420910-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2992264124-1819922224-2624420910-1000\...\Run: [LMab1err] - C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-08-03] ( )
HKU\S-1-5-21-2992264124-1819922224-2624420910-1000\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2992264124-1819922224-2624420910-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-06-30] (Google Inc.)
Startup: C:\Users\Schramm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Schramm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Schramm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\Users\Schramm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...09&m=lx4710-01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...09&m=lx4710-01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {28CD5221-96D7-48A0-4C85-4011514F7187} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - {28CD5221-96D7-48A0-4C85-4011514F7187} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS334US334
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Web Search
CHR DefaultSearchURL: http://www.google.com
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Wallet) - C:\Users\Schramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Norton Identity Protection) - C:\Users\Schramm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-01-09]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx [2014-03-20]

==================== Services (Whitelisted) =================

R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] ()
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2010-08-03] ( )
R2 lmab_device; C:\Windows\SysWOW64\LMabcoms.exe [593920 2010-08-03] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe [262968 2014-03-12] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe [130104 2014-03-11] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07000.02B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-13] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\IPSDefs\20140405.001\IDSvia64.sys [525016 2014-03-27] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20140408.008\ENG64.SYS [126040 2013-12-13] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.0.100\Definitions\VirusDefs\20140408.008\EX64.SYS [2099288 2013-12-13] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1502000.026\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1502000.026\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1502000.026\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NAVx64\1502000.026\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SYMDNS; \??\C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMDNS.SYS [X]
S3 SYMFW; \SystemRoot\System32\Drivers\NAVx64\1008000.026\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NAVx64\1008000.026\SYMNDISV.SYS [X]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMREDRV.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-08 15:16 - 2014-04-08 15:16 - 00018394 _____ () C:\Users\Schramm\Desktop\FRST.txt
2014-04-08 15:07 - 2014-04-08 15:07 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C26BE9DD-4CC2-4593-95C7-5F4B2E72B38E}
2014-04-08 14:48 - 2014-04-08 14:49 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{E0A32DB6-F79A-4F58-9B5D-53AB049E6FAC}
2014-04-08 13:53 - 2014-04-08 13:54 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{745DAD40-759B-4914-95F1-894BABD51A28}
2014-04-08 13:50 - 2014-04-08 13:50 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{D0230088-4B5C-496D-8F2A-A2181D6FE28E}
2014-04-08 13:00 - 2014-04-08 13:01 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{0CDB40C2-3331-4D9E-9B43-3F5662436120}
2014-04-08 12:35 - 2014-04-08 12:36 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C1D4A294-85BF-4796-BB2B-267FCDAC5238}
2014-04-08 12:02 - 2014-04-08 12:02 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C3956265-8498-4B5E-A496-E469B905B04C}
2014-04-08 09:21 - 2014-04-08 12:19 - 00016261 _____ () C:\Users\Schramm\Documents\Young Frankenstein.ods
2014-04-08 09:16 - 2014-04-08 09:16 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B873375E-41CD-4878-876F-936996549826}
2014-04-08 09:04 - 2014-04-08 09:04 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{F884AB8C-1D4B-437A-869E-0FF1101CBB69}
2014-04-08 08:52 - 2014-04-08 08:53 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{71B980FB-3DC2-4EDB-9B2B-C2D0759C34BD}
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C3524695-C87E-48B0-8639-38FDCE34087C}
2014-04-08 08:29 - 2014-04-08 08:29 - 00011532 _____ () C:\Windows\dd_vcredistUI01C3.txt
2014-04-08 08:29 - 2014-04-08 08:29 - 00009422 _____ () C:\Windows\dd_vcredistMSI01C3.txt
2014-04-08 08:27 - 2014-04-08 08:27 - 00005702 _____ () C:\Users\Schramm\Desktop\esetscan.txt
2014-04-08 03:00 - 2014-04-08 03:00 - 00011532 _____ () C:\Windows\dd_vcredistUI061F.txt
2014-04-08 03:00 - 2014-04-08 03:00 - 00009690 _____ () C:\Windows\dd_vcredistMSI061F.txt
2014-04-07 17:31 - 2014-04-07 17:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-07 17:12 - 2014-04-07 17:13 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4788CD23-7493-42B5-83A9-4C2CC1E450C9}
2014-04-07 15:22 - 2014-04-07 15:22 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{9D3AEBEB-7169-4B82-8925-685A7A1A4819}
2014-04-07 14:43 - 2014-04-07 14:43 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B895EE09-B74D-4631-B41F-3030523E7CD6}
2014-04-07 13:38 - 2014-04-07 13:38 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{8BE75A78-6A02-4C6E-B4E9-75C19FC0CE98}
2014-04-07 12:58 - 2014-04-07 12:58 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{899BFDE0-E1E0-47B0-BAA2-1A43879F1EB8}
2014-04-07 11:03 - 2014-04-07 11:03 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{F80922D7-23A1-41EA-92CB-29A932302462}
2014-04-07 10:59 - 2014-04-07 10:59 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{E191BC68-2FDE-46EE-BE61-5C49FAFC6891}
2014-04-07 08:30 - 2014-04-07 08:30 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{1CA989A9-A666-4F32-9D05-3E99D6FCABDE}
2014-04-07 08:28 - 2014-04-07 08:29 - 00004434 _____ () C:\Windows\dd_vcredistMSI333C.txt
2014-04-07 08:28 - 2014-04-07 08:28 - 00011548 _____ () C:\Windows\dd_vcredistUI333C.txt
2014-04-05 17:27 - 2014-04-05 17:27 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{A6D28132-A067-4BB7-94DE-C1947942F745}
2014-04-05 16:28 - 2014-04-05 16:28 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{D3870DC9-D277-4B1F-BE98-C70F8BDD077D}
2014-04-05 15:13 - 2014-04-05 15:13 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{12719030-368F-41BC-ACD4-2BE005ADA83D}
2014-04-05 14:05 - 2014-04-05 14:05 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{3945050D-08F9-42F3-A49F-74D9E582622C}
2014-04-05 13:26 - 2014-04-05 13:27 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{CF9B4FF0-E313-4B8B-B92E-8969D28325EA}
2014-04-05 08:39 - 2014-04-05 08:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{70853FCA-A750-4588-A7E5-30EAC07F0ACD}
2014-04-05 08:33 - 2014-04-05 08:33 - 00011548 _____ () C:\Windows\dd_vcredistUI1A60.txt
2014-04-05 08:33 - 2014-04-05 08:33 - 00009706 _____ () C:\Windows\dd_vcredistMSI1A60.txt
2014-04-05 08:28 - 2014-04-05 08:28 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{180150B3-864E-4D30-A363-252455342D26}
2014-04-04 17:31 - 2014-04-04 17:31 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6C45FC06-ECFF-4A03-A249-779E442526E5}
2014-04-04 17:13 - 2014-04-04 17:13 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4584F89E-C322-47F2-8B81-886CD91EBBDE}
2014-04-04 13:55 - 2014-04-04 13:55 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{DAFF18D2-FB19-40ED-B64C-B3DE209DF8CB}
2014-04-04 13:31 - 2014-04-04 13:31 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{27AEF02A-6921-4892-963F-68E1F24B644A}
2014-04-04 10:40 - 2014-04-04 10:40 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{F85462DB-6756-4013-BF9A-5B2EE4A2563E}
2014-04-04 10:34 - 2014-04-04 10:35 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B1FC7120-E4EF-4673-8D7C-4F0A924CC65B}
2014-04-04 09:52 - 2014-04-04 09:52 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{84534D1F-3736-400D-8A78-01DA9EFCDF14}
2014-04-04 09:43 - 2014-04-04 09:44 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{FF1ECB8C-42CA-478E-A94E-5800386151B3}
2014-04-04 08:30 - 2014-04-04 08:30 - 00011532 _____ () C:\Windows\dd_vcredistUI49E2.txt
2014-04-04 08:30 - 2014-04-04 08:30 - 00009690 _____ () C:\Windows\dd_vcredistMSI49E2.txt
2014-04-04 08:26 - 2014-04-04 08:26 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{E3089587-6262-4D27-BD71-2151F4CCCA10}
2014-04-03 16:01 - 2014-04-03 16:01 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{04B4B75F-0E0B-45C4-8BC7-961FC1A848FF}
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{EED5FDA0-43FF-4FD2-9F9B-90B1689E7EA9}
2014-04-03 13:51 - 2014-04-03 13:51 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{1CA585B5-3A01-49B3-84D3-C2520EEED584}
2014-04-03 13:45 - 2014-04-03 13:45 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{9651DB95-0DA7-4DAA-AA6E-E0A5967F9E85}
2014-04-03 13:07 - 2014-04-03 13:07 - 00015052 _____ () C:\Windows\dd_vcredistUI4FCF.txt
2014-04-03 13:07 - 2014-04-03 13:07 - 00009694 _____ () C:\Windows\dd_vcredistMSI4FCF.txt
2014-04-03 13:03 - 2014-04-03 13:03 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6C6C63F1-3135-4440-BC88-FCA4149CEBD0}
2014-04-03 11:30 - 2014-04-03 11:31 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{FC2EC163-C0A7-411B-90F7-698FFC7B617A}
2014-04-03 11:19 - 2014-04-03 11:19 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4A1DFCC1-BF30-427F-B588-C745B100A377}
2014-04-03 11:00 - 2014-04-03 11:00 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{7926C017-2EE8-4D1D-86B2-A27CE2081AFD}
2014-04-03 10:54 - 2014-04-03 10:54 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6ED90490-042F-46ED-BAB4-0D8DEE6D5061}
2014-04-03 10:13 - 2014-04-03 10:13 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{36E475EF-A1FF-4841-BE0A-069D27FF4302}
2014-04-03 09:29 - 2014-04-03 09:29 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B0DDE337-4A86-48EC-A2F3-8B8D75A891CC}
2014-04-03 08:52 - 2014-04-03 08:52 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{ECAD45B4-3F35-4638-BEDE-AD29E4E4FEFD}
2014-04-03 08:40 - 2014-04-03 08:40 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{FC0D5BB1-6365-40EA-9F24-2EDA0DA747D3}
2014-04-03 03:00 - 2014-04-03 03:00 - 00012408 _____ () C:\Windows\dd_vcredistUI7F62.txt
2014-04-03 03:00 - 2014-04-03 03:00 - 00009690 _____ () C:\Windows\dd_vcredistMSI7F62.txt
2014-04-02 17:30 - 2014-04-02 17:30 - 00011564 _____ () C:\Windows\dd_vcredistUI4B22.txt
2014-04-02 17:30 - 2014-04-02 17:30 - 00009726 _____ () C:\Windows\dd_vcredistMSI4B22.txt
2014-04-02 17:17 - 2014-04-02 17:18 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{7FDC48C9-CBFE-41B5-B7C0-48C15682CB3C}
2014-04-02 17:09 - 2014-04-02 17:09 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{83EEBCBF-DC40-460C-ACDE-0CF78ECB47A2}
2014-04-02 16:02 - 2014-04-02 16:02 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{8600EF18-1484-444B-B48B-9C1127B7689C}
2014-04-02 15:52 - 2014-04-02 15:52 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{BD003554-F3C6-4043-876B-15CEB5867E1C}
2014-04-02 13:37 - 2014-04-02 13:37 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{9A0DA39F-D62C-4BA9-AF03-C9D6CA1F9974}
2014-04-02 13:21 - 2014-04-02 13:21 - 00448512 _____ (OldTimer Tools) C:\Users\Schramm\Desktop\TFC.exe
2014-04-02 13:17 - 2014-04-02 13:18 - 00002693 _____ () C:\Users\Schramm\Desktop\FSS.txt
2014-04-02 13:17 - 2014-04-02 13:17 - 00000952 _____ () C:\Users\Schramm\Desktop\checkup.txt
2014-04-02 13:15 - 2014-04-02 13:15 - 00987448 _____ () C:\Users\Schramm\Desktop\SecurityCheck.exe
2014-04-02 13:15 - 2014-04-02 13:15 - 00409600 _____ (Farbar) C:\Users\Schramm\Desktop\FSS.exe
2014-04-02 12:19 - 2014-04-02 12:19 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{32BBE8FE-E12C-4DEC-AAAB-71F30D5DA74C}
2014-04-02 10:05 - 2014-04-02 10:05 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{087BE585-7A3C-41D2-A183-0F985AF7ACE0}
2014-04-02 09:54 - 2014-04-02 09:54 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{12EF5F1C-E71C-4672-A42A-714A7BFFE7DF}
2014-04-02 09:29 - 2014-04-02 09:29 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{A426EAAB-90B8-437F-94B2-F2475C0F0D14}
2014-04-02 09:28 - 2014-04-02 09:28 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{F6523619-7ED7-4074-9E26-8128E8B3E635}
2014-04-02 08:53 - 2014-04-02 08:54 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C18B7557-73FB-4C05-973F-D8A3B5483651}
2014-04-02 08:41 - 2014-04-02 08:42 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4D02F964-6326-4A15-9A9A-8D8931E25C55}
2014-04-02 08:26 - 2014-04-02 08:26 - 00011548 _____ () C:\Windows\dd_vcredistUI2A95.txt
2014-04-02 08:26 - 2014-04-02 08:26 - 00009706 _____ () C:\Windows\dd_vcredistMSI2A95.txt
2014-04-02 08:22 - 2014-04-02 08:22 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6B1AE622-34D1-49C7-AFEC-ADF825A91840}
2014-04-01 17:30 - 2014-04-01 17:30 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{7254268F-855A-4D58-99E3-F987DCF724A8}
2014-04-01 16:58 - 2014-04-01 16:58 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B4E3A625-62A4-44AD-BF11-13916508015A}
2014-04-01 14:32 - 2014-04-01 14:33 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6C56D576-F446-47CB-B5C7-0CE092764486}
2014-04-01 13:59 - 2014-04-01 13:59 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{AEB74620-C998-4951-8B9A-9A9A3334FB14}
2014-04-01 12:39 - 2014-04-01 12:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{E2591BEF-82B3-459A-BCD5-B74ADDC2DA55}
2014-04-01 11:52 - 2014-04-01 11:52 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{7AE18D26-6B28-4C45-8E7F-37DF02F6A21D}
2014-04-01 10:32 - 2014-04-01 10:32 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{724B2B7A-9EBD-431B-B5AD-E2CD98BC7943}
2014-04-01 09:20 - 2014-04-01 09:20 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{98FD4B51-AC62-45C4-9517-8C7CEA122E50}
2014-04-01 09:08 - 2014-04-01 09:09 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{DEF2DBB4-352F-4B5A-ACE2-DFDCE63AC864}
2014-04-01 08:50 - 2014-04-01 08:51 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{57E7F1AF-56B8-4BC6-BD2F-3887CFCCDBC0}
2014-04-01 08:48 - 2014-04-01 08:50 - 00004482 _____ () C:\Windows\dd_vcredistMSI6D6D.txt
2014-04-01 08:48 - 2014-04-01 08:48 - 00011644 _____ () C:\Windows\dd_vcredistUI6D6D.txt
2014-03-31 16:53 - 2014-03-31 16:53 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B93753DD-C7D8-424F-BB07-CF36ABE6A989}
2014-03-31 15:55 - 2014-03-31 15:55 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{3DC7D94F-2BB7-428A-A104-490936DA9881}
2014-03-31 15:44 - 2014-03-31 15:44 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{109CDE45-0A8D-4A10-9B86-9FEA4D6B3042}
2014-03-31 14:39 - 2014-03-31 14:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{0D2EC310-F739-4444-9974-BCC599AC7893}
2014-03-31 13:37 - 2014-03-31 13:37 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{02FC42D1-E199-4513-8B20-E21C35CF131F}
2014-03-31 12:30 - 2014-03-31 12:30 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{255ECC6F-824D-48A8-9659-4BDBD2AD6B7D}
2014-03-31 11:57 - 2014-03-31 11:58 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{37A747D9-9465-4F2C-8653-1F957271C391}
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{1B77B002-7675-46EF-B3CC-8CBE10AF6C8F}
2014-03-31 09:27 - 2014-03-31 09:27 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{51DFEE79-818D-4789-ACB7-F438346168BB}
2014-03-31 09:07 - 2014-03-31 09:07 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{98A59C2B-C4E3-4FDD-8BA7-1CAE38DF27D2}
2014-03-31 08:50 - 2014-03-31 08:50 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6E7BDD7E-0B7E-4848-868F-7CB351382166}
2014-03-28 14:51 - 2014-03-28 14:51 - 00011564 _____ () C:\Windows\dd_vcredistUI4AA2.txt
2014-03-28 14:51 - 2014-03-28 14:51 - 00009730 _____ () C:\Windows\dd_vcredistMSI4AA2.txt
2014-03-28 14:41 - 2014-04-08 15:16 - 00000000 ____D () C:\Users\Schramm\Desktop\malware fixes
2014-03-28 14:12 - 2014-03-28 14:12 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{97874D24-1BB9-457C-BDAA-45F7CC94A94A}
2014-03-28 13:57 - 2014-03-28 13:58 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4ECCFB87-A04A-44B4-BDB2-80742B793891}
2014-03-28 12:48 - 2014-03-28 12:48 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{468BA500-8723-424C-818A-26D87AC18473}
2014-03-28 12:39 - 2014-03-28 12:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{CA942BBF-7999-4408-AB82-CF6D2DE7262C}
2014-03-28 12:17 - 2014-03-28 12:17 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{9A988B25-776A-467D-BB3B-703CC416753F}
2014-03-28 12:03 - 2014-03-28 12:03 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{0EEFE69D-B318-4EEC-A923-EA3B269C6385}
2014-03-28 11:40 - 2014-03-28 11:41 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{581B8458-27E6-4CA5-A17F-A7FB192DE312}
2014-03-28 11:28 - 2014-03-28 11:28 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{AF27D0B6-117C-4E37-86CC-C1FC6DD7B75A}
2014-03-28 08:39 - 2014-03-28 08:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C0BAD30B-58AA-4FA6-A6C1-BACD790BEC60}
2014-03-27 12:14 - 2014-03-27 12:14 - 00011596 _____ () C:\Windows\dd_vcredistUI0450.txt
2014-03-27 12:14 - 2014-03-27 12:14 - 00009762 _____ () C:\Windows\dd_vcredistMSI0450.txt
2014-03-27 11:39 - 2014-04-08 15:16 - 00000000 ____D () C:\FRST
2014-03-27 11:38 - 2014-03-27 11:38 - 02157056 _____ (Farbar) C:\Users\Schramm\Desktop\FRST64.exe
2014-03-27 10:07 - 2014-03-27 10:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-27 09:22 - 2014-03-27 09:56 - 00000000 ____D () C:\AdwCleaner
2014-03-26 14:17 - 2014-03-26 14:17 - 00011612 _____ () C:\Windows\dd_vcredistUI1424.txt
2014-03-26 14:17 - 2014-03-26 14:17 - 00009778 _____ () C:\Windows\dd_vcredistMSI1424.txt
2014-03-26 13:59 - 2014-03-26 13:59 - 00011612 _____ () C:\Windows\dd_vcredistUI0681.txt
2014-03-26 13:59 - 2014-03-26 13:59 - 00009510 _____ () C:\Windows\dd_vcredistMSI0681.txt
2014-03-26 13:29 - 2014-03-26 13:29 - 00011612 _____ () C:\Windows\dd_vcredistUI6FB9.txt
2014-03-26 13:29 - 2014-03-26 13:29 - 00009778 _____ () C:\Windows\dd_vcredistMSI6FB9.txt
2014-03-25 08:34 - 2014-03-25 08:34 - 00011596 _____ () C:\Windows\dd_vcredistUI3FB7.txt
2014-03-25 08:34 - 2014-03-25 08:34 - 00009758 _____ () C:\Windows\dd_vcredistMSI3FB7.txt
2014-03-25 08:34 - 2014-03-25 08:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-03-24 08:35 - 2014-03-24 08:35 - 00011628 _____ () C:\Windows\dd_vcredistUI729A.txt
2014-03-24 08:35 - 2014-03-24 08:35 - 00009790 _____ () C:\Windows\dd_vcredistMSI729A.txt
2014-03-22 08:29 - 2014-03-22 08:29 - 00011580 _____ () C:\Windows\dd_vcredistUI51A5.txt
2014-03-22 08:29 - 2014-03-22 08:29 - 00009742 _____ () C:\Windows\dd_vcredistMSI51A5.txt
2014-03-21 11:17 - 2014-03-21 11:17 - 00000822 _____ () C:\Users\Schramm\Desktop\SyncToy.exe - Shortcut.lnk
2014-03-21 08:57 - 2014-03-21 08:57 - 00011564 _____ () C:\Windows\dd_vcredistUI18FE.txt
2014-03-21 08:57 - 2014-03-21 08:57 - 00009726 _____ () C:\Windows\dd_vcredistMSI18FE.txt
2014-03-20 17:34 - 2014-03-20 17:34 - 00000000 ____D () C:\Qoobox
2014-03-20 17:33 - 2014-03-26 14:11 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-20 17:33 - 2014-03-20 17:33 - 00000000 ____D () C:\Windows\erdnt
2014-03-20 08:39 - 2014-03-20 08:40 - 00004430 _____ () C:\Windows\dd_vcredistMSI3D4C.txt
2014-03-20 08:39 - 2014-03-20 08:39 - 00011532 _____ () C:\Windows\dd_vcredistUI3D4C.txt
2014-03-19 08:44 - 2014-03-19 08:44 - 00011564 _____ () C:\Windows\dd_vcredistUI7301.txt
2014-03-19 08:44 - 2014-03-19 08:44 - 00009726 _____ () C:\Windows\dd_vcredistMSI7301.txt
2014-03-18 10:19 - 2014-03-18 11:24 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 08:55 - 2014-03-18 08:55 - 00011564 _____ () C:\Windows\dd_vcredistUI2CEC.txt
2014-03-18 08:55 - 2014-03-18 08:55 - 00002340 _____ () C:\Windows\dd_vcredistMSI2CEC.txt
2014-03-17 08:42 - 2014-03-17 09:05 - 00004478 _____ () C:\Windows\dd_vcredistMSI5499.txt
2014-03-17 08:42 - 2014-03-17 08:42 - 00011628 _____ () C:\Windows\dd_vcredistUI5499.txt
2014-03-15 08:44 - 2014-03-15 08:45 - 00004438 _____ () C:\Windows\dd_vcredistMSI3A38.txt
2014-03-15 08:44 - 2014-03-15 08:44 - 00012508 _____ () C:\Windows\dd_vcredistUI3A38.txt
2014-03-15 08:42 - 2014-02-23 02:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-15 08:42 - 2014-02-23 01:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-15 08:42 - 2014-02-23 01:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-15 08:42 - 2014-02-23 01:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-15 08:42 - 2014-02-23 01:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-15 08:42 - 2014-02-23 01:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-15 08:42 - 2014-02-23 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-15 08:42 - 2014-02-23 01:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-15 08:42 - 2014-02-23 01:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-15 08:42 - 2014-02-23 01:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-15 08:42 - 2014-02-23 01:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-15 08:42 - 2014-02-23 01:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-15 08:42 - 2014-02-23 01:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-15 08:42 - 2014-02-23 01:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-15 08:42 - 2014-02-23 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-15 08:42 - 2014-02-23 01:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-15 08:42 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-15 08:42 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-15 08:42 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-15 08:42 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-15 08:42 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-15 08:42 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-15 08:42 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-15 08:42 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-15 08:42 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-15 08:42 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-15 08:42 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-15 08:42 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-15 08:42 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-15 08:42 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-15 08:42 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-15 08:42 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 08:41 - 2014-02-07 07:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 08:41 - 2014-02-03 08:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 08:41 - 2014-02-03 05:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 08:41 - 2014-01-30 05:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 08:41 - 2014-01-30 02:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 08:41 - 2013-11-12 20:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-13 08:41 - 2013-11-12 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======
April 8th, 2014, 04:46 PM
terryZ

and ... the second half ...

==================== One Month Modified Files and Folders =======

2014-04-08 15:17 - 2014-04-08 15:16 - 00018394 _____ () C:\Users\Schramm\Desktop\FRST.txt
2014-04-08 15:17 - 2010-04-08 11:09 - 00000000 ____D () C:\Users\Schramm\AppData\Roaming\Dropbox
2014-04-08 15:16 - 2014-03-28 14:41 - 00000000 ____D () C:\Users\Schramm\Desktop\malware fixes
2014-04-08 15:16 - 2014-03-27 11:39 - 00000000 ____D () C:\FRST
2014-04-08 15:16 - 2010-04-08 11:14 - 00000000 ___RD () C:\Users\Schramm\Documents\My Dropbox
2014-04-08 15:15 - 2010-01-28 10:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 15:15 - 2009-02-13 06:53 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-04-08 15:15 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 15:15 - 2006-11-02 10:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 15:15 - 2006-11-02 10:22 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 15:09 - 2009-02-13 06:24 - 01755685 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 15:09 - 2006-11-02 10:42 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 15:07 - 2014-04-08 15:07 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C26BE9DD-4CC2-4593-95C7-5F4B2E72B38E}
2014-04-08 15:07 - 2010-05-20 15:40 - 00000000 ____D () C:\Users\Schramm\Documents\windows live mail
2014-04-08 14:49 - 2014-04-08 14:48 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{E0A32DB6-F79A-4F58-9B5D-53AB049E6FAC}
2014-04-08 14:24 - 2012-04-13 08:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 14:15 - 2010-01-28 10:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 13:54 - 2014-04-08 13:53 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{745DAD40-759B-4914-95F1-894BABD51A28}
2014-04-08 13:50 - 2014-04-08 13:50 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{D0230088-4B5C-496D-8F2A-A2181D6FE28E}
2014-04-08 13:01 - 2014-04-08 13:00 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{0CDB40C2-3331-4D9E-9B43-3F5662436120}
2014-04-08 12:36 - 2014-04-08 12:35 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C1D4A294-85BF-4796-BB2B-267FCDAC5238}
2014-04-08 12:19 - 2014-04-08 09:21 - 00016261 _____ () C:\Users\Schramm\Documents\Young Frankenstein.ods
2014-04-08 12:02 - 2014-04-08 12:02 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C3956265-8498-4B5E-A496-E469B905B04C}
2014-04-08 09:16 - 2014-04-08 09:16 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B873375E-41CD-4878-876F-936996549826}
2014-04-08 09:04 - 2014-04-08 09:04 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{F884AB8C-1D4B-437A-869E-0FF1101CBB69}
2014-04-08 08:53 - 2014-04-08 08:52 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{71B980FB-3DC2-4EDB-9B2B-C2D0759C34BD}
2014-04-08 08:38 - 2006-11-02 07:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 08:34 - 2014-04-08 08:34 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C3524695-C87E-48B0-8639-38FDCE34087C}
2014-04-08 08:29 - 2014-04-08 08:29 - 00011532 _____ () C:\Windows\dd_vcredistUI01C3.txt
2014-04-08 08:29 - 2014-04-08 08:29 - 00009422 _____ () C:\Windows\dd_vcredistMSI01C3.txt
2014-04-08 08:27 - 2014-04-08 08:27 - 00005702 _____ () C:\Users\Schramm\Desktop\esetscan.txt
2014-04-08 03:00 - 2014-04-08 03:00 - 00011532 _____ () C:\Windows\dd_vcredistUI061F.txt
2014-04-08 03:00 - 2014-04-08 03:00 - 00009690 _____ () C:\Windows\dd_vcredistMSI061F.txt
2014-04-07 17:31 - 2014-04-07 17:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-07 17:29 - 2009-07-01 14:12 - 16928768 _____ () C:\Users\Schramm\AppData\Local\filesync.metadata
2014-04-07 17:13 - 2014-04-07 17:12 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4788CD23-7493-42B5-83A9-4C2CC1E450C9}
2014-04-07 15:22 - 2014-04-07 15:22 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{9D3AEBEB-7169-4B82-8925-685A7A1A4819}
2014-04-07 14:43 - 2014-04-07 14:43 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B895EE09-B74D-4631-B41F-3030523E7CD6}
2014-04-07 13:38 - 2014-04-07 13:38 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{8BE75A78-6A02-4C6E-B4E9-75C19FC0CE98}
2014-04-07 12:58 - 2014-04-07 12:58 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{899BFDE0-E1E0-47B0-BAA2-1A43879F1EB8}
2014-04-07 11:03 - 2014-04-07 11:03 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{F80922D7-23A1-41EA-92CB-29A932302462}
2014-04-07 10:59 - 2014-04-07 10:59 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{E191BC68-2FDE-46EE-BE61-5C49FAFC6891}
2014-04-07 08:30 - 2014-04-07 08:30 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{1CA989A9-A666-4F32-9D05-3E99D6FCABDE}
2014-04-07 08:29 - 2014-04-07 08:28 - 00004434 _____ () C:\Windows\dd_vcredistMSI333C.txt
2014-04-07 08:28 - 2014-04-07 08:28 - 00011548 _____ () C:\Windows\dd_vcredistUI333C.txt
2014-04-05 17:27 - 2014-04-05 17:27 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{A6D28132-A067-4BB7-94DE-C1947942F745}
2014-04-05 16:28 - 2014-04-05 16:28 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{D3870DC9-D277-4B1F-BE98-C70F8BDD077D}
2014-04-05 15:13 - 2014-04-05 15:13 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{12719030-368F-41BC-ACD4-2BE005ADA83D}
2014-04-05 14:05 - 2014-04-05 14:05 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{3945050D-08F9-42F3-A49F-74D9E582622C}
2014-04-05 13:27 - 2014-04-05 13:26 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{CF9B4FF0-E313-4B8B-B92E-8969D28325EA}
2014-04-05 08:39 - 2014-04-05 08:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{70853FCA-A750-4588-A7E5-30EAC07F0ACD}
2014-04-05 08:33 - 2014-04-05 08:33 - 00011548 _____ () C:\Windows\dd_vcredistUI1A60.txt
2014-04-05 08:33 - 2014-04-05 08:33 - 00009706 _____ () C:\Windows\dd_vcredistMSI1A60.txt
2014-04-05 08:28 - 2014-04-05 08:28 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{180150B3-864E-4D30-A363-252455342D26}
2014-04-04 17:31 - 2014-04-04 17:31 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6C45FC06-ECFF-4A03-A249-779E442526E5}
2014-04-04 17:15 - 2010-04-21 11:17 - 00000000 ____D () C:\Users\Schramm\AppData\Roaming\NwDocx
2014-04-04 17:13 - 2014-04-04 17:13 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4584F89E-C322-47F2-8B81-886CD91EBBDE}
2014-04-04 13:55 - 2014-04-04 13:55 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{DAFF18D2-FB19-40ED-B64C-B3DE209DF8CB}
2014-04-04 13:31 - 2014-04-04 13:31 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{27AEF02A-6921-4892-963F-68E1F24B644A}
2014-04-04 13:31 - 2011-04-29 12:08 - 00023552 _____ () C:\Users\Schramm\Documents\Housekeeping and supplies list for shopping.xls
2014-04-04 10:40 - 2014-04-04 10:40 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{F85462DB-6756-4013-BF9A-5B2EE4A2563E}
2014-04-04 10:35 - 2014-04-04 10:34 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B1FC7120-E4EF-4673-8D7C-4F0A924CC65B}
2014-04-04 09:52 - 2014-04-04 09:52 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{84534D1F-3736-400D-8A78-01DA9EFCDF14}
2014-04-04 09:44 - 2014-04-04 09:43 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{FF1ECB8C-42CA-478E-A94E-5800386151B3}
2014-04-04 08:30 - 2014-04-04 08:30 - 00011532 _____ () C:\Windows\dd_vcredistUI49E2.txt
2014-04-04 08:30 - 2014-04-04 08:30 - 00009690 _____ () C:\Windows\dd_vcredistMSI49E2.txt
2014-04-04 08:26 - 2014-04-04 08:26 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{E3089587-6262-4D27-BD71-2151F4CCCA10}
2014-04-03 16:01 - 2014-04-03 16:01 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{04B4B75F-0E0B-45C4-8BC7-961FC1A848FF}
2014-04-03 14:13 - 2014-04-03 14:13 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{EED5FDA0-43FF-4FD2-9F9B-90B1689E7EA9}
2014-04-03 13:51 - 2014-04-03 13:51 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{1CA585B5-3A01-49B3-84D3-C2520EEED584}
2014-04-03 13:45 - 2014-04-03 13:45 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{9651DB95-0DA7-4DAA-AA6E-E0A5967F9E85}
2014-04-03 13:09 - 2008-01-20 22:26 - 00291548 _____ () C:\Windows\PFRO.log
2014-04-03 13:07 - 2014-04-03 13:07 - 00015052 _____ () C:\Windows\dd_vcredistUI4FCF.txt
2014-04-03 13:07 - 2014-04-03 13:07 - 00009694 _____ () C:\Windows\dd_vcredistMSI4FCF.txt
2014-04-03 13:03 - 2014-04-03 13:03 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6C6C63F1-3135-4440-BC88-FCA4149CEBD0}
2014-04-03 11:31 - 2014-04-03 11:30 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{FC2EC163-C0A7-411B-90F7-698FFC7B617A}
2014-04-03 11:19 - 2014-04-03 11:19 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4A1DFCC1-BF30-427F-B588-C745B100A377}
2014-04-03 11:00 - 2014-04-03 11:00 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{7926C017-2EE8-4D1D-86B2-A27CE2081AFD}
2014-04-03 10:54 - 2014-04-03 10:54 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6ED90490-042F-46ED-BAB4-0D8DEE6D5061}
2014-04-03 10:13 - 2014-04-03 10:13 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{36E475EF-A1FF-4841-BE0A-069D27FF4302}
2014-04-03 09:29 - 2014-04-03 09:29 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B0DDE337-4A86-48EC-A2F3-8B8D75A891CC}
2014-04-03 08:52 - 2014-04-03 08:52 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{ECAD45B4-3F35-4638-BEDE-AD29E4E4FEFD}
2014-04-03 08:40 - 2014-04-03 08:40 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{FC0D5BB1-6365-40EA-9F24-2EDA0DA747D3}
2014-04-03 03:00 - 2014-04-03 03:00 - 00012408 _____ () C:\Windows\dd_vcredistUI7F62.txt
2014-04-03 03:00 - 2014-04-03 03:00 - 00009690 _____ () C:\Windows\dd_vcredistMSI7F62.txt
2014-04-02 17:30 - 2014-04-02 17:30 - 00011564 _____ () C:\Windows\dd_vcredistUI4B22.txt
2014-04-02 17:30 - 2014-04-02 17:30 - 00009726 _____ () C:\Windows\dd_vcredistMSI4B22.txt
2014-04-02 17:18 - 2014-04-02 17:17 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{7FDC48C9-CBFE-41B5-B7C0-48C15682CB3C}
2014-04-02 17:09 - 2014-04-02 17:09 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{83EEBCBF-DC40-460C-ACDE-0CF78ECB47A2}
2014-04-02 16:02 - 2014-04-02 16:02 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{8600EF18-1484-444B-B48B-9C1127B7689C}
2014-04-02 15:52 - 2014-04-02 15:52 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{BD003554-F3C6-4043-876B-15CEB5867E1C}
2014-04-02 13:37 - 2014-04-02 13:37 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{9A0DA39F-D62C-4BA9-AF03-C9D6CA1F9974}
2014-04-02 13:21 - 2014-04-02 13:21 - 00448512 _____ (OldTimer Tools) C:\Users\Schramm\Desktop\TFC.exe
2014-04-02 13:18 - 2014-04-02 13:17 - 00002693 _____ () C:\Users\Schramm\Desktop\FSS.txt
2014-04-02 13:17 - 2014-04-02 13:17 - 00000952 _____ () C:\Users\Schramm\Desktop\checkup.txt
2014-04-02 13:15 - 2014-04-02 13:15 - 00987448 _____ () C:\Users\Schramm\Desktop\SecurityCheck.exe
2014-04-02 13:15 - 2014-04-02 13:15 - 00409600 _____ (Farbar) C:\Users\Schramm\Desktop\FSS.exe
2014-04-02 12:19 - 2014-04-02 12:19 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{32BBE8FE-E12C-4DEC-AAAB-71F30D5DA74C}
2014-04-02 10:05 - 2014-04-02 10:05 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{087BE585-7A3C-41D2-A183-0F985AF7ACE0}
2014-04-02 09:54 - 2014-04-02 09:54 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{12EF5F1C-E71C-4672-A42A-714A7BFFE7DF}
2014-04-02 09:29 - 2014-04-02 09:29 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{A426EAAB-90B8-437F-94B2-F2475C0F0D14}
2014-04-02 09:28 - 2014-04-02 09:28 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{F6523619-7ED7-4074-9E26-8128E8B3E635}
2014-04-02 09:10 - 2010-01-28 10:21 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 09:10 - 2010-01-28 10:21 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-02 08:54 - 2014-04-02 08:53 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C18B7557-73FB-4C05-973F-D8A3B5483651}
2014-04-02 08:42 - 2014-04-02 08:41 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4D02F964-6326-4A15-9A9A-8D8931E25C55}
2014-04-02 08:26 - 2014-04-02 08:26 - 00011548 _____ () C:\Windows\dd_vcredistUI2A95.txt
2014-04-02 08:26 - 2014-04-02 08:26 - 00009706 _____ () C:\Windows\dd_vcredistMSI2A95.txt
2014-04-02 08:22 - 2014-04-02 08:22 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6B1AE622-34D1-49C7-AFEC-ADF825A91840}
2014-04-01 17:33 - 2011-02-01 16:43 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-04-01 17:30 - 2014-04-01 17:30 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{7254268F-855A-4D58-99E3-F987DCF724A8}
2014-04-01 16:58 - 2014-04-01 16:58 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B4E3A625-62A4-44AD-BF11-13916508015A}
2014-04-01 14:33 - 2014-04-01 14:32 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6C56D576-F446-47CB-B5C7-0CE092764486}
2014-04-01 13:59 - 2014-04-01 13:59 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{AEB74620-C998-4951-8B9A-9A9A3334FB14}
2014-04-01 12:39 - 2014-04-01 12:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{E2591BEF-82B3-459A-BCD5-B74ADDC2DA55}
2014-04-01 11:52 - 2014-04-01 11:52 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{7AE18D26-6B28-4C45-8E7F-37DF02F6A21D}
2014-04-01 10:32 - 2014-04-01 10:32 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{724B2B7A-9EBD-431B-B5AD-E2CD98BC7943}
2014-04-01 09:20 - 2014-04-01 09:20 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{98FD4B51-AC62-45C4-9517-8C7CEA122E50}
2014-04-01 09:09 - 2014-04-01 09:08 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{DEF2DBB4-352F-4B5A-ACE2-DFDCE63AC864}
2014-04-01 08:51 - 2014-04-01 08:50 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{57E7F1AF-56B8-4BC6-BD2F-3887CFCCDBC0}
2014-04-01 08:50 - 2014-04-01 08:48 - 00004482 _____ () C:\Windows\dd_vcredistMSI6D6D.txt
2014-04-01 08:48 - 2014-04-01 08:48 - 00011644 _____ () C:\Windows\dd_vcredistUI6D6D.txt
2014-03-31 16:53 - 2014-03-31 16:53 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{B93753DD-C7D8-424F-BB07-CF36ABE6A989}
2014-03-31 15:55 - 2014-03-31 15:55 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{3DC7D94F-2BB7-428A-A104-490936DA9881}
2014-03-31 15:44 - 2014-03-31 15:44 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{109CDE45-0A8D-4A10-9B86-9FEA4D6B3042}
2014-03-31 14:39 - 2014-03-31 14:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{0D2EC310-F739-4444-9974-BCC599AC7893}
2014-03-31 13:37 - 2014-03-31 13:37 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{02FC42D1-E199-4513-8B20-E21C35CF131F}
2014-03-31 12:30 - 2014-03-31 12:30 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{255ECC6F-824D-48A8-9659-4BDBD2AD6B7D}
2014-03-31 11:58 - 2014-03-31 11:57 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{37A747D9-9465-4F2C-8653-1F957271C391}
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{1B77B002-7675-46EF-B3CC-8CBE10AF6C8F}
2014-03-31 09:27 - 2014-03-31 09:27 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{51DFEE79-818D-4789-ACB7-F438346168BB}
2014-03-31 09:07 - 2014-03-31 09:07 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{98A59C2B-C4E3-4FDD-8BA7-1CAE38DF27D2}
2014-03-31 08:50 - 2014-03-31 08:50 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{6E7BDD7E-0B7E-4848-868F-7CB351382166}
2014-03-28 14:51 - 2014-03-28 14:51 - 00011564 _____ () C:\Windows\dd_vcredistUI4AA2.txt
2014-03-28 14:51 - 2014-03-28 14:51 - 00009730 _____ () C:\Windows\dd_vcredistMSI4AA2.txt
2014-03-28 14:43 - 2013-01-31 10:32 - 00116878 _____ () C:\Users\Schramm\Documents\Auction purchases - Invoice NYCO.eml
2014-03-28 14:43 - 2013-01-09 10:47 - 00614325 _____ () C:\Users\Schramm\Documents\Exhibiting at Theatre Fest - PLEASE READ.eml
2014-03-28 14:43 - 2009-06-30 11:29 - 00021614 _____ () C:\Users\Schramm\Documents\Masters Treasures Vintage Formalwear & Accessories.eml
2014-03-28 14:43 - 2009-06-30 11:29 - 00010102 _____ () C:\Users\Schramm\Documents\Car Rental Receipt (duplicate).eml
2014-03-28 14:12 - 2014-03-28 14:12 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{97874D24-1BB9-457C-BDAA-45F7CC94A94A}
2014-03-28 13:58 - 2014-03-28 13:57 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{4ECCFB87-A04A-44B4-BDB2-80742B793891}
2014-03-28 13:06 - 2009-06-30 14:00 - 01412608 _____ () C:\Windows\offitems.log
2014-03-28 12:48 - 2014-03-28 12:48 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{468BA500-8723-424C-818A-26D87AC18473}
2014-03-28 12:39 - 2014-03-28 12:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{CA942BBF-7999-4408-AB82-CF6D2DE7262C}
2014-03-28 12:17 - 2014-03-28 12:17 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{9A988B25-776A-467D-BB3B-703CC416753F}
2014-03-28 12:03 - 2014-03-28 12:03 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{0EEFE69D-B318-4EEC-A923-EA3B269C6385}
2014-03-28 11:41 - 2014-03-28 11:40 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{581B8458-27E6-4CA5-A17F-A7FB192DE312}
2014-03-28 11:28 - 2014-03-28 11:28 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{AF27D0B6-117C-4E37-86CC-C1FC6DD7B75A}
2014-03-28 08:39 - 2014-03-28 08:39 - 00000000 ____D () C:\Users\Schramm\AppData\Local\{C0BAD30B-58AA-4FA6-A6C1-BACD790BEC60}
2014-03-27 12:14 - 2014-03-27 12:14 - 00011596 _____ () C:\Windows\dd_vcredistUI0450.txt
2014-03-27 12:14 - 2014-03-27 12:14 - 00009762 _____ () C:\Windows\dd_vcredistMSI0450.txt
2014-03-27 11:38 - 2014-03-27 11:38 - 02157056 _____ (Farbar) C:\Users\Schramm\Desktop\FRST64.exe
2014-03-27 10:07 - 2014-03-27 10:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-27 09:56 - 2014-03-27 09:22 - 00000000 ____D () C:\AdwCleaner
2014-03-26 14:17 - 2014-03-26 14:17 - 00011612 _____ () C:\Windows\dd_vcredistUI1424.txt
2014-03-26 14:17 - 2014-03-26 14:17 - 00009778 _____ () C:\Windows\dd_vcredistMSI1424.txt
2014-03-26 14:11 - 2014-03-20 17:33 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-26 13:59 - 2014-03-26 13:59 - 00011612 _____ () C:\Windows\dd_vcredistUI0681.txt
2014-03-26 13:59 - 2014-03-26 13:59 - 00009510 _____ () C:\Windows\dd_vcredistMSI0681.txt
2014-03-26 13:29 - 2014-03-26 13:29 - 00011612 _____ () C:\Windows\dd_vcredistUI6FB9.txt
2014-03-26 13:29 - 2014-03-26 13:29 - 00009778 _____ () C:\Windows\dd_vcredistMSI6FB9.txt
2014-03-25 08:34 - 2014-03-25 08:34 - 00011596 _____ () C:\Windows\dd_vcredistUI3FB7.txt
2014-03-25 08:34 - 2014-03-25 08:34 - 00009758 _____ () C:\Windows\dd_vcredistMSI3FB7.txt
2014-03-25 08:34 - 2014-03-25 08:34 - 00000000 ____D () C:\Windows\System32\Tasks\Norton AntiVirus
2014-03-25 08:29 - 2012-01-05 10:43 - 00003218 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-03-25 08:29 - 2009-06-30 11:21 - 00000000 ____D () C:\Windows\system32\Drivers\NAVx64
2014-03-25 08:28 - 2013-12-13 12:04 - 00002205 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
2014-03-24 13:32 - 2010-01-12 10:11 - 00000000 ____D () C:\Users\Schramm\AppData\Local\CrashDumps
2014-03-24 08:35 - 2014-03-24 08:35 - 00011628 _____ () C:\Windows\dd_vcredistUI729A.txt
2014-03-24 08:35 - 2014-03-24 08:35 - 00009790 _____ () C:\Windows\dd_vcredistMSI729A.txt
2014-03-22 08:29 - 2014-03-22 08:29 - 00011580 _____ () C:\Windows\dd_vcredistUI51A5.txt
2014-03-22 08:29 - 2014-03-22 08:29 - 00009742 _____ () C:\Windows\dd_vcredistMSI51A5.txt
2014-03-21 11:17 - 2014-03-21 11:17 - 00000822 _____ () C:\Users\Schramm\Desktop\SyncToy.exe - Shortcut.lnk
2014-03-21 08:57 - 2014-03-21 08:57 - 00011564 _____ () C:\Windows\dd_vcredistUI18FE.txt
2014-03-21 08:57 - 2014-03-21 08:57 - 00009726 _____ () C:\Windows\dd_vcredistMSI18FE.txt
2014-03-20 17:34 - 2014-03-20 17:34 - 00000000 ____D () C:\Qoobox
2014-03-20 17:33 - 2014-03-20 17:33 - 00000000 ____D () C:\Windows\erdnt
2014-03-20 14:49 - 2012-12-31 15:04 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-03-20 10:48 - 2012-12-31 11:03 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-03-20 08:40 - 2014-03-20 08:39 - 00004430 _____ () C:\Windows\dd_vcredistMSI3D4C.txt
2014-03-20 08:39 - 2014-03-20 08:39 - 00011532 _____ () C:\Windows\dd_vcredistUI3D4C.txt
2014-03-19 08:44 - 2014-03-19 08:44 - 00011564 _____ () C:\Windows\dd_vcredistUI7301.txt
2014-03-19 08:44 - 2014-03-19 08:44 - 00009726 _____ () C:\Windows\dd_vcredistMSI7301.txt
2014-03-18 11:24 - 2014-03-18 10:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 11:21 - 2006-11-02 10:07 - 00000000 ____D () C:\Windows\ShellNew
2014-03-18 08:55 - 2014-03-18 08:55 - 00011564 _____ () C:\Windows\dd_vcredistUI2CEC.txt
2014-03-18 08:55 - 2014-03-18 08:55 - 00002340 _____ () C:\Windows\dd_vcredistMSI2CEC.txt
2014-03-17 09:05 - 2014-03-17 08:42 - 00004478 _____ () C:\Windows\dd_vcredistMSI5499.txt
2014-03-17 08:42 - 2014-03-17 08:42 - 00011628 _____ () C:\Windows\dd_vcredistUI5499.txt
2014-03-15 14:21 - 2011-10-15 12:34 - 00002027 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 09:31 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
2014-03-15 08:45 - 2014-03-15 08:44 - 00004438 _____ () C:\Windows\dd_vcredistMSI3A38.txt
2014-03-15 08:44 - 2014-03-15 08:44 - 00012508 _____ () C:\Windows\dd_vcredistUI3A38.txt
2014-03-14 09:41 - 2013-08-15 09:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-14 09:39 - 2006-11-02 07:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-14 08:35 - 2006-11-02 10:21 - 00397088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 08:34 - 2009-06-30 11:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 08:31 - 2008-12-30 09:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 19:07 - 2013-05-06 19:00 - 00000416 _____ () C:\Windows\SysWOW64\AppLog.log
2014-03-12 11:24 - 2012-04-13 08:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 11:24 - 2012-04-13 08:47 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 11:24 - 2011-05-16 11:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-08 08:37

==================== End Of Log ============================
April 8th, 2014, 04:47 PM
terryZ

i cold booted ... problem still exists.
April 8th, 2014, 05:46 PM
Broni

FRST is just a scan. It doesn't make any changes by itself.

You didn't follow my original instructions.
I need you to re-run FRST one more time and make sure Addition.txt box is checked so you get two logs.
Post only Addition.txt log since I already have the other one.
April 8th, 2014, 10:00 PM
terryZ

oops. sorry. i'll rerun tomorrow with addition checked.
April 8th, 2014, 10:19 PM
Broni

http://discussions.virtualdr.com/
April 9th, 2014, 10:39 AM
terryZ

hi broni. sorry about the missing addition.txt file. here it is:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Schramm at 2014-04-09 09:02:27
Running from C:\Users\Schramm\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version: - Agere Systems)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{881C7991-277C-61CC-8D23-0D01D2EB04F8}) (Version: 3.0.691.0 - ATI Technologies, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data) (Version: - )
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data (HKLM-x32\...\Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon Pro9000 II series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000_II_series) (Version: - )
Canon Pro9000 Mark II series User Registration (HKLM-x32\...\Canon Pro9000 Mark II series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Easy-PhotoPrint Pro (HKLM-x32\...\Easy-PhotoPrint Pro) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Catalyst Control Center - Branding (HKLM-x32\...\{3594EE90-B157-4519-9E82-8B6F4711A0A1}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.0917.337.4556 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Danish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Dutch (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Finnish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Norwegian (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Swedish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
CCC Help Danish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Dutch (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help English (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Finnish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help French (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help German (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Italian (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Japanese (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Spanish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Swedish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
ccc-utility64 (Version: 2008.0917.337.4556 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2115 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.52 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
Lexmark Software Uninstall (HKLM\...\Lexmark_HostCD) (Version: - Lexmark International, Inc.)
Lizard Safeguard - PDF Viewer 2.5.103 (HKLM-x32\...\Lizard Safeguard - PDF Viewer_is1) (Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCELR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Money Shared Libraries (x32 Version: 16.0.0.705 - Microsoft Corporation) Hidden
Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - )
Microsoft Office Excel 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.3 (HKLM-x32\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x64) (HKLM\...\{53D7A054-4598-4947-A159-E8FCC77720AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x64) (HKLM\...\{32508A23-C9EA-4D29-83CA-97A42A13701E}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft UI Engine (x32 Version: 6.3.2348.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.2.0.38 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.0.43 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PE585QAEncoder-64 (HKLM\...\{D8B2C435-8737-431E-8784-24CD13B0B821}) (Version: 6.00.1918 - YUAN)
PG583_64_inf (HKLM\...\{F7BBC6A1-A3C9-4745-BFFF-6BAA485D89C3}) (Version: 6.01.0042 - YUAN)
PrintDeskTop (HKLM-x32\...\PrintDeskTop_is1) (Version: - PrintDeskTop)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.62 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Smart Copy 3.1.1.1 (HKLM-x32\...\Smart Copy) (Version: 3.1.1.1 - I/O Interconnect)
SmartWebPrinting (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncToy 2.0 (x64) (HKLM\...\{B25BFFC9-FF51-44F2-9E46-4D93849C836F}) (Version: 2.0.100.0 - Microsoft)
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.EXCELR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.EXCELR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - 歶耀)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.EXCELR_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.EXCELR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.EXCELR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
W Photo Studio (HKLM-x32\...\{CBF3C503-946E-45EA-B347-EACC41781989}) (Version: 1.0.0.143 - Walgreens)
Windows Driver Package - Conexant (cxpl_mhd) Media (03/31/2008 6.0.64.0039) (HKLM\...\4B57BFFD4AFB1EA7EA424B75325A3F5811C361B0) (Version: 03/31/2008 6.0.64.0039 - Conexant)
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.64.42) (HKLM\...\C5AA3B5CB0B86D325AD6960FFC90ABB1076B8FA7) (Version: 12/14/2007 6.1.64.42 - YUAN High-Tech Development Co. Ltd.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )

==================== Restore Points =========================

18-03-2014 14:00:32 Installed Windows Live Mail
18-03-2014 14:12:32 Installed Windows Live Mail
18-03-2014 14:34:28 Installed Windows Live Mail
18-03-2014 15:17:16 before malwarebyte's anti-rootkit
18-03-2014 16:07:10 Installed Windows Live Mail
18-03-2014 16:19:36 Malwarebytes Anti-Rootkit Restore Point
18-03-2014 17:27:37 Installed Windows Live Mail
18-03-2014 18:37:33 Installed Windows Live Mail
18-03-2014 22:12:45 Installed Windows Live Mail
18-03-2014 22:31:25 Installed Windows Live Mail
19-03-2014 13:40:08 Installed Windows Live Mail
19-03-2014 13:43:31 Windows Update
19-03-2014 13:58:13 Installed Windows Live Mail
19-03-2014 14:26:55 Installed Windows Live Mail
19-03-2014 16:13:39 Installed Windows Live Mail
19-03-2014 17:14:19 Installed Windows Live Mail
19-03-2014 18:37:31 Installed Windows Live Mail
19-03-2014 18:41:08 Installed Windows Live Mail
19-03-2014 20:43:56 Installed Windows Live Mail
19-03-2014 21:57:10 Installed Windows Live Mail
19-03-2014 22:00:24 Installed Windows Live Mail
20-03-2014 13:39:13 Windows Update
20-03-2014 13:39:28 Installed Windows Live Mail
20-03-2014 13:40:45 Installed Windows Live Mail
21-03-2014 13:55:14 Windows Update
22-03-2014 13:28:08 Windows Update
24-03-2014 13:33:36 Windows Update
25-03-2014 13:32:26 Windows Update
26-03-2014 18:27:40 Windows Update
26-03-2014 18:58:36 Windows Update
26-03-2014 19:16:26 Windows Update
27-03-2014 17:12:25 Windows Update
28-03-2014 19:50:52 Windows Update
01-04-2014 13:47:18 Windows Update
02-04-2014 13:24:32 Windows Update
02-04-2014 22:29:45 Windows Update
03-04-2014 08:00:11 Windows Update
03-04-2014 18:06:55 Windows Update
04-04-2014 13:28:23 Windows Update
05-04-2014 13:31:29 Windows Update
07-04-2014 13:27:08 Windows Update
08-04-2014 06:12:33 Scheduled Checkpoint
08-04-2014 08:00:10 Windows Update
08-04-2014 13:28:56 Windows Update
08-04-2014 20:34:19 Windows Update

==================== Hosts content: ==========================

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AB00FF1-2932-48FA-9E8E-F77D2E3E7C41} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\WSCStub.exe [2014-03-11] (Symantec Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {22D219CE-4EF5-4B92-89C4-7DC2C27691B9} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {6E997ECD-BB11-412C-9C9E-C48109C371FA} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {734C9181-32A7-43DA-B218-E631470CBEE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28] (Google Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8A7FF7DB-D8D4-4AB3-ACB1-E8EF96609FD3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {917F24AE-D1A3-4D1A-AE43-CEE1C4F37B49} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A8AEC3FE-B4DB-4EF6-97BB-41370F84B47E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CE0BBF82-DEB8-40E0-8F22-B4188E0BF66F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-28] (Google Inc.)
Task: {D577D3BE-6FCC-49A7-8541-AA854861B46A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {DB15B6E1-D186-4ED6-96FC-538A49680894} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DB9D1262-C96F-4EC6-8F7C-65395C3BBA0B} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Schramm => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-13 09:30 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2009-02-13 02:49 - 2008-09-16 15:16 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2009-02-13 06:53 - 2008-06-11 14:18 - 00024576 _____ () C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
2009-02-13 06:53 - 2009-02-13 06:53 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-02-13 06:53 - 2009-02-13 06:53 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-02-13 06:53 - 2009-02-13 06:53 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2009-02-13 06:53 - 2009-02-13 06:53 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2009-02-13 06:53 - 2009-02-13 06:53 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-02-13 06:53 - 2009-02-13 06:53 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
1996-11-17 00:00 - 1996-11-17 00:00 - 00051984 _____ () C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
2008-12-30 09:04 - 2008-05-30 13:50 - 00581120 _____ () C:\Windows\MHotkey.exe
2011-02-01 16:43 - 2008-10-09 09:07 - 00107912 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2009-02-13 06:44 - 2009-02-13 06:44 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2007-12-06 18:59 - 2007-12-06 18:59 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-08-23 13:45 - 2010-08-03 02:55 - 00417792 _____ () C:\Program Files\Lexmark\ErrorApp\Parser.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Schramm\AppData\Roaming\Dropbox\bin\libcef.dll
1996-11-17 00:00 - 1996-11-17 00:00 - 03774224 _____ () C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Schramm\Documents\Auction purchases - Invoice NYCO.eml:OECustomProperty
AlternateDataStreams: C:\Users\Schramm\Documents\Car Rental Receipt (duplicate).eml:OECustomProperty
AlternateDataStreams: C:\Users\Schramm\Documents\Exhibiting at Theatre Fest - PLEASE READ.eml:OECustomProperty
AlternateDataStreams: C:\Users\Schramm\Documents\Masters Treasures Vintage Formalwear & Accessories.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2014 08:55:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 03:37:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 03:34:15 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (04/08/2014 03:17:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 03:09:25 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (04/08/2014 08:32:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 08:25:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 05:27:39 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (04/05/2014 08:27:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 08:26:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/09/2014 08:55:31 AM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (04/09/2014 08:54:27 AM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Lexmark C540 XL with shared resource name Bob's Color Laser Lexmark C540 XL. Error 2114. The printer cannot be used by others on the network.

Error: (04/08/2014 03:37:55 PM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (04/08/2014 03:36:52 PM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Lexmark C540 XL with shared resource name Bob's Color Laser Lexmark C540 XL. Error 2114. The printer cannot be used by others on the network.

Error: (04/08/2014 03:34:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243){729A0DCB-DF9E-4D02-B603-ED1AEE074428}104

Error: (04/08/2014 03:34:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Microsoft .NET Framework 3.5 Family Update (KB959209) x64{FB807B18-43D2-4C63-8865-DEE9E3367800}100

Error: (04/08/2014 03:17:07 PM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (04/08/2014 01:23:52 PM) (Source: DCOM) (User: BobS)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}BobSSchrammS-1-5-21-2992264124-1819922224-2624420910-1000LocalHost (Using LRPC)

Error: (04/08/2014 08:32:49 AM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (04/08/2014 08:31:25 AM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Lexmark C540 XL with shared resource name Bob's Color Laser Lexmark C540 XL. Error 2114. The printer cannot be used by others on the network.

Microsoft Office Sessions:
=========================
Error: (04/09/2014 08:55:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 03:37:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 03:34:15 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (04/08/2014 03:17:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2014 03:09:25 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (04/08/2014 08:32:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 08:25:04 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 05:27:39 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (04/05/2014 08:27:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 08:26:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2014-04-09 09:02:19.722
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-09 09:02:19.550
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-09 09:02:19.394
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-09 09:02:19.238
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-09 09:02:19.067
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-09 09:02:18.911
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-09 09:02:18.724
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-09 09:02:18.552
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-08 15:17:58.079
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-08 15:17:57.907
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 4093.27 MB
Available physical RAM: 2213.4 MB
Total Pagefile: 8381.8 MB
Available Pagefile: 6241.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.52 GB) (Free:450.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: B14BFCDD)

Partition: GPT Partition Type.

==================== End Of Log ============================
April 10th, 2014, 03:42 PM
terryZ

hi broni,

i couldn't help notice that two lines in the above txt file ...

MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden

... are what is quoted (Market Research and Tray/App) in the pop-ups he gets at start up.

What does "hidden" mean in those lines? Hidden from the add programs window?
April 10th, 2014, 06:26 PM
Broni

1 Attachment(s)

We can give it a shot.
I'll give you a fix which will make TrayApp and MarketResearch visible in "Programs & Features" so you can uninstall them.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

See if you can uninstall both.
April 11th, 2014, 05:10 PM
terryZ

here is the fixlog, broni:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Schramm at 2014-04-11 15:44:43 Run:2
Running from C:\Users\Schramm\Desktop\04-10-14
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SYMDNS; \??\C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMDNS.SYS [X]
S3 SYMFW; \SystemRoot\System32\Drivers\NAVx64\1008000.026\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\NAVx64\1008000.026\SYMNDISV.SYS [X]
S3 SYMREDRV; \??\C:\Windows\system32\drivers\NAVx64\1000000.07D\SYMREDRV.SYS [X]
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
*****************

IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
SYMDNS => Service deleted successfully.
SYMFW => Service deleted successfully.
SYMNDISV => Service deleted successfully.
SYMREDRV => Service deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A329FB6-389D-4396-A974-29656D6864AE}\\SystemComponent => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D304678-738E-42a0-931A-2B022F49DEB8}\\SystemComponent => Value deleted successfully.

==== End of Fixlog ====

Show 40 post(s) from this thread on one page