djayem

Members
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

About djayem

  • Rank
    Newbie
  1. Hi Again - so the good news is, my PC appears to have stopped crashing - no more unexpected reboots. I guess I'm ready for the instructions for uninstalling FRST and AdwCleaner! (I'm assuming from your comment that they must have some special method for uninstall?) Thanks again! Dorothy
  2. Hi Cecilia, Sorry for the delay responding - I've been away. To answer your questions: 1. I purchased Ad-Aware from Lavasoft.com 2. I rarely use these so I'll uninstall 3. I followed the instructions and below is the contents of the requested log file. 4. The ads have disappeared, thank you! Now the only problem I have is that my PC has suddenly started rebooting every so often (about 30-60 minutes apart) It blue screens and then reboots. Haven't had this issue before. I'm thinking it might be because I completed the first steps of your previous reply but didn't get the "Fix" part done until this morning (Hopefully that's all it is). FRST FixLog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 Ran by Dorothy at 2015-05-06 09:45:41 Run:1 Running from C:\Users\Dorothy\Desktop Loaded Profiles: Dorothy (Available profiles: Dorothy) Boot Mode: Normal ============================================== Content of fixlist: ***************** CreateRestorePoint: CloseProcesses: HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AdobeBridge] => [X] SearchScopes: HKLM -> {134839E3-4408-4006-9B48-AA528D1EABF6} URL = SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428153861 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428153861 BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File Toolbar: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File CHR HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21] CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21] 2015-04-08 09:24 - 2015-04-08 09:24 - 00003638 _____ () C:\Windows\System32\Tasks\Anti Virus Updater Schedualer 2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Anti Virus Updater 2015-04-23 17:10 - 2015-03-17 09:22 - 00000000 ____D () C:\Program Files (x86)\IT Viewer 2015-04-23 12:18 - 2015-03-17 09:22 - 00003266 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File Task: {3FBE4538-0868-4FBA-AF73-6BBA96AF945D} - System32\Tasks\Anti Virus Updater Schedualer => C:\Program Files (x86)\Anti Virus Updater\Anti VirusUpdater.exe [2015-04-08] (Secure Updater) Task: {7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B} - System32\Tasks\IT Viewer Schedualer => C:\Program Files (x86)\IT Viewer\astask.exe Task: {95B2E5D3-CACA-480E-B873-97273738E9E6} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\Microsoft:9e5DkIG22H43bOvawKEyABE6Sdt AlternateDataStreams: C:\ProgramData\Microsoft:j1v4uj4DYBR29ESodEPAsF AlternateDataStreams: C:\ProgramData\Temp:A907E812 AlternateDataStreams: C:\Users\Dorothy\Local Settings:8ArrrLwqF1aHgcG4KRe AlternateDataStreams: C:\Users\Dorothy\Local Settings:eahIT9zHNBFIX68yejqM6kRQ AlternateDataStreams: C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe:BDU AlternateDataStreams: C:\Users\Dorothy\AppData\Local:8ArrrLwqF1aHgcG4KRe AlternateDataStreams: C:\Users\Dorothy\AppData\Local:eahIT9zHNBFIX68yejqM6kRQ AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:8ArrrLwqF1aHgcG4KRe AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:eahIT9zHNBFIX68yejqM6kRQ C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{134839E3-4408-4006-9B48-AA528D1EABF6}" => Key deleted successfully. HKCR\CLSID\{134839E3-4408-4006-9B48-AA528D1EABF6} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => Key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}" => Key deleted successfully. HKCR\CLSID\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully. HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. "HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Google\Chrome\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd" => Key deleted successfully. C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd" => Key deleted successfully. "C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx" => File/Directory not found. C:\Windows\System32\Tasks\Anti Virus Updater Schedualer => Moved successfully. C:\Program Files (x86)\Anti Virus Updater => Moved successfully. C:\Program Files (x86)\IT Viewer => Moved successfully. C:\Windows\System32\Tasks\IT Viewer Schedualer => Moved successfully. "HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully. "HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully. "HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully. "HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully. "HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FBE4538-0868-4FBA-AF73-6BBA96AF945D}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FBE4538-0868-4FBA-AF73-6BBA96AF945D}" => Key deleted successfully. C:\Windows\System32\Tasks\Anti Virus Updater Schedualer not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Anti Virus Updater Schedualer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B}" => Key deleted successfully. C:\Windows\System32\Tasks\IT Viewer Schedualer not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IT Viewer Schedualer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95B2E5D3-CACA-480E-B873-97273738E9E6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B2E5D3-CACA-480E-B873-97273738E9E6}" => Key deleted successfully. C:\Windows\System32\Tasks\Great Performance Ultimate => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Great Performance Ultimate" => Key deleted successfully. C:\ProgramData\Microsoft => ":9e5DkIG22H43bOvawKEyABE6Sdt" ADS removed successfully. C:\ProgramData\Microsoft => ":j1v4uj4DYBR29ESodEPAsF" ADS removed successfully. C:\ProgramData\Temp => ":A907E812" ADS removed successfully. "C:\Users\Dorothy\Local Settings" => ":8ArrrLwqF1aHgcG4KRe" ADS not found. "C:\Users\Dorothy\Local Settings" => ":eahIT9zHNBFIX68yejqM6kRQ" ADS not found. C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe => ":BDU" ADS removed successfully. C:\Users\Dorothy\AppData\Local => ":8ArrrLwqF1aHgcG4KRe" ADS removed successfully. C:\Users\Dorothy\AppData\Local => ":eahIT9zHNBFIX68yejqM6kRQ" ADS removed successfully. "C:\Users\Dorothy\AppData\Local\Application Data" => ":8ArrrLwqF1aHgcG4KRe" ADS not found. "C:\Users\Dorothy\AppData\Local\Application Data" => ":eahIT9zHNBFIX68yejqM6kRQ" ADS not found. "C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx" => File/Directory not found. EmptyTemp: => Removed 7.8 GB temporary data. The system needed a reboot. ==== End of Fixlog 09:49:32 ====
  3. Ok, so I ran into some issues. FIrst when I ran AdwCleaner, it found the same list of items, so I clicked clean. It went all the way to finish but then froze. I left it for about 10 minute then gave up and shut it down and rebooted. I ran it again after the reboot. It only showed 2 items in the registry tab. I clicked clean again, and this time it finished and rebooted the PC. Here's the log: # AdwCleaner v4.202 - Logfile created 24/04/2015 at 10:58:51 # Updated 23/04/2015 by Xplode # Database : 2015-04-23.2 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Dorothy - DOROTHY-HP # Running from : C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [20422 bytes] - [24/04/2015 09:14:56] AdwCleaner[R1].txt - [20482 bytes] - [24/04/2015 10:47:08] AdwCleaner[R2].txt - [1087 bytes] - [24/04/2015 10:57:21] AdwCleaner[s0].txt - [7801 bytes] - [24/04/2015 10:49:07] AdwCleaner[s1].txt - [1017 bytes] - [24/04/2015 10:58:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1076 bytes] ########## I then ran FRST - here are the two logs: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01 Ran by Dorothy (administrator) on DOROTHY-HP on 24-04-2015 11:03:49 Running from C:\Users\Dorothy\Desktop Loaded Profiles: Dorothy (Available profiles: Dorothy) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Akamai Technologies, Inc.) C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe () C:\Program Files\PreSonus\AudioBox\AudioBox.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (Akamai Technologies, Inc.) C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe () C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] () HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Google Update] => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-16] (Google Inc.) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-11] () HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7591424 2012-10-09] () HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [707416 2015-03-10] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [NetMon] => C:\Users\Dorothy\AppData\Roaming\NetMon\netmon.exe HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\MountPoints2: {b02ce3b0-5a36-11e2-9537-9cb70d9c1aa2} - J:\MotoCastSetup.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-04-09] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to mimobyte.exe.lnk [2013-06-21] ShortcutTarget: Shortcut to mimobyte.exe.lnk -> C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe () Startup: C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-07-18] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> {134839E3-4408-4006-9B48-AA528D1EABF6} URL = SearchScopes: HKLM -> {A640573D-48E5-4AAB-A0E1-24B62217E276} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861 SearchScopes: HKLM-x32 -> {A640573D-48E5-4AAB-A0E1-24B62217E276} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861 SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {8FA5D783-B1F8-4F89-AAC3-E75B93E3F2D3} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {A640573D-48E5-4AAB-A0E1-24B62217E276} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{F3131339-8F2A-4098-8C4E-FCC9585322CC}: [NameServer] 208.67.222.222 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] () FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media ) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-11] (Pando Networks) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\37\NP_wtapp.dll [2014-11-21] () FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems) FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-11] (Pando Networks) FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-17] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-05-28] Chrome: ======= CHR HomePage: Default -> https://www.google.ca/ CHR StartupUrls: Default -> "hxxp://www.google.ca/" CHR Profile: C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Duolingo on the Web) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-01-25] CHR Extension: (Gojee Food) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2014-01-25] CHR Extension: (YouTube) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-16] CHR Extension: (Google Search) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16] CHR Extension: (Candy Matcher Deluxe) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2014-01-25] CHR Extension: (Hola Better Internet) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-15] CHR Extension: (Scott Draves) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldociafpimkkkdneicfdkdbgcllhdhj [2014-01-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Numerics Calculator & Converter) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-01-25] CHR Extension: (Floor plans and interior design) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-01-25] CHR Extension: (Do It (Tomorrow)) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2014-01-25] CHR Extension: (Google Wallet) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-16] CHR HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03] CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21] StartMenuInternet: Google Chrome - C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-02] (WildTangent) S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [699912 2015-03-10] (Garmin Ltd. or its subsidiaries) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] () R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited) R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender) R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC) S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio_x64.sys [250728 2012-10-09] () S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp_x64.sys [69992 2012-10-09] () S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks_x64.sys [51560 2012-10-09] () S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-24 11:03 - 2015-04-24 11:05 - 00030669 _____ () C:\Users\Dorothy\Desktop\FRST.txt 2015-04-24 11:01 - 2015-04-24 11:01 - 00001156 _____ () C:\Users\Dorothy\Desktop\AdwCleaner[s1].txt 2015-04-24 09:14 - 2015-04-24 10:58 - 00000000 ____D () C:\AdwCleaner 2015-04-24 08:56 - 2015-04-24 08:56 - 02224640 _____ () C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe 2015-04-23 13:30 - 2015-04-24 11:03 - 00000000 ____D () C:\FRST 2015-04-23 13:27 - 2015-04-23 13:27 - 02099712 _____ (Farbar) C:\Users\Dorothy\Desktop\FRST64.exe 2015-04-23 13:22 - 2015-04-23 13:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2015-04-23 12:42 - 2015-04-23 12:42 - 00000000 ____D () C:\ProgramData\BitDefender 2015-04-23 12:41 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll 2015-04-23 12:41 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll 2015-04-20 08:18 - 2015-04-20 08:18 - 00000000 ____D () C:\Program Files\Western Digital 2015-04-20 08:18 - 2015-04-20 08:18 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2015-04-20 03:49 - 2015-04-20 03:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Webshots Data 2015-04-20 03:18 - 2015-04-20 03:18 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-04-20 03:18 - 2015-04-20 03:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-19 17:30 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-19 17:30 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-19 17:30 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-19 17:30 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-19 17:30 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-19 17:30 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-19 17:30 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-19 17:30 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-19 17:30 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-19 17:30 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-19 17:30 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-19 17:30 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-19 17:30 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-19 17:30 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-19 17:30 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-19 17:30 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-19 17:30 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-19 17:30 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-04-19 17:30 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-19 17:30 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-19 17:30 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-19 17:30 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-19 17:30 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-04-19 17:30 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-19 17:30 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-19 17:30 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-19 17:30 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-19 17:30 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-19 17:30 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-04-19 17:30 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-19 17:30 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-19 17:30 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-19 17:30 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-19 17:30 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-19 17:30 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-19 17:30 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-19 17:30 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-19 17:30 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-19 17:30 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-19 17:30 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-19 17:30 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-19 17:30 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-19 17:30 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-19 17:30 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-19 17:30 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-19 17:30 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-19 17:30 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-19 17:30 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-19 17:30 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-19 17:30 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-19 17:30 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-19 17:30 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-19 17:30 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-19 17:30 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-19 17:30 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-19 17:30 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-19 17:30 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-19 17:30 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-19 17:30 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-19 17:30 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-19 17:30 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-19 17:30 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-04-19 17:30 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-19 17:30 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-19 17:30 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-19 17:30 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-19 17:30 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-19 17:30 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-19 17:30 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-19 17:30 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-19 17:30 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-04-19 17:30 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-19 17:30 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-19 17:30 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-04-19 17:30 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-19 17:30 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-19 17:30 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-19 17:30 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-19 17:30 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-19 17:30 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-19 17:30 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-19 17:30 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-04-19 17:30 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-19 17:30 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-19 17:30 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-19 17:30 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-19 17:30 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-19 17:30 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-19 17:30 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-19 17:30 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-19 17:30 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-19 17:30 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-19 17:30 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-19 17:30 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-19 17:30 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-19 17:30 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-19 17:30 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-19 17:30 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-04-19 17:30 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-04-19 17:30 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-19 17:30 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-04-19 17:30 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-19 17:29 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-19 17:29 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-19 17:29 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-19 11:59 - 2015-04-19 11:59 - 00000000 ____D () C:\Users\Dorothy\Documents\Bluetooth Exchange Folder 2015-04-08 09:24 - 2015-04-08 09:24 - 00003638 _____ () C:\Windows\System32\Tasks\Anti Virus Updater Schedualer 2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Anti Virus Updater 2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX 2015-03-26 11:22 - 2015-03-26 11:22 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\{6B85176D-2AF4-4432-BFAD-A1B324BEE743} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-24 11:05 - 2013-01-11 16:29 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\PMB Files 2015-04-24 11:03 - 2012-07-09 20:44 - 00000000 ____D () C:\Users\Dorothy\Documents\Outlook Files 2015-04-24 11:01 - 2015-03-23 14:03 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat 2015-04-24 11:00 - 2013-05-14 16:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-24 11:00 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-24 11:00 - 2009-07-14 00:51 - 00092372 _____ () C:\Windows\setupact.log 2015-04-24 10:59 - 2012-07-09 14:14 - 01815176 _____ () C:\Windows\WindowsUpdate.log 2015-04-24 10:59 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-24 10:59 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-24 10:51 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-24 10:45 - 2012-10-29 20:09 - 00000000 ____D () C:\Windows\Minidump 2015-04-24 10:45 - 2012-04-09 17:11 - 00289941 ____N () C:\Windows\Minidump\042415-23571-01.dmp 2015-04-24 10:45 - 2009-07-14 01:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-04-24 10:26 - 2012-08-20 19:36 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job 2015-04-24 10:20 - 2013-05-14 16:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-24 10:19 - 2012-07-16 09:47 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA.job 2015-04-24 10:11 - 2012-09-22 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-24 08:58 - 2012-07-23 19:44 - 00000000 ____D () C:\Program Files (x86)\Java 2015-04-24 08:22 - 2012-04-09 17:11 - 00288789 ____N () C:\Windows\Minidump\042415-38282-01.dmp 2015-04-24 06:48 - 2012-04-09 17:11 - 00290773 ____N () C:\Windows\Minidump\042415-23322-01.dmp 2015-04-24 02:00 - 2014-07-13 21:29 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\Adobe 2015-04-24 00:10 - 2012-07-09 14:21 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A08C57D-C34B-40CB-995F-A062CE32B1FD} 2015-04-23 22:19 - 2012-07-16 09:47 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core.job 2015-04-23 18:29 - 2014-01-27 13:41 - 00000000 ____D () C:\Program Files (x86)\SpiteNET9 2015-04-23 18:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-23 17:10 - 2015-03-17 09:22 - 00000000 ____D () C:\Program Files (x86)\IT Viewer 2015-04-23 15:02 - 2013-12-11 12:33 - 00000014 _____ () C:\Windows\popcinfo.dat 2015-04-23 12:30 - 2014-02-11 16:58 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDorothy.job 2015-04-23 12:29 - 2010-11-20 23:47 - 01069078 _____ () C:\Windows\PFRO.log 2015-04-23 12:28 - 2012-07-10 16:49 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Hoyle Puzzle and Board Games 2015-04-23 12:24 - 2012-07-11 12:36 - 00001945 _____ () C:\Windows\epplauncher.mif 2015-04-23 12:18 - 2015-03-17 09:22 - 00003266 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer 2015-04-23 09:24 - 2012-07-09 18:40 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\CrashDumps 2015-04-23 09:22 - 2015-03-18 09:22 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll 2015-04-22 17:05 - 2012-07-09 19:25 - 00000000 ____D () C:\Users\Dorothy\Documents\Financial 2015-04-21 15:50 - 2014-02-11 16:58 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDorothy 2015-04-21 15:49 - 2012-07-10 15:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-04-21 13:11 - 2012-07-09 19:22 - 00000000 ____D () C:\Users\Dorothy\Documents\Employment 2015-04-20 11:23 - 2012-07-09 20:44 - 00000000 ____D () C:\Users\Dorothy\Documents\OMHS 2015-04-20 08:19 - 2015-03-23 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2015-04-20 08:19 - 2015-03-23 14:02 - 00023512 _____ () C:\Windows\DPINST.LOG 2015-04-20 08:18 - 2015-03-23 14:01 - 00000000 ____D () C:\ProgramData\Western Digital 2015-04-20 08:18 - 2015-03-23 14:01 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2015-04-20 08:16 - 2013-09-24 16:34 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-20 08:13 - 2012-09-22 11:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-20 08:13 - 2012-09-22 11:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-20 08:13 - 2012-04-09 16:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-20 04:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2015-04-20 03:49 - 2014-12-10 04:30 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-20 03:49 - 2014-05-16 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-20 03:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-04-20 03:33 - 2012-07-09 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-20 03:27 - 2011-02-11 13:15 - 00770488 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-20 03:18 - 2012-04-09 16:26 - 00000000 ____D () C:\ProgramData\Skype 2015-04-20 03:17 - 2013-07-23 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-20 03:07 - 2012-12-13 12:52 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-20 03:07 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini 2015-04-19 18:02 - 2015-01-14 14:18 - 00000000 ____D () C:\Users\Dorothy\Documents\My Kindle Content 2015-04-19 16:37 - 2012-11-13 13:20 - 00000000 ___RD () C:\Users\Dorothy\Dropbox 2015-04-19 16:37 - 2012-11-13 13:18 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Dropbox 2015-04-11 13:39 - 2012-07-09 20:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Recipes 2015-04-10 23:07 - 2012-11-13 13:18 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-09 11:08 - 2014-11-26 11:42 - 00000000 ____D () C:\Users\Dorothy\Documents\Shopping 2015-04-08 09:18 - 2012-07-23 19:45 - 00000000 ____D () C:\Users\Dorothy\.frostwire5 2015-04-02 20:17 - 2012-12-20 11:34 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\vlc 2015-04-02 16:15 - 2012-04-09 16:28 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2015-03-29 13:18 - 2012-07-09 19:32 - 00000000 ____D () C:\Users\Dorothy\Documents\My eBooks 2015-03-28 18:01 - 2012-08-20 14:25 - 00000000 ____D () C:\ProgramData\Recovery 2015-03-26 13:01 - 2015-01-14 14:17 - 00000000 ____D () C:\Program Files (x86)\Amazon ==================== Files in the root of some directories ======= 2014-10-16 18:54 - 2014-10-16 18:54 - 0000132 _____ () C:\Users\Dorothy\AppData\Roaming\Adobe IllExport Filter CS6 Prefs 2014-12-08 17:45 - 2015-02-13 22:02 - 0000132 _____ () C:\Users\Dorothy\AppData\Roaming\Adobe PNG Format CS6 Prefs 2015-03-17 09:22 - 2015-03-17 09:22 - 0000000 _____ () C:\Users\Dorothy\AppData\Roaming\C281.tmp 2015-03-29 09:24 - 2015-03-29 09:24 - 0009662 _____ () C:\Users\Dorothy\AppData\Roaming\em_64x64.ico 2014-10-16 18:55 - 2014-10-16 18:57 - 0001456 _____ () C:\Users\Dorothy\AppData\Local\Adobe Save for Web 13.0 Prefs 2013-12-03 15:04 - 2013-12-03 15:04 - 0003584 _____ () C:\Users\Dorothy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-03 12:02 - 2014-05-17 20:31 - 0007595 _____ () C:\Users\Dorothy\AppData\Local\Resmon.ResmonCfg 2012-08-17 13:22 - 2012-08-17 13:22 - 0000057 _____ () C:\ProgramData\Ament.ini Some content of TEMP: ==================== C:\Users\Dorothy\AppData\Local\Temp\a8cb9012-c9e9-4a57-9f84-9531a4efcbf1.exe C:\Users\Dorothy\AppData\Local\Temp\BackupSetup.exe C:\Users\Dorothy\AppData\Local\Temp\BF96.tmp.exe C:\Users\Dorothy\AppData\Local\Temp\conduitchecker.exe C:\Users\Dorothy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc4_jfq.dll C:\Users\Dorothy\AppData\Local\Temp\GetCC.dll C:\Users\Dorothy\AppData\Local\Temp\GPUpd55097C840.exe C:\Users\Dorothy\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Dorothy\AppData\Local\Temp\htchome_installer.exe C:\Users\Dorothy\AppData\Local\Temp\incredibar_installer.exe C:\Users\Dorothy\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Dorothy\AppData\Local\Temp\mconduitinstaller.exe C:\Users\Dorothy\AppData\Local\Temp\MotoCast_Installer_2.0031.exe C:\Users\Dorothy\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\Dorothy\AppData\Local\Temp\MyBabylonTB.exe C:\Users\Dorothy\AppData\Local\Temp\ose00000.exe C:\Users\Dorothy\AppData\Local\Temp\ose00001.exe C:\Users\Dorothy\AppData\Local\Temp\Quarantine.exe C:\Users\Dorothy\AppData\Local\Temp\Resource.exe C:\Users\Dorothy\AppData\Local\Temp\SendMsg.dll C:\Users\Dorothy\AppData\Local\Temp\sp58915.exe C:\Users\Dorothy\AppData\Local\Temp\sp64126.exe C:\Users\Dorothy\AppData\Local\Temp\SpOrder.dll C:\Users\Dorothy\AppData\Local\Temp\SPSetup.exe C:\Users\Dorothy\AppData\Local\Temp\SPStub.exe C:\Users\Dorothy\AppData\Local\Temp\sqlite3.dll C:\Users\Dorothy\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Dorothy\AppData\Local\Temp\tasks.dll C:\Users\Dorothy\AppData\Local\Temp\tbVisu.dll C:\Users\Dorothy\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Dorothy\AppData\Local\Temp\vbmz2.exe C:\Users\Dorothy\AppData\Local\Temp\Vid-Saver-rs.exe C:\Users\Dorothy\AppData\Local\Temp\VisualBeeSilent.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-24 00:56 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015 01 Ran by Dorothy at 2015-04-24 11:05:58 Running from C:\Users\Dorothy\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Abyss: The Wraiths of Eden Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft) Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe OnLocation Cs5.5 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe) Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe Visual Communicator 3 (HKLM-x32\...\InstallShield_{A5335A43-C886-4447-9885-013E62796E7C}) (Version: 3.0.3129.0 - Adobe Systems Incorporated) After Effects CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Amazing Pyramids (x32 Version: 2.2.0.110 - WildTangent) Hidden Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.) Amulet of Time: Shadow of La Rochelle (x32 Version: 3.0.2.32 - WildTangent) Hidden Angelica Weaver: Catch Me When You Can Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atlantis Adventure 1.0 (HKLM-x32\...\Atlantis_Adventure_1.0) (Version: - ) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AudioBox version 1.21 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.21 - PreSonus) Audition CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden Between the Worlds 2: The Pyramid (x32 Version: 2.2.0.110 - WildTangent) Hidden Big Kahuna Reef 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation) Black Rainbow (x32 Version: 3.0.2.59 - WildTangent) Hidden Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.) Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Call of Atlantis: Treasures of Poseidon Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Call of the Ages (x32 Version: 3.0.2.51 - WildTangent) Hidden Castle: Never Judge a Book by Its Cover (x32 Version: 3.0.2.51 - WildTangent) Hidden Celtx (2.9.1) (HKLM-x32\...\Celtx (2.9.1)) (Version: 2.9.1 (en-US) - Greyfirst) Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) Dynomite (x32 Version: 2.2.0.95 - WildTangent) Hidden Elevated Installer (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden Eternal Journey: New Atlantis (x32 Version: 3.0.2.32 - WildTangent) Hidden Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.) Fall of the New Age Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden FitDay PC version 1.0 (HKLM-x32\...\FitDay_is1) (Version: 1.0 - Cyser Software, Inc.) FrostWire 5.7.7 (HKLM-x32\...\FrostWire 5) (Version: 5.7.7.2 - FrostWire LLC) Garmin Communicator Plugin (HKLM-x32\...\{E883466C-77EC-44AC-8EC8-417A4A16AB3F}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{D2DB454C-645C-448A-A0B9-B6F6C1D75BA8}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{ec94ae3d-c856-4a54-b596-a5c2c36a0208}) (Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin VoiceStudio v2.40 (HKLM-x32\...\{15DF4EE8-DE41-453A-800A-5814A5CDF003}) (Version: 2.40.0.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hexus (x32 Version: 2.2.0.98 - WildTangent) Hidden Hidden Path of Faery (x32 Version: 3.0.2.32 - WildTangent) Hidden Hoyle Classic Board Game Collection 1 (x32 Version: 3.0.2.51 - WildTangent) Hidden Hoyle Classic Board Game Collection 2 (x32 Version: 3.0.2.32 - WildTangent) Hidden Hoyle Classic Board Game Collection 3 (x32 Version: 3.0.2.118 - WildTangent) Hidden Hoyle Classic Board Game Collection 4 (x32 Version: 3.0.2.118 - WildTangent) Hidden Hoyle Puzzle and Board Games 2011 (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent) HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard) HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.8812 - HP Photo Creations) HP Photosmart 7510 series Basic Device Software (HKLM\...\{0446B95B-C0FD-4DE9-BD8E-76015D05E4F3}) (Version: 25.0.617.0 - Hewlett-Packard Co.) HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart 7510 series Product Improvement Study (HKLM\...\{D9F55AA1-FD3E-47FF-A385-72ED53666D3F}) (Version: 25.0.617.0 - Hewlett-Packard Co.) HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard) Illustrator CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.) Jacquie Lawson Christmas Market (HKLM-x32\...\com.jacquielawson.marketadventcalendar2014) (Version: 1.0.1 - MicroCourt Limited) Jacquie Lawson Christmas Market (x32 Version: 1.0.1 - MicroCourt Limited) Hidden Jewel Match 4 (x32 Version: 3.0.2.59 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.6.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.6.0 - ) Kobo (HKLM-x32\...\Kobo) (Version: 3.6.0 - Kobo Inc.) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) Legalsounds Download Manager (HKLM-x32\...\LegalsoundsDownloadManager) (Version: 1.4.9 - LegalMedia) Legalsounds Download Manager (x32 Version: 1.4.9 - LegalMedia) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft MapPoint North America 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-1111BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MimoByte Sound Application (HKLM-x32\...\{9CF4DEF6-33FE-415C-82D8-23C31EF0A7AD}) (Version: 1.0.0 - Mimoco) Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Myths of Orion: Lights From The North (x32 Version: 3.0.2.118 - WildTangent) Hidden OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.) Path of Hercules (x32 Version: 3.0.2.51 - WildTangent) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Photoshop CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden Prelude CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden Premiere Pro CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden PreSonus Studio One (HKLM-x32\...\PreSonus Studio One) (Version: 1.6.4.14644 - PreSonus Audio Electronics) PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.) Puzzle Express (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}) (Version: - Oberon Media) Puzzle Kingdoms (x32 Version: 2.2.0.95 - WildTangent) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd) Sacra Terra: Kiss of Death Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sparkle (x32 Version: 2.2.0.98 - WildTangent) Hidden Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden SpeedGrade CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden SpiteNET: Spite and Malice Multiplayer Edition v.9.2.1 (HKLM-x32\...\ST6UNST #1) (Version: - ) Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) StudioTax 2008 (HKLM\...\{B87ED12E-A95F-45AC-89E7-02CFD5BD2353}) (Version: 4.0.3.6 - BHOK It Consulting) StudioTax 2012 (HKLM-x32\...\{73C5CC89-3567-4B27-A7A0-28267FA7E037}) (Version: 8.0.4.0 - BHOK IT Consulting) Super Collapse! (HKLM-x32\...\{A301896D-9F55-4492-B518-30EAC4C723E1}) (Version: - ) Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) The Book of Desires (x32 Version: 3.0.2.38 - WildTangent) Hidden The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden The Game of Life® (x32 Version: 3.0.2.32 - WildTangent) Hidden The Lost Kingdom Prophecy (x32 Version: 2.2.0.95 - WildTangent) Hidden The Mirror Mysteries: Forgotten Kingdoms (x32 Version: 3.0.2.48 - WildTangent) Hidden The Treasures of Montezuma 4 (x32 Version: 3.0.2.51 - WildTangent) Hidden TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.) WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft) Webshots Desktop (HKLM-x32\...\Webshots Desktop) (Version: - ) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 11-04-2015 12:46:04 Windows Update 20-04-2015 03:00:56 Windows Update 20-04-2015 08:15:51 WD SmartWare Installer 23-04-2015 04:06:08 Windows Update 23-04-2015 12:27:08 AA11 23-04-2015 12:40:27 AA11 23-04-2015 13:21:33 AA11 24-04-2015 08:55:08 Removed Java 8 Update 31 24-04-2015 08:57:57 Removed Java 6 Update 35 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {071F6DD1-4EDE-44FA-8748-6E09DD5E9345} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {1AB8C2D6-AC4D-4896-ABF3-4B0311915127} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {1F34118D-D241-4814-ABA8-E694D0968D06} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {227B9098-AA08-46CE-90D4-D4B2CA0B5761} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {244F45B5-3D93-4698-A7FC-67F5DDAFF5FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3FBE4538-0868-4FBA-AF73-6BBA96AF945D} - System32\Tasks\Anti Virus Updater Schedualer => C:\Program Files (x86)\Anti Virus Updater\Anti VirusUpdater.exe [2015-04-08] (Secure Updater) Task: {4E43AC81-4888-4191-BAA7-41EDB2780D60} - System32\Tasks\HPCeeScheduleForDorothy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {506AAA89-B8AF-445B-A06F-F3D91F553BFC} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-08-20] () Task: {52A340A7-E925-4C1C-940C-F3BE131D820A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {61E2B452-7FB5-489B-8133-5B7C279CF9FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {636C1F8F-6D38-47EF-A8DB-79E26B579FD1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {6A15E9B3-C74A-4692-8F6E-77D87ADEDC02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {6AAF245A-CA3E-47A7-A275-52340F196D02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated) Task: {72686360-E05A-4F06-82D1-E37A33A2E617} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {728F3405-6CA9-4CB6-800F-06CDE812A76C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B} - System32\Tasks\IT Viewer Schedualer => C:\Program Files (x86)\IT Viewer\astask.exe Task: {76B7F9FB-95A4-4C21-9F23-D1258F3DB3A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {884141AE-1614-4696-A4B6-AC8100EE10E4} - System32\Tasks\{089D7A13-5913-4685-A216-076935143215} => pcalua.exe -a "C:\Users\Dorothy\zips\Soundbooth CS5\English\Installer\Adobe Soundbooth CS5 x64.exe" -d "C:\Users\Dorothy\zips\Soundbooth CS5\English\Installer" Task: {95B2E5D3-CACA-480E-B873-97273738E9E6} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION Task: {9765BC5E-9920-42C5-8E51-237CE828AA29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {9F8373F8-062D-4F3B-94BD-F570DF5C1170} - System32\Tasks\AdobeAAMUpdater-1.0-Dorothy-HP-Dorothy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated) Task: {9FA72641-E704-42A8-9328-68D1E044DD7C} - System32\Tasks\Western Digital\SmartWare\____Volume_8157bec3_8288_11e1_bf13_806e6f6e6963______Volume_4944edd4_d0b1_11e4_93ef_9cb70d9c1aa2__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-02-12] (Western Digital Technologies, Inc.) Task: {A3B3047C-3F49-42C6-97FD-D3177FB067DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {AF561A14-5B47-4C5E-8481-1D60949F8140} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {BE711AAA-ACDC-45C3-ACF9-5F799614BE3C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {DC6003F1-A5AF-4818-8123-C8E0F36AAEE2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe Task: {DF7998FF-AD35-4067-A644-EEF706AEE556} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {EB80503C-2907-4771-A421-F55D87B1FBAF} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31] (Hewlett-Packard Co.) Task: {F0670C58-766D-4211-8A4C-15496306C524} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {F64772EB-2CDA-4987-8BC1-9DC69FB223D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core.job => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA.job => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe Task: C:\Windows\Tasks\HPCeeScheduleForDorothy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll 2015-04-23 12:42 - 2015-04-23 12:42 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl 2015-04-23 12:42 - 2015-04-23 12:42 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl 2015-04-23 12:42 - 2015-04-23 12:42 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl 2015-04-23 12:42 - 2015-04-23 12:42 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll 2013-01-11 16:29 - 2013-01-11 16:29 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe 2014-01-11 18:40 - 2012-10-09 13:02 - 07591424 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe 2012-09-04 12:44 - 2012-09-04 12:44 - 00987136 _____ () C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe 2011-09-08 16:53 - 2011-09-08 16:53 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-08-02 15:41 - 2011-08-02 15:41 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-11 18:40 - 2012-05-22 13:07 - 00176128 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll 2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll 2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft:9e5DkIG22H43bOvawKEyABE6Sdt AlternateDataStreams: C:\ProgramData\Microsoft:j1v4uj4DYBR29ESodEPAsF AlternateDataStreams: C:\ProgramData\Temp:A907E812 AlternateDataStreams: C:\Users\Dorothy\Local Settings:8ArrrLwqF1aHgcG4KRe AlternateDataStreams: C:\Users\Dorothy\Local Settings:eahIT9zHNBFIX68yejqM6kRQ AlternateDataStreams: C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe:BDU AlternateDataStreams: C:\Users\Dorothy\AppData\Local:8ArrrLwqF1aHgcG4KRe AlternateDataStreams: C:\Users\Dorothy\AppData\Local:eahIT9zHNBFIX68yejqM6kRQ AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:8ArrrLwqF1aHgcG4KRe AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:eahIT9zHNBFIX68yejqM6kRQ ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 208.67.222.222 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2253929276-2761414899-1364960208-500 - Administrator - Disabled) Dorothy (S-1-5-21-2253929276-2761414899-1364960208-1000 - Administrator - Enabled) => C:\Users\Dorothy Guest (S-1-5-21-2253929276-2761414899-1364960208-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2253929276-2761414899-1364960208-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/24/2015 10:53:03 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program adwcleaner_4.202.exe version 4.2.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 101c Start Time: 01d07e9d844004ce Termination Time: 0 Application Path: C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe Report Id: 955c21e6-ea91-11e4-bb30-9cb70d9c1aa2 Error: (04/23/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0x2d6c Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 Error: (04/22/2015 11:03:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883401: Failed to uninstall device with serial number: CN26J3514805PX. Error: (04/22/2015 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883393: Failed to uninstall device with serial number: CN26J3514805PX. Error: (04/22/2015 11:03:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Photosmart 7510 series' device to complete the uninstallation. Error: (04/22/2015 09:24:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0x2700 Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 Error: (04/21/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0x2494 Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 Error: (04/20/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0xe3c Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 Error: (04/19/2015 00:55:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (04/19/2015 00:17:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0x1dec Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 System errors: ============= Error: (04/24/2015 11:04:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (04/24/2015 11:01:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/24/2015 10:59:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (04/24/2015 10:59:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (04/24/2015 10:59:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s). Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The WD Drive Manager service terminated unexpectedly. It has done this 2 time(s). Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (04/24/2015 10:53:03 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: adwcleaner_4.202.exe4.2.0.2101c01d07e9d844004ce0C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe955c21e6-ea91-11e4-bb30-9cb70d9c1aa2 Error: (04/23/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad2d6c01d07dc886348ca8C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll0cb71627-e9bc-11e4-8c58-9cb70d9c1aa2 Error: (04/22/2015 11:03:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883401: Failed to uninstall device with serial number: CN26J3514805PX.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/22/2015 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883393: Failed to uninstall device with serial number: CN26J3514805PX.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/22/2015 11:03:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Photosmart 7510 series' device to complete the uninstallation.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/22/2015 09:24:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad270001d07cff5bce08efC:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dlle2ca5816-e8f2-11e4-8c58-9cb70d9c1aa2 Error: (04/21/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad249401d07c36316dc6ddC:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dllb7d092e5-e829-11e4-8c58-9cb70d9c1aa2 Error: (04/20/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ade3c01d07b6d06dcf1a8C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll8dc521c8-e760-11e4-8c58-9cb70d9c1aa2 Error: (04/19/2015 00:55:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (04/19/2015 00:17:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad1dec01d07abbc2b2efb1C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll9a5a5835-e6af-11e4-a5f9-9cb70d9c1aa2 CodeIntegrity Errors: =================================== Date: 2012-12-19 22:10:10.665 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-19 22:09:28.098 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-19 22:01:41.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-19 22:01:03.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-19 22:00:29.888 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A8-3820 APU with Radeon HD Graphics Percentage of memory in use: 29% Total physical RAM: 7666.85 MB Available physical RAM: 5397.41 MB Total Pagefile: 15331.89 MB Available Pagefile: 12744.79 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1380.36 GB) (Free:916.18 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:16.8 GB) (Free:2.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive j: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1532.64 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B77F4ACF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1380.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 60D76091) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Finally, I ran ESET. It took a very long time, but finally completed. Here's the list of threats found: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3287802\plugins\TBVerifier.dll.vir a variant of Win32/Toolbar.Conduit.AM potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389810079572.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389810079602.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390827634232.vir Win32/Conduit.SearchProtect.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390827634380.vir Win32/Conduit.SearchProtect.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392194309493.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392194310305.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1422953266616.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1423558406435.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir a variant of Win32/ClientConnect.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3287802\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\Conduit\Chrome\CT3287802\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\Conduit\Chrome\CT3287802\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\NativeMessaging\CT3287802\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\Temp\NativeMessaging\CT3287802.crx.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\Temp\NativeMessaging\CT3287802\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe a variant of Win32/OpenCandy.C potentially unsafe application C:\Program Files (x86)\IT Viewer\gmff.exe a variant of Win32/Techsnab.H potentially unwanted application C:\Program Files (x86)\IT Viewer\tschromium64.exe Win64/Techsnab.A potentially unwanted application C:\Program Files (x86)\IT Viewer\tsnet.dll Win32/Techsnab.D potentially unwanted application C:\Program Files (x86)\IT Viewer\tsnet64.dll Win64/Techsnab.A potentially unwanted application C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller.exe a variant of Win32/Komodia.A potentially unsafe application C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe a variant of Win32/Komodia.A potentially unsafe application C:\Users\Dorothy\.frostwire5\updates\frostwire-5.7.7.windows.coc.premium.exe a variant of Win32/OpenCandy.C potentially unsafe application C:\Users\Dorothy\.frostwire5\updates\frostwire-5.7.7.windows.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx a variant of Win32/Toolbar.Conduit.AA potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\BackupSetup.exe MSIL/MyPCBackup.D potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\BF96.tmp.exe a variant of Win32/Techsnab.H potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\conduitchecker.exe Win32/Toolbar.Conduit.S potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\mconduitinstaller.exe Win32/Toolbar.Conduit.S potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\MyBabylonTB.exe Win32/Toolbar.Babylon potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\SPSetup.exe a variant of Win32/ClientConnect.A potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\SPStub.exe Win32/Conduit.SearchProtect.J potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\tbVisu.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\utt29DD.tmp a variant of Win32/OpenCandy.C potentially unsafe application C:\Users\Dorothy\AppData\Local\Temp\Vid-Saver-rs.exe a variant of Win32/Toolbar.CrossRider.E potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\AU\SPSetup.exe Win32/Conduit.SearchProtect.Q potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\AU\SPUpdater.exe Win32/Conduit.SearchProtect.G potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\ct3287802\chLogic.exe a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\ct3287802\ctbe.exe Win32/Toolbar.Conduit.AF potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\ct3287802\ieLogic.exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\ct3287802\sl.exe Win32/Toolbar.Conduit.S potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\ct3287802\spch.exe Win32/Conduit.SearchProtect.J potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\ct3287802\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\ct3287802\stub.exe Win32/Toolbar.Conduit.S potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\ct3287802\plugins\TBVerifier.dll a variant of Win32/Toolbar.Conduit.AM potentially unwanted application C:\Users\Dorothy\AppData\Local\Temp\TestIfExeExist\CT3287802\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application C:\Users\Dorothy\Downloads\SoftonicDownloader_for_celtx.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application C:\Users\Dorothy\zips\codecs.for.windows.7.pack.v4.0.5.setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application C:\Users\Dorothy\zips\frostwire-5.3.8.windows.exe Win32/OpenCandy potentially unsafe application C:\Users\Dorothy\zips\htchome_setup (1).exe a variant of Win32/Somoto.A potentially unwanted application C:\Users\Dorothy\zips\htchome_setup.exe a variant of Win32/Somoto.A potentially unwanted application C:\Windows\Installer\143edf6.msi a variant of Win32/Komodia.A potentially unsafe application C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
  4. Thanks Cecilia, In response to your points: 1. What does this program do? 2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\ANTI VIRUS Updater I'm not sure what that does - I looked at the properties and couldn't tell. The only thing I can think of is that it was part of Microsoft Security Essentials, which I uninstalled because it's not compatible with Ad-Aware. I can't see it in the Programs list, so I don't know how to uninstall it, short of just deleting it. 2. Please, uninstall (or update): Java 8 Update 31Java™ 6 Update 35 Since they are old versions with known vulnerabilities that can be exploited by a web page to infect the computer. Most persons don't need to have JAVA INSTALLED, but if you need it's very important to always have the latest version. I uninstalled all Java. If I find I need it later, I can always install the latest version, as you suggested. 3. Please, uninstall: VisualBee V.3 Toolbar for IE, see http://www.systemloo...tbVis3_dll.html I uninstalled this from the Control Panel / Programs - but it gave an error saying it couldn't find the file. 4. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net...d/1-adwcleaner/ [..] Done - output is copied below. Please note - it flagged two items for "cleaning". I assume I should click on Clean and let it remove them? # AdwCleaner v4.202 - Logfile created 24/04/2015 at 09:14:56 # Updated 23/04/2015 by Xplode # Database : 2015-04-23.2 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Dorothy - DOROTHY-HP # Running from : C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe # Option : Scan ***** [ Services ] ***** Service Found : CltMngSvc Service Found : PrivoxyService ***** [ Files / Folders ] ***** File Found : C:\END File Found : C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage File Found : C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal File Found : C:\Users\Dorothy\AppData\Local\Temp\Uninstall.exe Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Coupons Folder Found : C:\Program Files (x86)\Coupons Folder Found : C:\Program Files (x86)\PrivateVPN Folder Found : C:\Program Files (x86)\SearchProtect Folder Found : C:\ProgramData\Conduit Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons Folder Found : C:\ProgramData\VisualBee Folder Found : C:\Users\Dorothy\AppData\Local\avayvaxvaa Folder Found : C:\Users\Dorothy\AppData\Local\Conduit Folder Found : C:\Users\Dorothy\AppData\Local\NativeMessaging Folder Found : C:\Users\Dorothy\AppData\Local\SearchProtect Folder Found : C:\Users\Dorothy\AppData\Local\Temp\NativeMessaging Folder Found : C:\Users\Dorothy\AppData\Local\VisualBeeExe Folder Found : C:\Users\Dorothy\AppData\LocalLow\Conduit Folder Found : C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetMon Folder Found : C:\Users\Dorothy\AppData\Roaming\NetMon Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect Folder Found : C:\Windows\SysWOW64\SearchProtect ***** [ Scheduled tasks ] ***** Task Found : Malware Cleaner Task Found : VisualBeeRecovery ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1 Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local> Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118 Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\adawarebp Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134839E3-4408-4006-9B48-AA528D1EABF6} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMon Key Found : HKCU\Software\NetMon Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\visualbee Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134839E3-4408-4006-9B48-AA528D1EABF6} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : [x64] HKCU\Software\NetMon Key Found : [x64] HKCU\Software\Softonic Key Found : [x64] HKCU\Software\visualbee Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287802 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\GamesBarSetup Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Found : HKLM\SOFTWARE\PIP Key Found : HKLM\SOFTWARE\SearchProtect Key Found : HKLM\SOFTWARE\SPPDCOM Key Found : HKLM\SOFTWARE\VBMZ Key Found : HKLM\SOFTWARE\visualbee Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [savedLegacySettings] ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Google Chrome v [C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ontario.ca/government/search-results?query={searchTerms}&op=Search [C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?client=&qt={searchTerms}&search=%EF%80%A1&charset=utf-8 [C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl [C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb [C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxps://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861", "usage_count": 0 } }, "extensions": { "settings": { "ahfgeienlihckogmohjhadlkjgocpleb": { "active_bit": true, "active_permissions": { "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "n", "commands": { }, "creation_flags": 1, "events": [ ], "extension_can_script_all_urls": true, "from_bookmark": false, "from_webstore": false, "install_time": "13013879872913013", "last_launch_time": "13041121758921893", "location": 5, "manifest": { "app": { "launch": { "web_url": "hxxps://chrome.google.com/webstore" }, "urls": [ "hxxps://chrome.google.com/webstore" ] }, "description": "Chrome Web Store", "icons": { "128": "webstore_icon_128.png", "16": "webstore_icon_16.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB", "name": "Store", "permissions": [ "webstorePrivate", "management" ], "version": "0.2" }, "page_ordinal": "n", "path": "C:\\Users\\Dorothy\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\web_store", "was_installed_by_default": false }, "aiahmijlpehemcpleichkcokhegllfjl": { "active_permissions": { "api": [ ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "zv", "commands": { }, "content_settings": [ ], "creation_flags": 9, "events": [ ], "extension_can_script_all_urls": true, "from_bookmark": false, "from_webstore": true, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13065319636082794", "lastpingday": "13074073202164881", "location": 1, "manifest": { "app": { "launch": { "web_url": "hxxps://www.duolingo.com" }, "urls": [ "*://*.duolingo.com/" ] }, "current_locale": "en_US", "default_locale": "en", "description": "Learn languages completely free, without ads or hidden charges. It's fun, easy, and scientifically proven.", "icons": { "128": "icon_128.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7D/xInzxo29PsfM/BsgANUG4q91QHTAN2l+iV+UwA7BQPUwyFSjwOxcnW3VzTRcQOoYrd5Kb0GaWu++DdFy7y4+m1+L3wsCyJB66fp2nQvO88nmVBlaNsvYbo2ZX3BMeucSXuzxDiVAc3K1rd0AFxpwRfM9r2xZjWivRjNuAFvwIDAQAB", "manifest_version": 2, "name": "Duolingo on the Web", "update_url": "hxxps://clients2.google.com/service/update2/crx", "version": "1.0.13" }, "page_ordinal": "n", "path": "aiahmijlpehemcpleichkcokhegllfjl\\1.0.13_0", "preferences": { }, "regular_only_preferences": { }, "state": 1, "was_installed_by_default": false, "was_installed_by_oem": false }, "ajebcmdcgoggdncokkbdifohckmfpgnb": { "active_bit": false, "active_permissions": { "api": [ ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "zz", "creation_flags": 9, "events": [ ], "extension_can_script_all_urls": true, "from_bookmark": false, "from_webstore": true, "install_time": "13035152944596110", "last_active_pingday": "13058089204272585", "last_launch_time": "13057971137357144", "lastpingday": "13074073202164881", "location": 1, "manifest": { "app": { "launch": { "web_url": "hxxps://www.gojee.com/food/" }, "urls": [ "*://www.gojee.com/food/" ] }, "description": "Looking for inspiration? Find recipes from the world's best food writers with ingredients you have at home", "icons": { "128": "icon_128.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDGlTUGKR6gbU1gyJp0NcEDKrCW4yOg4x85/BAjFGP8dF8BD7uKh1y/aWEaDIGc+habpmbVFN6WVIA1CEuqLRYuDLDm0OxRsLCpVVOXNBOhIymD3+8w+oCU+FuuXR+Pl02ASAmcNv0/o2fdJMOlgfzatEg3rK7ug8Nphh7AF8TwwIDAQAB", "manifest_version": 2, "name": "Gojee Food", "update_url": "hxxps://clients2.google.com/service/update2/crx", "version": "4.0" }, "page_ordinal": "n", "path": "ajebcmdcgoggdncokkbdifohckmfpgnb\\4.0_0", "state": 1, "was_installed_by_default": false }, "bepbmhgboaologfdajaanbcjmnhjmhfn": { "disable_reasons": 1, "state": 0 }, "blpcfgokakmgnkcojhhkbfbldkacnbeo": { "ack_external": true, "active_permissions": { "api": [ ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "x", "commands": { }, "content_settings": [ ], "creation_flags": 153, "events": [ ], "from_bookmark": true, "from_webstore": true, "granted_permissions": { "api": [ ], "manifest_permissions": [ ] }, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13067642132303671", "lastpingday": "13074073202164881", "location": 1, "manifest": { "app": { "launch": { "container": "tab", "web_url": "hxxp://www.youtube.com/?feature=ytca" }, "web_content": { "enabled": true, "origin": "hxxp://www.youtube.com" } }, "current_locale": "en_US", "default_locale": "en", "description": "The world's most popular online video community.", "icons": { "128": "128.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB", "manifest_version": 2, "name": "YouTube", "update_url": "hxxp://clients2.google.com/service/update2/crx", "version": "4.2.7" }, "page_ordinal": "n", "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0", "preferences": { }, "regular_only_preferences": { }, "state": 1, "was_installed_by_default": true, "was_installed_by_oem": false }, "booedmolknjekdopkepjjeckmjkdpfgl": { "active_permissions": { "api": [ "tabs", "webNavigation", "webRequest", "webRequestBlocking" ], "explicit_host": [ "chrome://newtab/*", "chrome://settings-frame/*", "hxxp://*/*", "hxxps://*/*" ], "manifest_permissions": [ ], "scriptable_host": [ "chrome://settings-frame/*" ] }, "creation_flags": 1, "events": [ ], "from_bookmark": false, "from_webstore": false, "initial_keybindings_set": true, "install_time": "13034284313462423", "location": 5, "manifest": { "background": { "persistent": true, "scripts": [ "bk.js" ] }, "content_scripts": [ { "js": [ "cs.js" ], "matches": [ "chrome://settings-frame/*" ] } ], "content_security_policy": "default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';", "description": "Extutil", "incognito": "spanning", "key": "MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+ea9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB", "manifest_version": 2, "name": "Extutil", "permissions": [ "chrome://newtab/", "tabs", "webNavigation", "hxxp://*/*", "hxxps://*/*", "chrome://settings-frame/" ], "version": "0.1" }, "path": "C:\\Users\\Dorothy\\AppData\\Local\\Temp\\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B", "was_installed_by_default": false }, "coobgpohoikkiipiblmjeljniedjpjpf": { "ack_external": true, "active_bit": false, "active_permissions": { "api": [ ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "t", "commands": { }, "content_settings": [ ], "creation_flags": 153, "events": [ ], "from_bookmark": true, "from_webstore": true, "granted_permissions": { "api": [ ], "manifest_permissions": [ ] }, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13072033732613523", "last_active_pingday": "13029494405575383", "lastpingday": "13074073202164881", "location": 1, "manifest": { "app": { "launch": { "web_url": "hxxp://www.google.com/webhp?source=search_app" }, "urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ] }, "current_locale": "en_US", "default_locale": "en", "description": "The fastest way to search the web. ************************* AdwCleaner[R0].txt - [20174 bytes] - [24/04/2015 09:14:56] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20234 bytes] ##########
  5. So I double checked the instructions and realized it said to insert the content of the files into my post, so I'm reading that to mean copy/paste here. So...below is the content of the two files: FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01 Ran by Dorothy (administrator) on DOROTHY-HP on 23-04-2015 13:30:57 Running from C:\Users\Dorothy\Desktop Loaded Profiles: Dorothy (Available profiles: Dorothy) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe (The Privoxy team - www.privoxy.org) C:\Program Files (x86)\IT Viewer\privoxy.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Akamai Technologies, Inc.) C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Akamai Technologies, Inc.) C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe () C:\Program Files\PreSonus\AudioBox\AudioBox.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe () C:\Users\Dorothy\AppData\Roaming\NetMon\netmon.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe () C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] () HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Google Update] => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-16] (Google Inc.) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-11] () HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [backgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dorothy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7591424 2012-10-09] () HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [707416 2015-03-10] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [NetMon] => C:\Users\Dorothy\AppData\Roaming\NetMon\netmon.exe [840206 2015-03-18] () HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\MountPoints2: {b02ce3b0-5a36-11e2-9537-9cb70d9c1aa2} - J:\MotoCastSetup.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-04-09] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to mimobyte.exe.lnk [2013-06-21] ShortcutTarget: Shortcut to mimobyte.exe.lnk -> C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe () Startup: C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-07-18] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [s-1-5-21-2253929276-2761414899-1364960208-1000] => Internet Explorer proxy is enabled. ProxyServer: [s-1-5-21-2253929276-2761414899-1364960208-1000] => 127.0.0.1:8118 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKLM-x32 - VisualBee V.3 Toolbar - {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVisu.dll (Conduit Ltd.) URLSearchHook: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 - VisualBee V.3 Toolbar - {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVisu.dll (Conduit Ltd.) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {134839E3-4408-4006-9B48-AA528D1EABF6} URL = SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPDTDF SearchScopes: HKLM -> {A640573D-48E5-4AAB-A0E1-24B62217E276} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861 SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 -> {A640573D-48E5-4AAB-A0E1-24B62217E276} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861 SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287802&CUI=UN11782800362545720&UM=2&UP=SP3841609E-7D4F-4ED8-8344-176211904FF4&SSPV= SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {134839E3-4408-4006-9B48-AA528D1EABF6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287802&CUI=UN11782800362545720&UM=2 SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861 SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPDTDF SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {8FA5D783-B1F8-4F89-AAC3-E75B93E3F2D3} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {A640573D-48E5-4AAB-A0E1-24B62217E276} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_upclick_150317&q={searchTerms} SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: VisualBee V.3 Toolbar -> {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} -> C:\Program Files (x86)\VisualBee_V.3\prxtbVisu.dll [2013-11-06] (Conduit Ltd.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - VisualBee V.3 Toolbar - {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVisu.dll [2013-11-06] (Conduit Ltd.) Toolbar: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> No Name - {BF9194C2-B86D-4EBC-9B53-1C08B6FF779E} - No File DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited) Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited) Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{F3131339-8F2A-4098-8C4E-FCC9585322CC}: [NameServer] 208.67.222.222 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] () FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media ) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-11] (Pando Networks) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\37\NP_wtapp.dll [2014-11-21] () FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems) FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-11] (Pando Networks) FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-17] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-05-28] Chrome: ======= CHR HomePage: Default -> https://www.google.ca/ CHR StartupUrls: Default -> "hxxp://www.google.ca/" CHR DefaultSearchKeyword: Default -> \t\tgo search CHR DefaultSearchURL: Default -> https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861 CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Duolingo on the Web) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-01-25] CHR Extension: (Gojee Food) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2014-01-25] CHR Extension: (YouTube) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-16] CHR Extension: (Google Search) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16] CHR Extension: (Candy Matcher Deluxe) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2014-01-25] CHR Extension: (Hola Better Internet) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-15] CHR Extension: (Bookmark Manager) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21] CHR Extension: (Scott Draves) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldociafpimkkkdneicfdkdbgcllhdhj [2014-01-25] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Numerics Calculator & Converter) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-01-25] CHR Extension: (Floor plans and interior design) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-01-25] CHR Extension: (Do It (Tomorrow)) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2014-01-25] CHR Extension: (Google Wallet) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-16] CHR HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03] CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21] StartMenuInternet: Google Chrome - C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-02] (WildTangent) S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [699912 2015-03-10] (Garmin Ltd. or its subsidiaries) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] () R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited) R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-03-17] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender) R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC) S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio_x64.sys [250728 2012-10-09] () S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp_x64.sys [69992 2012-10-09] () S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks_x64.sys [51560 2012-10-09] () S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-23 13:30 - 2015-04-23 13:31 - 00037677 _____ () C:\Users\Dorothy\Desktop\FRST.txt 2015-04-23 13:30 - 2015-04-23 13:31 - 00000000 ____D () C:\FRST 2015-04-23 13:27 - 2015-04-23 13:27 - 02099712 _____ (Farbar) C:\Users\Dorothy\Desktop\FRST64.exe 2015-04-23 13:22 - 2015-04-23 13:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2015-04-23 12:42 - 2015-04-23 12:42 - 00000000 ____D () C:\ProgramData\BitDefender 2015-04-23 12:41 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll 2015-04-23 12:41 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll 2015-04-20 08:18 - 2015-04-20 08:18 - 00000000 ____D () C:\Program Files\Western Digital 2015-04-20 08:18 - 2015-04-20 08:18 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2015-04-20 08:13 - 2015-04-23 13:18 - 00003382 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task 2015-04-20 03:49 - 2015-04-20 03:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Webshots Data 2015-04-20 03:18 - 2015-04-20 03:18 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-04-20 03:18 - 2015-04-20 03:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-04-19 17:30 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-19 17:30 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-19 17:30 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-19 17:30 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-19 17:30 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-19 17:30 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-19 17:30 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-19 17:30 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-19 17:30 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-19 17:30 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-19 17:30 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-19 17:30 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-19 17:30 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-19 17:30 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-19 17:30 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-19 17:30 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-19 17:30 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-19 17:30 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-19 17:30 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-19 17:30 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-04-19 17:30 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-19 17:30 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-19 17:30 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-19 17:30 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-19 17:30 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-19 17:30 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-04-19 17:30 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-19 17:30 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-19 17:30 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-19 17:30 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-19 17:30 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-19 17:30 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-04-19 17:30 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-04-19 17:30 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-19 17:30 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-04-19 17:30 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-19 17:30 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-19 17:30 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-19 17:30 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-19 17:30 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-19 17:30 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-19 17:30 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-19 17:30 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-19 17:30 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-19 17:30 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-19 17:30 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-19 17:30 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-19 17:30 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-19 17:30 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-19 17:30 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-19 17:30 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-19 17:30 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-19 17:30 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-19 17:30 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-19 17:30 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-19 17:30 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-19 17:30 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-19 17:30 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-19 17:30 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-19 17:30 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-19 17:30 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-19 17:30 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-19 17:30 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-19 17:30 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-19 17:30 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-19 17:30 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-19 17:30 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-04-19 17:30 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-19 17:30 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-19 17:30 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-19 17:30 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-19 17:30 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-19 17:30 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-19 17:30 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-19 17:30 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-19 17:30 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-04-19 17:30 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-19 17:30 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-19 17:30 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-04-19 17:30 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-19 17:30 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-19 17:30 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-19 17:30 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-19 17:30 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-19 17:30 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-19 17:30 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-19 17:30 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-04-19 17:30 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-19 17:30 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-19 17:30 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-19 17:30 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-19 17:30 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-19 17:30 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-19 17:30 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-19 17:30 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-19 17:30 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-19 17:30 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-19 17:30 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-19 17:30 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-19 17:30 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-19 17:30 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-19 17:30 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-19 17:30 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-04-19 17:30 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-04-19 17:30 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-19 17:30 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-04-19 17:30 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-19 17:29 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-19 17:29 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-19 17:29 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-19 11:59 - 2015-04-19 11:59 - 00000000 ____D () C:\Users\Dorothy\Documents\Bluetooth Exchange Folder 2015-04-08 09:24 - 2015-04-08 09:24 - 00003638 _____ () C:\Windows\System32\Tasks\Anti Virus Updater Schedualer 2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Anti Virus Updater 2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX 2015-03-26 11:22 - 2015-03-26 11:22 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\{6B85176D-2AF4-4432-BFAD-A1B324BEE743} 2015-03-24 19:44 - 2015-03-24 19:44 - 00000021 _____ () C:\Windows\SurCode.INI ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-23 13:32 - 2013-01-11 16:29 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\PMB Files 2015-04-23 13:27 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-23 13:27 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-23 13:26 - 2012-08-20 19:36 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job 2015-04-23 13:25 - 2012-07-09 14:14 - 01784717 _____ () C:\Windows\WindowsUpdate.log 2015-04-23 13:24 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-23 13:22 - 2009-07-14 00:51 - 00092092 _____ () C:\Windows\setupact.log 2015-04-23 13:20 - 2013-05-14 16:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-23 13:19 - 2015-03-23 14:03 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat 2015-04-23 13:19 - 2012-07-16 09:47 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA.job 2015-04-23 13:17 - 2013-05-14 16:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-23 13:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-23 13:11 - 2012-09-22 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-23 12:30 - 2014-02-11 16:58 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDorothy.job 2015-04-23 12:29 - 2010-11-20 23:47 - 01069078 _____ () C:\Windows\PFRO.log 2015-04-23 12:28 - 2012-07-10 16:49 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Hoyle Puzzle and Board Games 2015-04-23 12:28 - 2012-07-09 20:44 - 00000000 ____D () C:\Users\Dorothy\Documents\Outlook Files 2015-04-23 12:24 - 2012-07-11 12:36 - 00001945 _____ () C:\Windows\epplauncher.mif 2015-04-23 12:18 - 2015-03-17 09:22 - 00003266 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer 2015-04-23 09:24 - 2012-07-09 18:40 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\CrashDumps 2015-04-23 09:22 - 2015-03-18 09:22 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll 2015-04-23 02:00 - 2014-07-13 21:29 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\Adobe 2015-04-22 22:19 - 2012-07-16 09:47 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core.job 2015-04-22 21:38 - 2012-07-09 14:21 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A08C57D-C34B-40CB-995F-A062CE32B1FD} 2015-04-22 17:05 - 2012-07-09 19:25 - 00000000 ____D () C:\Users\Dorothy\Documents\Financial 2015-04-21 15:50 - 2014-02-11 16:58 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDorothy 2015-04-21 15:49 - 2012-07-10 15:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-04-21 13:11 - 2012-07-09 19:22 - 00000000 ____D () C:\Users\Dorothy\Documents\Employment 2015-04-20 11:23 - 2012-07-09 20:44 - 00000000 ____D () C:\Users\Dorothy\Documents\OMHS 2015-04-20 08:19 - 2015-03-23 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2015-04-20 08:19 - 2015-03-23 14:02 - 00023512 _____ () C:\Windows\DPINST.LOG 2015-04-20 08:18 - 2015-03-23 14:01 - 00000000 ____D () C:\ProgramData\Western Digital 2015-04-20 08:18 - 2015-03-23 14:01 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2015-04-20 08:16 - 2013-09-24 16:34 - 00000000 ____D () C:\ProgramData\Package Cache 2015-04-20 08:13 - 2012-09-22 11:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-20 08:13 - 2012-09-22 11:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-20 08:13 - 2012-04-09 16:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-20 04:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2015-04-20 03:49 - 2014-12-10 04:30 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-20 03:49 - 2014-05-16 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-20 03:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-04-20 03:33 - 2012-07-09 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-20 03:27 - 2011-02-11 13:15 - 00770488 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-20 03:18 - 2012-04-09 16:26 - 00000000 ____D () C:\ProgramData\Skype 2015-04-20 03:17 - 2013-07-23 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-20 03:07 - 2012-12-13 12:52 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-20 03:07 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini 2015-04-19 19:45 - 2013-12-11 12:33 - 00000014 _____ () C:\Windows\popcinfo.dat 2015-04-19 18:02 - 2015-01-14 14:18 - 00000000 ____D () C:\Users\Dorothy\Documents\My Kindle Content 2015-04-19 16:37 - 2012-11-13 13:20 - 00000000 ___RD () C:\Users\Dorothy\Dropbox 2015-04-19 16:37 - 2012-11-13 13:18 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Dropbox 2015-04-11 13:39 - 2012-07-09 20:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Recipes 2015-04-10 23:07 - 2012-11-13 13:18 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-04-10 16:24 - 2014-01-27 13:41 - 00000000 ____D () C:\Program Files (x86)\SpiteNET9 2015-04-09 11:08 - 2014-11-26 11:42 - 00000000 ____D () C:\Users\Dorothy\Documents\Shopping 2015-04-08 09:18 - 2012-07-23 19:45 - 00000000 ____D () C:\Users\Dorothy\.frostwire5 2015-04-02 20:17 - 2012-12-20 11:34 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\vlc 2015-04-02 16:15 - 2012-04-09 16:28 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2015-04-01 12:01 - 2015-03-17 09:22 - 00000000 ____D () C:\Program Files (x86)\IT Viewer 2015-03-29 13:18 - 2012-07-09 19:32 - 00000000 ____D () C:\Users\Dorothy\Documents\My eBooks 2015-03-28 18:01 - 2012-08-20 14:25 - 00000000 ____D () C:\ProgramData\Recovery 2015-03-26 13:01 - 2015-01-14 14:17 - 00000000 ____D () C:\Program Files (x86)\Amazon 2015-03-24 16:01 - 2012-07-09 19:28 - 00000000 ____D () C:\Users\Dorothy\Documents\Licenses 2015-03-24 10:44 - 2012-07-09 19:29 - 00000000 ____D () C:\Users\Dorothy\Documents\MISC 2015-03-24 10:41 - 2012-07-09 20:46 - 00000000 ____D () C:\Users\Dorothy\Documents\Printing Projects 2015-03-24 09:54 - 2012-07-09 20:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Travel 2015-03-24 09:49 - 2012-07-09 20:47 - 00000000 ____D () C:\Users\Dorothy\Documents\Rebecca ==================== Files in the root of some directories ======= 2014-10-16 18:54 - 2014-10-16 18:54 - 0000132 _____ () C:\Users\Dorothy\AppData\Roaming\Adobe IllExport Filter CS6 Prefs 2014-12-08 17:45 - 2015-02-13 22:02 - 0000132 _____ () C:\Users\Dorothy\AppData\Roaming\Adobe PNG Format CS6 Prefs 2015-03-17 09:22 - 2015-03-17 09:22 - 0000000 _____ () C:\Users\Dorothy\AppData\Roaming\C281.tmp 2015-03-29 09:24 - 2015-03-29 09:24 - 0009662 _____ () C:\Users\Dorothy\AppData\Roaming\em_64x64.ico 2014-10-16 18:55 - 2014-10-16 18:57 - 0001456 _____ () C:\Users\Dorothy\AppData\Local\Adobe Save for Web 13.0 Prefs 2013-12-03 15:04 - 2013-12-03 15:04 - 0003584 _____ () C:\Users\Dorothy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-03 12:02 - 2014-05-17 20:31 - 0007595 _____ () C:\Users\Dorothy\AppData\Local\Resmon.ResmonCfg 2012-08-17 13:22 - 2012-08-17 13:22 - 0000057 _____ () C:\ProgramData\Ament.ini Some content of TEMP: ==================== C:\Users\Dorothy\AppData\Local\Temp\1725.tmp.exe C:\Users\Dorothy\AppData\Local\Temp\698A.tmp.exe C:\Users\Dorothy\AppData\Local\Temp\a8cb9012-c9e9-4a57-9f84-9531a4efcbf1.exe C:\Users\Dorothy\AppData\Local\Temp\BackupSetup.exe C:\Users\Dorothy\AppData\Local\Temp\BF57.tmp.exe C:\Users\Dorothy\AppData\Local\Temp\BF96.tmp.exe C:\Users\Dorothy\AppData\Local\Temp\C60A.tmp.exe C:\Users\Dorothy\AppData\Local\Temp\conduitchecker.exe C:\Users\Dorothy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc4_jfq.dll C:\Users\Dorothy\AppData\Local\Temp\GetCC.dll C:\Users\Dorothy\AppData\Local\Temp\GPUpd55097C840.exe C:\Users\Dorothy\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Dorothy\AppData\Local\Temp\htchome_installer.exe C:\Users\Dorothy\AppData\Local\Temp\incredibar_installer.exe C:\Users\Dorothy\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe C:\Users\Dorothy\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Dorothy\AppData\Local\Temp\mconduitinstaller.exe C:\Users\Dorothy\AppData\Local\Temp\MotoCast_Installer_2.0031.exe C:\Users\Dorothy\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\Dorothy\AppData\Local\Temp\MyBabylonTB.exe C:\Users\Dorothy\AppData\Local\Temp\nse2519.exe C:\Users\Dorothy\AppData\Local\Temp\nsj978A.exe C:\Users\Dorothy\AppData\Local\Temp\nsu2FD6.exe C:\Users\Dorothy\AppData\Local\Temp\nsuB338.exe C:\Users\Dorothy\AppData\Local\Temp\ose00000.exe C:\Users\Dorothy\AppData\Local\Temp\ose00001.exe C:\Users\Dorothy\AppData\Local\Temp\Resource.exe C:\Users\Dorothy\AppData\Local\Temp\SendMsg.dll C:\Users\Dorothy\AppData\Local\Temp\sp58915.exe C:\Users\Dorothy\AppData\Local\Temp\sp64126.exe C:\Users\Dorothy\AppData\Local\Temp\SpOrder.dll C:\Users\Dorothy\AppData\Local\Temp\SPSetup.exe C:\Users\Dorothy\AppData\Local\Temp\SPStub.exe C:\Users\Dorothy\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Dorothy\AppData\Local\Temp\tasks.dll C:\Users\Dorothy\AppData\Local\Temp\uninstall.exe C:\Users\Dorothy\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Dorothy\AppData\Local\Temp\vbmz2.exe C:\Users\Dorothy\AppData\Local\Temp\Vid-Saver-rs.exe C:\Users\Dorothy\AppData\Local\Temp\VisualBeeSilent.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-20 04:22 ==================== End Of Log ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015 01 Ran by Dorothy at 2015-04-23 13:32:25 Running from C:\Users\Dorothy\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Abyss: The Wraiths of Eden Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft) Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe OnLocation Cs5.5 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe) Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe Visual Communicator 3 (HKLM-x32\...\InstallShield_{A5335A43-C886-4447-9885-013E62796E7C}) (Version: 3.0.3129.0 - Adobe Systems Incorporated) After Effects CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden Akamai NetSession Interface (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Amazing Pyramids (x32 Version: 2.2.0.110 - WildTangent) Hidden Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.) Amulet of Time: Shadow of La Rochelle (x32 Version: 3.0.2.32 - WildTangent) Hidden Angelica Weaver: Catch Me When You Can Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atlantis Adventure 1.0 (HKLM-x32\...\Atlantis_Adventure_1.0) (Version: - ) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AudioBox version 1.21 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.21 - PreSonus) Audition CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden Between the Worlds 2: The Pyramid (x32 Version: 2.2.0.110 - WildTangent) Hidden Big Kahuna Reef 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation) Black Rainbow (x32 Version: 3.0.2.59 - WildTangent) Hidden Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.) Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Call of Atlantis: Treasures of Poseidon Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden Call of the Ages (x32 Version: 3.0.2.51 - WildTangent) Hidden Castle: Never Judge a Book by Its Cover (x32 Version: 3.0.2.51 - WildTangent) Hidden Celtx (2.9.1) (HKLM-x32\...\Celtx (2.9.1)) (Version: 2.9.1 (en-US) - Greyfirst) Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) Dynomite (x32 Version: 2.2.0.95 - WildTangent) Hidden Elevated Installer (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden Eternal Journey: New Atlantis (x32 Version: 3.0.2.32 - WildTangent) Hidden Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.) Fall of the New Age Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden FitDay PC version 1.0 (HKLM-x32\...\FitDay_is1) (Version: 1.0 - Cyser Software, Inc.) FrostWire 5.7.7 (HKLM-x32\...\FrostWire 5) (Version: 5.7.7.2 - FrostWire LLC) Garmin Communicator Plugin (HKLM-x32\...\{E883466C-77EC-44AC-8EC8-417A4A16AB3F}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{D2DB454C-645C-448A-A0B9-B6F6C1D75BA8}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{ec94ae3d-c856-4a54-b596-a5c2c36a0208}) (Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin VoiceStudio v2.40 (HKLM-x32\...\{15DF4EE8-DE41-453A-800A-5814A5CDF003}) (Version: 2.40.0.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hexus (x32 Version: 2.2.0.98 - WildTangent) Hidden Hidden Path of Faery (x32 Version: 3.0.2.32 - WildTangent) Hidden Hoyle Classic Board Game Collection 1 (x32 Version: 3.0.2.51 - WildTangent) Hidden Hoyle Classic Board Game Collection 2 (x32 Version: 3.0.2.32 - WildTangent) Hidden Hoyle Classic Board Game Collection 3 (x32 Version: 3.0.2.118 - WildTangent) Hidden Hoyle Classic Board Game Collection 4 (x32 Version: 3.0.2.118 - WildTangent) Hidden Hoyle Puzzle and Board Games 2011 (x32 Version: 2.2.0.98 - WildTangent) Hidden HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent) HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard) HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.8812 - HP Photo Creations) HP Photosmart 7510 series Basic Device Software (HKLM\...\{0446B95B-C0FD-4DE9-BD8E-76015D05E4F3}) (Version: 25.0.617.0 - Hewlett-Packard Co.) HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart 7510 series Product Improvement Study (HKLM\...\{D9F55AA1-FD3E-47FF-A385-72ED53666D3F}) (Version: 25.0.617.0 - Hewlett-Packard Co.) HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard) Illustrator CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.) Jacquie Lawson Christmas Market (HKLM-x32\...\com.jacquielawson.marketadventcalendar2014) (Version: 1.0.1 - MicroCourt Limited) Jacquie Lawson Christmas Market (x32 Version: 1.0.1 - MicroCourt Limited) Hidden Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Java 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle) Jewel Match 4 (x32 Version: 3.0.2.59 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.6.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.6.0 - ) Kobo (HKLM-x32\...\Kobo) (Version: 3.6.0 - Kobo Inc.) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) Legalsounds Download Manager (HKLM-x32\...\LegalsoundsDownloadManager) (Version: 1.4.9 - LegalMedia) Legalsounds Download Manager (x32 Version: 1.4.9 - LegalMedia) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft MapPoint North America 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-1111BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MimoByte Sound Application (HKLM-x32\...\{9CF4DEF6-33FE-415C-82D8-23C31EF0A7AD}) (Version: 1.0.0 - Mimoco) Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Myths of Orion: Lights From The North (x32 Version: 3.0.2.118 - WildTangent) Hidden NetMon (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\NetMon) (Version: 0.5b - NetMon) <==== ATTENTION! OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.) Path of Hercules (x32 Version: 3.0.2.51 - WildTangent) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Photoshop CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden Prelude CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden Premiere Pro CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden PreSonus Studio One (HKLM-x32\...\PreSonus Studio One) (Version: 1.6.4.14644 - PreSonus Audio Electronics) PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.) Puzzle Express (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}) (Version: - Oberon Media) Puzzle Kingdoms (x32 Version: 2.2.0.95 - WildTangent) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd) Sacra Terra: Kiss of Death Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.21.0.204 - Client Connect LTD) <==== ATTENTION Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Sparkle (x32 Version: 2.2.0.98 - WildTangent) Hidden Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden SpeedGrade CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden SpiteNET: Spite and Malice Multiplayer Edition v.9.2.1 (HKLM-x32\...\ST6UNST #1) (Version: - ) Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) StudioTax 2008 (HKLM\...\{B87ED12E-A95F-45AC-89E7-02CFD5BD2353}) (Version: 4.0.3.6 - BHOK It Consulting) StudioTax 2012 (HKLM-x32\...\{73C5CC89-3567-4B27-A7A0-28267FA7E037}) (Version: 8.0.4.0 - BHOK IT Consulting) Super Collapse! (HKLM-x32\...\{A301896D-9F55-4492-B518-30EAC4C723E1}) (Version: - ) Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) The Book of Desires (x32 Version: 3.0.2.38 - WildTangent) Hidden The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden The Game of Life® (x32 Version: 3.0.2.32 - WildTangent) Hidden The Lost Kingdom Prophecy (x32 Version: 2.2.0.95 - WildTangent) Hidden The Mirror Mysteries: Forgotten Kingdoms (x32 Version: 3.0.2.48 - WildTangent) Hidden The Treasures of Montezuma 4 (x32 Version: 3.0.2.51 - WildTangent) Hidden TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VisualBee V.3 Toolbar for IE (HKLM-x32\...\IECT3287802) (Version: 6.17.2.8 - VisualBee V.3) <==== ATTENTION VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.) WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft) Webshots Desktop (HKLM-x32\...\Webshots Desktop) (Version: - ) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 11-04-2015 12:46:04 Windows Update 20-04-2015 03:00:56 Windows Update 20-04-2015 08:15:51 WD SmartWare Installer 23-04-2015 04:06:08 Windows Update 23-04-2015 12:27:08 AA11 23-04-2015 12:40:27 AA11 23-04-2015 13:21:33 AA11 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {071F6DD1-4EDE-44FA-8748-6E09DD5E9345} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {1AB8C2D6-AC4D-4896-ABF3-4B0311915127} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {1F34118D-D241-4814-ABA8-E694D0968D06} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {20D30041-C501-4A80-8249-53EC47FDDFF7} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Dorothy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION Task: {227B9098-AA08-46CE-90D4-D4B2CA0B5761} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {244F45B5-3D93-4698-A7FC-67F5DDAFF5FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3FBE4538-0868-4FBA-AF73-6BBA96AF945D} - System32\Tasks\Anti Virus Updater Schedualer => C:\Program Files (x86)\Anti Virus Updater\Anti VirusUpdater.exe [2015-04-08] (Secure Updater) Task: {4E43AC81-4888-4191-BAA7-41EDB2780D60} - System32\Tasks\HPCeeScheduleForDorothy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {506AAA89-B8AF-445B-A06F-F3D91F553BFC} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-08-20] () Task: {52A340A7-E925-4C1C-940C-F3BE131D820A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {61E2B452-7FB5-489B-8133-5B7C279CF9FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {636C1F8F-6D38-47EF-A8DB-79E26B579FD1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {6A15E9B3-C74A-4692-8F6E-77D87ADEDC02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {6AAF245A-CA3E-47A7-A275-52340F196D02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated) Task: {72686360-E05A-4F06-82D1-E37A33A2E617} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.) Task: {728F3405-6CA9-4CB6-800F-06CDE812A76C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B} - System32\Tasks\IT Viewer Schedualer => C:\Program Files (x86)\IT Viewer\astask.exe [2015-03-17] (Jelbrus) Task: {76B7F9FB-95A4-4C21-9F23-D1258F3DB3A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {884141AE-1614-4696-A4B6-AC8100EE10E4} - System32\Tasks\{089D7A13-5913-4685-A216-076935143215} => pcalua.exe -a "C:\Users\Dorothy\zips\Soundbooth CS5\English\Installer\Adobe Soundbooth CS5 x64.exe" -d "C:\Users\Dorothy\zips\Soundbooth CS5\English\Installer" Task: {95B2E5D3-CACA-480E-B873-97273738E9E6} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-03-17] () <==== ATTENTION Task: {9765BC5E-9920-42C5-8E51-237CE828AA29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {9F8373F8-062D-4F3B-94BD-F570DF5C1170} - System32\Tasks\AdobeAAMUpdater-1.0-Dorothy-HP-Dorothy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated) Task: {9FA72641-E704-42A8-9328-68D1E044DD7C} - System32\Tasks\Western Digital\SmartWare\____Volume_8157bec3_8288_11e1_bf13_806e6f6e6963______Volume_4944edd4_d0b1_11e4_93ef_9cb70d9c1aa2__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-02-12] (Western Digital Technologies, Inc.) Task: {A3B3047C-3F49-42C6-97FD-D3177FB067DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {AF561A14-5B47-4C5E-8481-1D60949F8140} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {B8644F9B-493E-4BE2-B495-90752EFE23B2} - System32\Tasks\Malware Cleaner => C:\Users\Dorothy\AppData\Roaming\C281.tmp.exe <==== ATTENTION Task: {BDF69852-547F-4ABA-9855-62FB9C0B832B} - System32\Tasks\VisualBeeRecovery => C:\Users\Dorothy\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe <==== ATTENTION Task: {BE711AAA-ACDC-45C3-ACF9-5F799614BE3C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {DC6003F1-A5AF-4818-8123-C8E0F36AAEE2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe Task: {DF7998FF-AD35-4067-A644-EEF706AEE556} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {EB80503C-2907-4771-A421-F55D87B1FBAF} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31] (Hewlett-Packard Co.) Task: {F0670C58-766D-4211-8A4C-15496306C524} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {F64772EB-2CDA-4987-8BC1-9DC69FB223D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core.job => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA.job => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe Task: C:\Windows\Tasks\HPCeeScheduleForDorothy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-01-11 16:29 - 2013-01-11 16:29 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe 2014-01-11 18:40 - 2012-10-09 13:02 - 07591424 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe 2015-03-18 09:24 - 2015-03-18 09:24 - 00840206 _____ () C:\Users\Dorothy\AppData\Roaming\NetMon\netmon.exe 2012-09-04 12:44 - 2012-09-04 12:44 - 00987136 _____ () C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe 2011-09-08 16:53 - 2011-09-08 16:53 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-08-02 15:41 - 2011-08-02 15:41 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe 2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe 2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll 2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe 2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll 2015-04-23 12:41 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll 2015-04-23 12:42 - 2015-04-23 12:42 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl 2015-04-23 12:42 - 2015-04-23 12:42 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl 2015-04-23 12:42 - 2015-04-23 12:42 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl 2015-04-23 12:42 - 2015-04-23 12:42 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-17 09:22 - 2015-03-17 09:23 - 00086528 _____ () C:\Program Files (x86)\IT Viewer\mgwz.dll 2014-01-11 18:40 - 2012-05-22 13:07 - 00176128 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll 2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll 2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll 2015-03-12 11:57 - 2015-03-12 11:57 - 00039256 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2015-04-19 12:32 - 2015-04-13 17:55 - 01252680 _____ () C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\42.0.2311.90\libglesv2.dll 2015-04-19 12:32 - 2015-04-13 17:55 - 00080712 _____ () C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\42.0.2311.90\libegl.dll 2015-04-19 12:32 - 2015-04-13 17:55 - 14980424 _____ () C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft:9e5DkIG22H43bOvawKEyABE6Sdt AlternateDataStreams: C:\ProgramData\Microsoft:j1v4uj4DYBR29ESodEPAsF AlternateDataStreams: C:\ProgramData\Temp:A907E812 AlternateDataStreams: C:\Users\Dorothy\Local Settings:8ArrrLwqF1aHgcG4KRe AlternateDataStreams: C:\Users\Dorothy\Local Settings:eahIT9zHNBFIX68yejqM6kRQ AlternateDataStreams: C:\Users\Dorothy\AppData\Local:8ArrrLwqF1aHgcG4KRe AlternateDataStreams: C:\Users\Dorothy\AppData\Local:eahIT9zHNBFIX68yejqM6kRQ AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:8ArrrLwqF1aHgcG4KRe AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:eahIT9zHNBFIX68yejqM6kRQ ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 208.67.222.222 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-2253929276-2761414899-1364960208-500 - Administrator - Disabled) Dorothy (S-1-5-21-2253929276-2761414899-1364960208-1000 - Administrator - Enabled) => C:\Users\Dorothy Guest (S-1-5-21-2253929276-2761414899-1364960208-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2253929276-2761414899-1364960208-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/23/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0x2d6c Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 Error: (04/22/2015 11:03:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883401: Failed to uninstall device with serial number: CN26J3514805PX. Error: (04/22/2015 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883393: Failed to uninstall device with serial number: CN26J3514805PX. Error: (04/22/2015 11:03:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Photosmart 7510 series' device to complete the uninstallation. Error: (04/22/2015 09:24:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0x2700 Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 Error: (04/21/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0x2494 Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 Error: (04/20/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0xe3c Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 Error: (04/19/2015 00:55:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (04/19/2015 00:17:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23 Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877 Exception code: 0xc0000005 Fault offset: 0x000010ad Faulting process id: 0x1dec Faulting application start time: 0xgpup.exe0 Faulting application path: gpup.exe1 Faulting module path: gpup.exe2 Report Id: gpup.exe3 Error: (04/11/2015 04:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OUTLOOK.EXE version 14.0.7143.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2aa0 Start Time: 01d06da3824ec760 Termination Time: 3479 Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Report Id: 4473201a-e088-11e4-93ef-9cb70d9c1aa2 System errors: ============= Error: (04/23/2015 01:21:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (04/23/2015 01:21:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Search Protect Service service failed to start due to the following error: %%2 Error: (04/23/2015 01:19:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WD Backup service failed to start due to the following error: %%1053 Error: (04/23/2015 01:19:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the WD Backup service to connect. Error: (04/23/2015 01:18:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/23/2015 01:18:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the IE Search Set service to connect. Error: (04/23/2015 00:32:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%2 Error: (04/23/2015 00:32:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Search Protect Service service failed to start due to the following error: %%2 Error: (04/23/2015 00:31:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (04/23/2015 00:28:52 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {51FA2736-5DEE-11D4-98E8-006008BF430C} Microsoft Office Sessions: ========================= Error: (04/23/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad2d6c01d07dc886348ca8C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll0cb71627-e9bc-11e4-8c58-9cb70d9c1aa2 Error: (04/22/2015 11:03:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883401: Failed to uninstall device with serial number: CN26J3514805PX.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/22/2015 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883393: Failed to uninstall device with serial number: CN26J3514805PX.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/22/2015 11:03:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP) Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Photosmart 7510 series' device to complete the uninstallation.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (04/22/2015 09:24:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad270001d07cff5bce08efC:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dlle2ca5816-e8f2-11e4-8c58-9cb70d9c1aa2 Error: (04/21/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad249401d07c36316dc6ddC:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dllb7d092e5-e829-11e4-8c58-9cb70d9c1aa2 Error: (04/20/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ade3c01d07b6d06dcf1a8C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll8dc521c8-e760-11e4-8c58-9cb70d9c1aa2 Error: (04/19/2015 00:55:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (04/19/2015 00:17:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad1dec01d07abbc2b2efb1C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll9a5a5835-e6af-11e4-a5f9-9cb70d9c1aa2 Error: (04/11/2015 04:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OUTLOOK.EXE14.0.7143.50002aa001d06da3824ec7603479C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE4473201a-e088-11e4-93ef-9cb70d9c1aa2 CodeIntegrity Errors: =================================== Date: 2012-12-19 22:10:10.665 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-19 22:09:28.098 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-19 22:01:41.728 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-19 22:01:03.699 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. Date: 2012-12-19 22:00:29.888 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A8-3820 APU with Radeon HD Graphics Percentage of memory in use: 38% Total physical RAM: 7666.85 MB Available physical RAM: 4679.86 MB Total Pagefile: 15331.89 MB Available Pagefile: 11733.57 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1380.36 GB) (Free:919.45 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:16.8 GB) (Free:2.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive j: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1532.83 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B77F4ACF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1380.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 60D76091) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  6. Hi Cecilia, Thanks for the clarification of malware vs adware. I reviewed the 'read before posting' and realized I missed step 2. So I have now downloaded and run FRST, and I have the two files requested. I can't see how to attach to this reply (I'm sure it's very easy, but I can't find the right button) so I'll create a fresh post.
  7. Ad-Aware 11 is scanning my system daily and doesn't pick up this malware that is basically crippling my web browser(s) I've tried both Chrome and IE - they're both affected. I get multiple ad windows inserting themselves into the page (with a caption of "Ad by Provider"), as well as so-called 'corruption alerts' asking me to download a fix, and finally multiple words will be hyperlinked to various websites. I've attached a screen capture of the Lavasoft website, showing the various annoying malware ads. This is what I bought Ad-Aware for, but it's not even seeing the problem. How can I get rid of this stuff? Thanks, Dorothy