zubbs1

Members
  • Content Count

    61
  • Joined

  • Last visited

Community Reputation

0 Neutral

About zubbs1

  • Rank
    Advanced Member

Profile Information

  • Location
    Missouri
  1. Ok, all cleaned up. Thank you for all your help!
  2. Ok all traces seem gone. After 24 hours, no new appdata/temp folders and files have shown up and grown out of control like before. I think I'm ready to wrap this up. cheers.
  3. Ok, I've updated Adobe and removed gbot and java. Here is the fixlog: Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015 Ran by Kathy at 2015-05-25 19:43:02 Run:2 Running from C:\Users\Kathy\Desktop\FRST Scans Loaded Profiles: Kathy (Available Profiles: Kathy) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [] => [X] ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851; SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S0 qtbc; System32\drivers\qfqy.sys [X] Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72 AlternateDataStreams: C:\ProgramData\TEMP:80FE037D C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100 Reboot: ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully qtbc => Service Removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\GB Update => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A13D603-C742-4E01-A8EA-2419CD937CC8}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A13D603-C742-4E01-A8EA-2419CD937CC8}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6}" => key Removed successfully C:\Windows\System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11FA020E-124B-45F1-8829-AB0F8DF38F9B}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF4BF964-9276-44F1-A1F8-FD6679D38853}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF4BF964-9276-44F1-A1F8-FD6679D38853}" => key Removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key Removed successfully C:\ProgramData\TEMP => ":2CB9631F" ADS Removed successfully. C:\ProgramData\TEMP => ":78E0DF72" ADS Removed successfully. C:\ProgramData\TEMP => ":80FE037D" ADS Removed successfully. "C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100" => File/Folder not found. The system needed a reboot. ==== End of Fixlog 19:43:21 ==== Cheers.
  4. Secunia produced the same error after following all the steps from your post. Ad Aware found no threats after a full scan after adw cleaner. ADW CLEANER: # AdwCleaner v4.205 - Logfile created 25/05/2015 at 10:55:04 # Updated 21/05/2015 by Xplode # Database : 2015-05-25.1 [server] # Operating system : Windows 7 Ultimate Service Pack 1 (x64) # Username : Kathy - QUICKSILVER # Running from : C:\Users\Kathy\Desktop\FRST Scans\adwcleaner_4.205.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Trymedia File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default\user.js ***** [ Scheduled tasks ] ***** Task Deleted : GB Runner ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4} Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\CommunityCrawlingService Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\Trymedia Systems Key Deleted : HKLM\SOFTWARE\CommunityCrawlingService Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49851;hxxps=127.0.0.1:49851; Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1 Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.7601.18715 -\\ Mozilla Firefox v38.0.1 (x86 en-US) -\\ Chromium v [C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [4425 bytes] - [24/05/2015 20:43:13] AdwCleaner[R1].txt - [4484 bytes] - [25/05/2015 10:53:48] AdwCleaner[s0].txt - [4005 bytes] - [25/05/2015 10:55:04] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4064 bytes] ########## FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01 Ran by Kathy (administrator) on QUICKSILVER on 25-05-2015 12:24:48 Running from C:\Users\Kathy\Desktop\FRST Scans Loaded Profiles: Kathy (Available Profiles: Kathy) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe () C:\Program Files\pia_manager\pia_manager.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\bin\rubyw.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\Program Files\pia_manager\pia_manager.exe (http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\bin\rubyw.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe () C:\Program Files\pia_manager\pia_tray\pia_tray.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktop.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] () HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.) HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-03] (Seagate Technology LLC) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-03] (Seagate Technology LLC) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-12] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-05-24] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851; HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-08] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default FF DefaultSearchEngine.US: Google FF Homepage: google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] () R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-03] (Seagate Technology LLC) R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-03] (Seagate Technology LLC) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender) R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3401944 2014-04-01] (Realtek Semiconductor Corporation ) R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.) S0 qtbc; System32\drivers\qfqy.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-24 20:42 - 2015-05-25 10:55 - 00000000 ____D () C:\AdwCleaner 2015-05-24 20:13 - 2015-05-24 20:13 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2015-05-24 20:13 - 2015-05-24 20:13 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Secunia PSI 2015-05-24 20:13 - 2015-05-24 20:13 - 00000000 ____D () C:\Program Files (x86)\Secunia 2015-05-24 19:03 - 2015-05-25 12:24 - 00000000 ____D () C:\FRST 2015-05-24 19:01 - 2015-05-24 20:37 - 00000000 ____D () C:\Users\Kathy\Desktop\FRST Scans 2015-05-24 13:29 - 2015-05-24 13:29 - 00000000 ____D () C:\ProgramData\BitDefender 2015-05-24 13:20 - 2015-05-24 13:20 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\LavasoftStatistics 2015-05-24 13:20 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll 2015-05-24 13:20 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll 2015-05-24 13:19 - 2015-05-25 10:59 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-05-24 13:19 - 2015-05-24 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-05-24 13:18 - 2015-05-24 13:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2015-05-24 13:15 - 2015-05-24 13:15 - 00000000 ____D () C:\Program Files\Lavasoft 2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Lavasoft 2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2015-05-24 13:11 - 2015-05-24 13:11 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-05-23 10:59 - 2015-05-23 10:59 - 00001035 _____ () C:\Users\Kathy\Desktop\WinDirStat.lnk 2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat 2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat 2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Program Files (x86)\WinDirStat 2015-05-11 14:29 - 2015-05-20 14:21 - 00045568 ____H () C:\Users\Kathy\Documents\~WRL3588.tmp 2015-05-11 14:29 - 2015-05-19 15:10 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0005.tmp 2015-05-11 14:29 - 2015-05-18 22:12 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0004.tmp 2015-05-11 14:29 - 2015-05-18 22:11 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL2470.tmp 2015-05-11 14:29 - 2015-05-11 14:46 - 00044544 ____H () C:\Users\Kathy\Documents\~WRL3630.tmp 2015-05-10 15:48 - 2015-05-10 15:48 - 00003516 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch 2015-05-10 15:48 - 2015-05-10 15:48 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Nero 2015-05-10 15:47 - 2015-05-10 15:47 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk 2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Nero 2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard 2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\Program Files (x86)\Seagate 2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Seagate 2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies 2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Leadertech 2015-05-09 14:58 - 2015-05-09 14:58 - 00051305 _____ () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive.htm 2015-05-09 14:58 - 2015-05-09 14:58 - 00045620 _____ () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive.htm 2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive_files 2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive_files ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-25 12:01 - 2014-11-08 21:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-25 11:16 - 2014-11-08 18:59 - 02051719 _____ () C:\Windows\WindowsUpdate.log 2015-05-25 11:12 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-25 11:12 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-25 11:02 - 2009-07-14 00:13 - 00006170 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-25 10:56 - 2015-03-01 14:56 - 00005855 _____ () C:\Windows\setupact.log 2015-05-25 10:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-24 20:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-05-24 13:47 - 2015-03-29 18:23 - 00053202 _____ () C:\Windows\PFRO.log 2015-05-24 13:02 - 2014-11-09 16:52 - 00000000 ____D () C:\Users\Kathy\Documents\First Steps 2015-05-23 21:35 - 2014-12-15 09:50 - 00000000 ____D () C:\Users\Kathy\Desktop\Windows Loader v2.2.2 2015-05-23 21:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources 2015-05-23 11:33 - 2014-11-09 16:47 - 00000000 ____D () C:\Users\Kathy\Documents\calendars 2015-05-23 10:29 - 2015-02-28 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-23 09:08 - 2015-01-12 21:32 - 00012950 ____H () C:\Users\Kathy\Documents\~WRL3697.tmp 2015-05-21 06:46 - 2015-04-21 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-21 06:46 - 2014-11-08 21:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-12 18:35 - 2015-01-13 19:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-10 15:48 - 2014-11-08 17:04 - 00000000 ____D () C:\Users\Kathy 2015-05-10 15:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-05-08 17:57 - 2009-07-14 00:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2015-03-01 14:49 - 2015-03-01 14:49 - 0000017 _____ () C:\Users\Kathy\AppData\Local\resmon.resmoncfg 2014-11-12 11:03 - 2014-11-12 11:03 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\Kathy\AppData\Local\Temp\Quarantine.exe C:\Users\Kathy\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 17:38 ==================== End of log ============================ FRST Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01 Ran by Kathy at 2015-05-25 12:26:28 Running from C:\Users\Kathy\Desktop\FRST Scans Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2506747023-1352019474-4072486413-500 - Administrator - Disabled) Guest (S-1-5-21-2506747023-1352019474-4072486413-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2506747023-1352019474-4072486413-1002 - Limited - Enabled) Kathy (S-1-5-21-2506747023-1352019474-4072486413-1000 - Administrator - Enabled) => C:\Users\Kathy ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft) AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - ) CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.) gBot (HKLM-x32\...\407308A3-D7DA-A7A5-C900-000000B100) (Version: 107.0.0.454 - gBot team) HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company) HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard) HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Inspector Parker (HKLM-x32\...\BFG-Inspector Parker) (Version: - ) Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla) Mystery Case Files: Prime Suspects ™ (HKLM-x32\...\BFG-Mystery Case Files - Prime Suspects) (Version: - ) Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.) OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd) Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.30.0239 - ) Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.19.0 - Seagate) Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia) Super Mahjong (HKLM-x32\...\e7ae5e74e555b485845f9811708aa158) (Version: - GameHouse) Tixati (HKLM-x32\...\tixati) (Version: - ) WinDirStat 1.1.2 (HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\WinDirStat) (Version: - ) WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 24-05-2015 13:11:36 AA11 24-05-2015 20:31:01 Restore Point Created by FRST ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B4DF142-C1DF-426D-A59F-179B3B86F448} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated) Task: {1473CC2A-B67D-4812-B3E3-FEA809260A97} - System32\Tasks\ScanToPCActivationApp.exe_{B0C2E6BD-C1A6-49E6-A0CC-74081F080AFF} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.) Task: {227ABE67-3CE1-4D77-A7C5-85899ED5B238} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd) Task: {31F80569-458F-4A2A-954A-CAFE4FE849AB} - System32\Tasks\{DF5E0E28-42F3-4954-829F-6BB9FF8E6E7E} => pcalua.exe -a C:\Users\Kathy\Downloads\Install-winMd5Sum.exe -d C:\Users\Kathy\Downloads Task: {4A9CF1BC-EC6A-496C-AA8F-64588807975A} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-03] (Seagate Technology LLC) Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION Task: {8E728DAD-FCF3-4BCD-B218-CFCD47442B89} - System32\Tasks\{D9065875-F2C5-4397-A201-02682A0A1EE3} => pcalua.exe -a E:\sp48482.exe -d E:\ Task: {8E7CA9EB-8A00-4D97-BE28-48DE710191D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {910840FB-36F9-4ACC-B238-CE9F37633707} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-02-24] () Task: {972B388A-3F17-43C3-BF4A-ECB145C54E42} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Kathy) => C:\Users\Kathy\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2015-05-10] (Leader Technologies/Seagate) Task: {B0379419-4F21-4A1C-AB2B-E949E267A6FB} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2015-02-24 13:11 - 2015-02-24 13:11 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe 2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll 2015-05-24 13:29 - 2015-05-24 13:29 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl 2015-05-24 13:29 - 2015-05-24 13:29 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl 2015-05-24 13:29 - 2015-05-24 13:29 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl 2015-05-24 13:29 - 2015-05-24 13:29 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl 2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe 2015-03-10 18:50 - 2015-03-10 18:50 - 17104376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktop.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00456224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_program_options-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 07331856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktopDefaultSkin.dll 2015-05-25 10:56 - 2015-05-25 10:56 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\src\rgloader\rgloader193.mswin.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\bin\libffi-6.dll 2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll 2015-05-25 10:56 - 2015-05-25 10:56 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\src\rgloader\rgloader193.mswin.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00118784 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00069120 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00083968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\bin\zlib1.dll 2015-05-25 10:56 - 2015-05-25 10:56 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00275968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00015360 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00008192 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00023552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00036352 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\bin\libffi-6.dll 2015-05-25 10:56 - 2015-05-25 10:56 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2015-05-25 10:56 - 2015-05-25 10:56 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2015-02-24 13:11 - 2015-02-24 13:11 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72 AlternateDataStreams: C:\ProgramData\TEMP:80FE037D ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B85C99DF-9DF1-4912-A476-DBA4D9574C00}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe FirewallRules: [{C780F957-B6C3-4FE6-85BD-4B794F110D33}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{6EBF6E00-4899-441C-966A-5799CDE6393E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{6D931486-EACD-41E3-B260-7D975C177D89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{113CC051-69BC-4130-AD11-131C8F8B3DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{53440948-0468-4E5F-A280-425637353164}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{A4A4E9F1-EA2C-4AAB-85FF-5B480CDFFE0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{BE4F7C7B-D685-4CC4-A40E-0F33EBE30F24}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe FirewallRules: [uDP Query User{98255DD5-EB27-4EEE-ADB4-6EEF79ADC795}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe FirewallRules: [{CA2DBDAB-1987-41A9-B259-6947D7B9C251}] => (Allow) LPort=8888 FirewallRules: [{3504F4C9-79D9-480B-B419-5E8796EA1C3A}] => (Allow) LPort=8888 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/25/2015 00:30:47 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/24/2015 08:31:01 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {e366bbb1-6e5f-404d-bece-9cd1b0648957} Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. System errors: ============= Error: (05/25/2015 11:04:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (05/25/2015 10:59:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom qtbc Error: (05/25/2015 10:56:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\Rtlihvs.dll Error: (05/25/2015 10:56:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\Rtlihvs.dll Error: (05/25/2015 10:56:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Print Spooler service failed to start due to the following error: %%1069 Error: (05/25/2015 10:56:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (05/25/2015 10:55:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY) Description: WLAN Extensibility Module has stopped unexpectedly. Module Path: C:\Windows\system32\Rtlihvs.dll Error: (05/25/2015 10:55:36 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (05/25/2015 10:55:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/25/2015 10:55:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s). Microsoft Office: ========================= Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/25/2015 00:30:47 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/24/2015 08:31:01 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {e366bbb1-6e5f-404d-bece-9cd1b0648957} Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 ==================== Memory info =========================== Processor: Intel® Core i5-4210U CPU @ 1.70GHz Percentage of memory in use: 36% Total physical RAM: 8126.3 MB Available physical RAM: 5138.71 MB Total Pagefile: 16250.78 MB Available Pagefile: 13845.16 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.54 GB) (Free:582.48 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6484D2A8) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS) ==================== End of log ============================ ESET: C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\gbRunner.exe a variant of Win32/GigaClicks.AK potentially unwanted application C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\uninstall.exe a variant of Win32/GigaClicks.AK potentially unwanted application C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmdProc.dll a variant of Win32/GigaClicks.AK potentially unwanted application C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmlProc.dll a variant of Win32/GigaClicks.AJ potentially unwanted application C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmnUtls.dll a variant of Win32/GigaClicks.AK potentially unwanted application C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\InSes.dll a variant of Win32/GigaClicks.AJ potentially unwanted application C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\ManXec.dll a variant of Win32/GigaClicks.AK potentially unwanted application C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\PrfIns.dll a variant of Win32/GigaClicks.AK potentially unwanted application C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\WblSupp.dll a variant of Win32/GigaClicks.AK potentially unwanted application C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application Cheers.
  5. Secunia gives me an error message 'unable to retrieve PSI user ID from secunia. Please verify that you can connect to https://psi3.secunia.com/ then restart the PSI. I can load the stated webpage, so I don't know what is going on? Logfiles: Adw Cleaner: # AdwCleaner v4.205 - Logfile created 24/05/2015 at 20:43:13 # Updated 21/05/2015 by Xplode # Database : 2015-05-24.1 [server] # Operating system : Windows 7 Ultimate Service Pack 1 (x64) # Username : Kathy - QUICKSILVER # Running from : C:\Users\Kathy\Desktop\FRST Scans\adwcleaner_4.205.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default\user.js Folder Found : C:\ProgramData\Trymedia ***** [ Scheduled tasks ] ***** Task Found : GB Runner ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1 Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback> Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49851;hxxps=127.0.0.1:49851; Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\adawarebp Key Found : HKCU\Software\CommunityCrawlingService Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4} Key Found : HKCU\Software\Optimizer Pro Key Found : [x64] HKCU\Software\CommunityCrawlingService Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4} Key Found : [x64] HKCU\Software\Optimizer Pro Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Key Found : HKLM\SOFTWARE\CommunityCrawlingService Key Found : HKLM\SOFTWARE\Trymedia Systems Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD} Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings] Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [savedLegacySettings] ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.7601.18715 -\\ Mozilla Firefox v38.0.1 (x86 en-US) -\\ Chromium v [C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [4239 bytes] - [24/05/2015 20:43:13] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4298 bytes] ########## FIXLOG: Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01 Ran by Kathy at 2015-05-24 20:31:00 Run:1 Running from C:\Users\Kathy\Desktop\FRST Scans Loaded Profiles: Kathy (Available Profiles: Kathy) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851; CMD: ipconfig /flushdns EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 904.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 20:37:34 ==== cheers.
  6. This is on my wife's laptop. She complained to me that windows notified her she had no space left on her hard drive. I determined 99% of the drive usage is in the folder C:\Users\userrname\AppData\Local\Temp. There are 4 or so folders with names such as: {A3B41320-7BC9-4AFC-8105-23F8D94A815D} These folders accumulate thousands of files in short order. I've never seen an infection like this before. She ran a full scan with ad-aware which found 72 infections with some kind of 'trojan' type name. She had ad-aware quarantine/remove them. Below is the two request FRST files: FRST: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01 Ran by Kathy (administrator) on QUICKSILVER on 24-05-2015 19:03:27 Running from C:\Users\Kathy\Desktop\FRST Scans Loaded Profiles: Kathy (Available Profiles: Kathy) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files\pia_manager\pia_manager.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\bin\rubyw.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe () C:\Program Files\pia_manager\pia_manager.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\bin\rubyw.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe () C:\Program Files\pia_manager\pia_tray\pia_tray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\gbRunner.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe (The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe (The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe (The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe (The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe (The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe (The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] () HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.) HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-03] (Seagate Technology LLC) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-03] (Seagate Technology LLC) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-12] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851; HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_otbrw1_15_03&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzzzz0C0EtAyDyD0B0B0FtN0D0Tzu0StCtCtDzztN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0BtD0EtAzytB0CtG0F0CyDtAtG0CzztB0EtG0F0D0DtDtGyEzyyEzyyDtAtB0AyD0DyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyB0DyBzz0E0A0FtG0A0CtAzytGyEyDtDtCtG0AyEyBtCtGyBtDtCyDyC0EtBtAyE0ByEtB2Q&cr=47222716&ir= SearchScopes: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D121514-AB747CC590BEC44CD91F&form=CONBDF&conlogo=CT3330962&q={searchTerms} SearchScopes: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_otbrw1_15_03&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzzzz0C0EtAyDyD0B0B0FtN0D0Tzu0StCtCtDzztN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0BtD0EtAzytB0CtG0F0CyDtAtG0CzztB0EtG0F0D0DtDtGyEzyyEzyyDtAtB0AyD0DyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyB0DyBzz0E0A0FtG0A0CtAzytGyEyDtDtCtG0AyEyBtCtGyBtDtCyDyC0EtBtAyE0ByEtB2Q&cr=47222716&ir= BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-08] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default FF DefaultSearchEngine.US: Google FF Homepage: google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default\user.js [2015-01-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation) S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] () R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-03] (Seagate Technology LLC) S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-03] (Seagate Technology LLC) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender) R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender) S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender) R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3401944 2014-04-01] (Realtek Semiconductor Corporation ) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.) S0 qtbc; System32\drivers\qfqy.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-24 19:03 - 2015-05-24 19:03 - 00000000 ____D () C:\FRST 2015-05-24 19:01 - 2015-05-24 19:03 - 00000000 ____D () C:\Users\Kathy\Desktop\FRST Scans 2015-05-24 13:29 - 2015-05-24 13:29 - 00000000 ____D () C:\ProgramData\BitDefender 2015-05-24 13:20 - 2015-05-24 13:20 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\LavasoftStatistics 2015-05-24 13:20 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll 2015-05-24 13:20 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll 2015-05-24 13:20 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll 2015-05-24 13:19 - 2015-05-24 17:57 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2015-05-24 13:19 - 2015-05-24 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2015-05-24 13:18 - 2015-05-24 13:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2015-05-24 13:15 - 2015-05-24 13:15 - 00000000 ____D () C:\Program Files\Lavasoft 2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Lavasoft 2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2015-05-24 13:11 - 2015-05-24 13:11 - 00000000 ____D () C:\ProgramData\Lavasoft 2015-05-24 13:10 - 2015-05-24 13:11 - 02057008 _____ () C:\Users\Kathy\Downloads\Adaware_Installer.exe 2015-05-23 21:15 - 2015-05-23 21:22 - 102388176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 23901.crdownload 2015-05-23 19:52 - 2015-05-23 19:53 - 00437613 _____ () C:\Users\Kathy\Downloads\Unconfirmed 458633.crdownload 2015-05-23 19:51 - 2015-05-23 19:53 - 00646405 _____ () C:\Users\Kathy\Downloads\Unconfirmed 716245.crdownload 2015-05-23 19:47 - 2015-05-23 19:47 - 00837208 _____ () C:\Users\Kathy\Downloads\Unconfirmed 137565.crdownload 2015-05-23 19:46 - 2015-05-23 19:46 - 00837208 _____ () C:\Users\Kathy\Downloads\Unconfirmed 289051.crdownload 2015-05-23 10:59 - 2015-05-23 10:59 - 00001035 _____ () C:\Users\Kathy\Desktop\WinDirStat.lnk 2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat 2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat 2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Program Files (x86)\WinDirStat 2015-05-23 10:58 - 2015-05-23 10:58 - 00645729 _____ (WDS Team) C:\Users\Kathy\Downloads\windirstat1_1_2_setup.exe 2015-05-23 06:18 - 2015-05-23 06:18 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 736422.crdownload 2015-05-23 06:17 - 2015-05-23 06:17 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 983238.crdownload 2015-05-23 06:17 - 2015-05-23 06:17 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 833529.crdownload 2015-05-23 06:17 - 2015-05-23 06:17 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 49507.crdownload 2015-05-23 06:16 - 2015-05-23 06:16 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 919820.crdownload 2015-05-23 06:16 - 2015-05-23 06:16 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 834975.crdownload 2015-05-23 06:15 - 2015-05-23 06:15 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 568954.crdownload 2015-05-23 06:14 - 2015-05-23 06:15 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 140786.crdownload 2015-05-23 06:14 - 2015-05-23 06:14 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 85369.crdownload 2015-05-23 06:13 - 2015-05-23 06:14 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 503.crdownload 2015-05-23 06:13 - 2015-05-23 06:13 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 117691.crdownload 2015-05-23 06:11 - 2015-05-23 06:11 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 256381.crdownload 2015-05-22 18:58 - 2015-05-22 18:58 - 00464037 _____ () C:\Users\Kathy\Downloads\Unconfirmed 855396.crdownload 2015-05-22 18:57 - 2015-05-22 18:57 - 00836872 _____ () C:\Users\Kathy\Downloads\Unconfirmed 100744.crdownload 2015-05-22 18:55 - 2015-05-22 18:55 - 00836872 _____ () C:\Users\Kathy\Downloads\Unconfirmed 176972.crdownload 2015-05-22 16:10 - 2015-05-22 16:10 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 843282.crdownload 2015-05-22 16:09 - 2015-05-22 16:10 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 514212.crdownload 2015-05-22 16:09 - 2015-05-22 16:09 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 262951.crdownload 2015-05-22 16:08 - 2015-05-22 16:08 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 21357.crdownload 2015-05-22 16:07 - 2015-05-22 16:08 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 555851.crdownload 2015-05-22 16:07 - 2015-05-22 16:07 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 885045.crdownload 2015-05-22 16:07 - 2015-05-22 16:07 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 46159.crdownload 2015-05-22 16:06 - 2015-05-22 16:06 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 820321.crdownload 2015-05-22 16:06 - 2015-05-22 16:06 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 747033.crdownload 2015-05-22 16:05 - 2015-05-22 16:05 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 549967.crdownload 2015-05-22 16:05 - 2015-05-22 16:05 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 102181.crdownload 2015-05-22 16:04 - 2015-05-22 16:04 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 373157.crdownload 2015-05-22 16:04 - 2015-05-22 16:04 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 254604.crdownload 2015-05-22 16:03 - 2015-05-22 16:03 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 448805.crdownload 2015-05-22 12:28 - 2015-05-22 12:28 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 592369.crdownload 2015-05-22 12:27 - 2015-05-22 12:27 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 700460.crdownload 2015-05-22 12:26 - 2015-05-22 12:26 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 874815.crdownload 2015-05-22 12:26 - 2015-05-22 12:26 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 697575.crdownload 2015-05-22 12:25 - 2015-05-22 12:25 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 761215.crdownload 2015-05-22 12:24 - 2015-05-22 12:24 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 384925.crdownload 2015-05-22 03:40 - 2015-05-22 03:40 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 507610.crdownload 2015-05-22 03:37 - 2015-05-22 03:37 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 233471.crdownload 2015-05-22 03:36 - 2015-05-22 03:36 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 898184.crdownload 2015-05-22 03:36 - 2015-05-22 03:36 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 892163.crdownload 2015-05-22 03:34 - 2015-05-22 03:34 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 981364.crdownload 2015-05-22 03:32 - 2015-05-22 03:32 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 546907.crdownload 2015-05-21 20:06 - 2015-05-21 20:06 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 25359.crdownload 2015-05-21 20:05 - 2015-05-21 20:06 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 415897.crdownload 2015-05-21 20:05 - 2015-05-21 20:05 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 785428.crdownload 2015-05-21 20:04 - 2015-05-21 20:06 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 368213.crdownload 2015-05-21 20:04 - 2015-05-21 20:04 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 908309.crdownload 2015-05-21 20:03 - 2015-05-21 20:03 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 610889.crdownload 2015-05-21 20:03 - 2015-05-21 20:03 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 271516.crdownload 2015-05-21 20:02 - 2015-05-21 20:03 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 681136.crdownload 2015-05-21 20:02 - 2015-05-21 20:02 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 686367.crdownload 2015-05-21 20:01 - 2015-05-21 20:01 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 555435.crdownload 2015-05-21 19:59 - 2015-05-21 19:59 - 00001234 _____ () C:\Users\Kathy\Downloads\setup (2).website 2015-05-21 16:46 - 2015-05-21 16:47 - 00284809 _____ () C:\Users\Kathy\Downloads\Unconfirmed 172614.crdownload 2015-05-21 16:45 - 2015-05-21 16:46 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 505718.crdownload 2015-05-21 16:45 - 2015-05-21 16:46 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 299177.crdownload 2015-05-21 16:44 - 2015-05-21 16:45 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 91036.crdownload 2015-05-21 16:44 - 2015-05-21 16:44 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 63746.crdownload 2015-05-21 16:43 - 2015-05-21 16:43 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 940909.crdownload 2015-05-21 16:43 - 2015-05-21 16:43 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 240490.crdownload 2015-05-21 16:42 - 2015-05-21 16:42 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 267501.crdownload 2015-05-21 16:42 - 2015-05-21 16:42 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 150066.crdownload 2015-05-21 16:41 - 2015-05-21 16:41 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 969280 (1).crdownload 2015-05-21 16:41 - 2015-05-21 16:41 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 239507.crdownload 2015-05-21 16:40 - 2015-05-21 16:40 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 523097.crdownload 2015-05-21 15:26 - 2015-05-21 15:27 - 01226712 _____ () C:\Users\Kathy\Downloads\inception.1.0.3.zip 2015-05-21 14:55 - 2015-05-21 14:55 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 948107.crdownload 2015-05-21 14:54 - 2015-05-21 14:55 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 690045.crdownload 2015-05-21 14:54 - 2015-05-21 14:54 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 837449.crdownload 2015-05-21 14:53 - 2015-05-21 14:54 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 644900.crdownload 2015-05-21 14:53 - 2015-05-21 14:53 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 978122.crdownload 2015-05-21 14:52 - 2015-05-21 14:52 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 536805.crdownload 2015-05-21 14:51 - 2015-05-21 14:51 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 114546.crdownload 2015-05-21 14:50 - 2015-05-21 14:50 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 773804.crdownload 2015-05-21 14:50 - 2015-05-21 14:50 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 62956.crdownload 2015-05-21 14:50 - 2015-05-21 14:50 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 464935.crdownload 2015-05-21 04:38 - 2015-05-21 04:38 - 00035087 _____ () C:\Users\Kathy\Downloads\gpl-3.0 (1).texi 2015-05-21 03:25 - 2015-05-21 03:26 - 02802939 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 978509.crdownload 2015-05-21 03:14 - 2015-05-21 03:14 - 00892688 _____ () C:\Users\Kathy\Downloads\Unconfirmed 118879.crdownload 2015-05-21 03:13 - 2015-05-21 03:14 - 00892688 _____ () C:\Users\Kathy\Downloads\Unconfirmed 998526.crdownload 2015-05-20 14:29 - 2015-05-20 14:29 - 00918128 _____ () C:\Users\Kathy\Downloads\Unconfirmed 688340.crdownload 2015-05-20 01:52 - 2015-05-20 01:52 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 212976.crdownload 2015-05-20 00:41 - 2015-05-20 00:41 - 02903709 _____ () C:\Users\Kathy\Downloads\white-paper.1.7.zip 2015-05-20 00:40 - 2015-05-20 00:41 - 00128038 _____ () C:\Users\Kathy\Downloads\waterside.1.1.2.zip 2015-05-19 15:59 - 2015-05-19 15:59 - 00830608 _____ () C:\Users\Kathy\Downloads\Unconfirmed 676444.crdownload 2015-05-17 12:36 - 2015-05-17 12:36 - 00830640 _____ () C:\Users\Kathy\Downloads\Unconfirmed 41065.crdownload 2015-05-15 21:27 - 2015-05-15 21:27 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 492562.crdownload 2015-05-15 21:27 - 2015-05-15 21:27 - 00177571 _____ () C:\Users\Kathy\Downloads\Unconfirmed 781686.crdownload 2015-05-15 21:26 - 2015-05-15 21:26 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 314577.crdownload 2015-05-15 21:25 - 2015-05-15 21:26 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 39947.crdownload 2015-05-15 21:25 - 2015-05-15 21:25 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 817035.crdownload 2015-05-15 21:24 - 2015-05-15 21:24 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 385343.crdownload 2015-05-15 21:23 - 2015-05-15 21:24 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 273947.crdownload 2015-05-15 21:20 - 2015-05-15 21:20 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 221835.crdownload 2015-05-15 21:19 - 2015-05-15 21:20 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 374972.crdownload 2015-05-15 21:19 - 2015-05-15 21:19 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 414205.crdownload 2015-05-15 21:18 - 2015-05-15 21:18 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 782845.crdownload 2015-05-15 21:18 - 2015-05-15 21:18 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 147866.crdownload 2015-05-15 21:17 - 2015-05-15 21:17 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 286793.crdownload 2015-05-15 20:55 - 2015-05-15 20:55 - 00825208 _____ () C:\Users\Kathy\Downloads\Unconfirmed 537143.crdownload 2015-05-15 11:32 - 2015-05-15 11:33 - 00078465 _____ () C:\Users\Kathy\Downloads\3765.tmp 2015-05-15 11:31 - 2015-05-15 11:31 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 370738.crdownload 2015-05-15 11:30 - 2015-05-15 11:30 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 974581.crdownload 2015-05-15 11:30 - 2015-05-15 11:30 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 925178.crdownload 2015-05-15 11:29 - 2015-05-15 11:29 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 579337.crdownload 2015-05-15 11:28 - 2015-05-15 11:28 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 375145.crdownload 2015-05-15 11:27 - 2015-05-15 11:27 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 763134.crdownload 2015-05-15 11:27 - 2015-05-15 11:27 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 2302.crdownload 2015-05-15 11:26 - 2015-05-15 11:27 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 310611.crdownload 2015-05-15 11:26 - 2015-05-15 11:26 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 886807.crdownload 2015-05-15 11:26 - 2015-05-15 11:26 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 500215.crdownload 2015-05-15 11:22 - 2015-05-15 11:22 - 00009529 _____ () C:\Users\Kathy\Downloads\Setup (1).website 2015-05-15 11:11 - 2015-05-15 11:11 - 00009529 _____ () C:\Users\Kathy\Downloads\Setup .website 2015-05-15 08:08 - 2015-05-15 08:10 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 434117.crdownload 2015-05-14 14:57 - 2015-05-14 15:00 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 541846.crdownload 2015-05-11 14:29 - 2015-05-20 14:21 - 00045568 ____H () C:\Users\Kathy\Documents\~WRL3588.tmp 2015-05-11 14:29 - 2015-05-19 15:10 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0005.tmp 2015-05-11 14:29 - 2015-05-18 22:12 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0004.tmp 2015-05-11 14:29 - 2015-05-18 22:11 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL2470.tmp 2015-05-11 14:29 - 2015-05-11 14:46 - 00044544 ____H () C:\Users\Kathy\Documents\~WRL3630.tmp 2015-05-11 11:51 - 2015-05-11 11:52 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 43458.crdownload 2015-05-11 11:51 - 2015-05-11 11:51 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 319578.crdownload 2015-05-11 11:50 - 2015-05-11 11:51 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 697664.crdownload 2015-05-11 11:50 - 2015-05-11 11:50 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 457689.crdownload 2015-05-11 11:49 - 2015-05-11 11:49 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 76752.crdownload 2015-05-11 11:49 - 2015-05-11 11:49 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 244546.crdownload 2015-05-11 11:48 - 2015-05-11 11:48 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 383425.crdownload 2015-05-11 01:48 - 2015-05-11 01:48 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 123357.crdownload 2015-05-11 01:47 - 2015-05-11 01:47 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 585489.crdownload 2015-05-11 01:47 - 2015-05-11 01:47 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 333480.crdownload 2015-05-11 01:46 - 2015-05-11 01:46 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 900073.crdownload 2015-05-11 01:45 - 2015-05-11 01:45 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 657445.crdownload 2015-05-10 20:54 - 2015-05-10 20:54 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 589693.crdownload 2015-05-10 20:53 - 2015-05-10 20:53 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 520452.crdownload 2015-05-10 20:52 - 2015-05-10 20:53 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 87891.crdownload 2015-05-10 20:52 - 2015-05-10 20:53 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 27758.crdownload 2015-05-10 20:51 - 2015-05-10 20:51 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 931365.crdownload 2015-05-10 20:51 - 2015-05-10 20:51 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 858214.crdownload 2015-05-10 20:51 - 2015-05-10 20:51 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 477338.crdownload 2015-05-10 20:50 - 2015-05-10 20:50 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 31258.crdownload 2015-05-10 20:49 - 2015-05-10 20:49 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 67994.crdownload 2015-05-10 15:48 - 2015-05-10 15:48 - 00003516 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch 2015-05-10 15:48 - 2015-05-10 15:48 - 00003504 _____ () C:\Windows\System32\Tasks\Kathy DBAgent 2 0 2015-05-10 15:48 - 2015-05-10 15:48 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Nero 2015-05-10 15:47 - 2015-05-10 15:47 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk 2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Nero 2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard 2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\Program Files (x86)\Seagate 2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Seagate 2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies 2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Leadertech 2015-05-10 15:12 - 2015-05-10 15:12 - 00713216 _____ () C:\Users\Kathy\Downloads\F4EG(1).exe 2015-05-10 14:53 - 2015-05-10 14:55 - 149605432 _____ (Seagate ) C:\Users\Kathy\Downloads\Seagate Dashboard Installer.exe 2015-05-10 12:54 - 2015-05-10 12:55 - 00611377 _____ () C:\Users\Kathy\Downloads\Unconfirmed 924424.crdownload 2015-05-10 12:54 - 2015-05-10 12:54 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 472348.crdownload 2015-05-10 12:53 - 2015-05-10 12:54 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 819967.crdownload 2015-05-10 12:53 - 2015-05-10 12:53 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 544355.crdownload 2015-05-10 12:52 - 2015-05-10 12:52 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 603776.crdownload 2015-05-10 12:52 - 2015-05-10 12:52 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 590363.crdownload 2015-05-10 12:51 - 2015-05-10 12:51 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 715349.crdownload 2015-05-10 12:50 - 2015-05-10 12:51 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 388388.crdownload 2015-05-10 12:49 - 2015-05-10 12:50 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 574387.crdownload 2015-05-10 12:49 - 2015-05-10 12:49 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 569037.crdownload 2015-05-10 12:48 - 2015-05-10 12:48 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 261232.crdownload 2015-05-10 12:48 - 2015-05-10 12:48 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 222044.crdownload 2015-05-10 12:47 - 2015-05-10 12:47 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 925041.crdownload 2015-05-10 12:47 - 2015-05-10 12:47 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 366133.crdownload 2015-05-10 11:56 - 2015-05-10 11:57 - 00797168 _____ (Generic Application Software ) C:\Users\Kathy\Downloads\Unconfirmed 512078.crdownload 2015-05-10 11:56 - 2015-05-10 11:56 - 00797168 _____ (Generic Application Software ) C:\Users\Kathy\Downloads\Unconfirmed 844955.crdownload 2015-05-10 11:55 - 2015-05-10 11:55 - 00797168 _____ (Generic Application Software ) C:\Users\Kathy\Downloads\Unconfirmed 955067.crdownload 2015-05-09 14:58 - 2015-05-09 14:58 - 00051305 _____ () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive.htm 2015-05-09 14:58 - 2015-05-09 14:58 - 00045620 _____ () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive.htm 2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive_files 2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive_files 2015-05-09 01:51 - 2015-05-09 01:51 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 670346.crdownload 2015-05-08 16:48 - 2015-05-08 16:48 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 529706.crdownload 2015-05-08 14:40 - 2015-05-08 14:40 - 00001234 _____ () C:\Users\Kathy\Downloads\setup (1).website 2015-05-08 14:37 - 2015-05-08 14:37 - 00001234 _____ () C:\Users\Kathy\Downloads\setup.website 2015-05-08 13:40 - 2015-05-08 13:40 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 524481.crdownload 2015-05-08 13:39 - 2015-05-08 13:39 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 893007.crdownload 2015-05-08 13:39 - 2015-05-08 13:39 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 572892.crdownload 2015-05-08 13:38 - 2015-05-08 13:38 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 760871.crdownload 2015-05-08 13:37 - 2015-05-08 13:37 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 621431.crdownload 2015-05-08 13:37 - 2015-05-08 13:37 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 622239.crdownload 2015-05-08 13:37 - 2015-05-08 13:37 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 579709.crdownload 2015-05-08 13:36 - 2015-05-08 13:36 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 372115.crdownload 2015-05-08 13:36 - 2015-05-08 13:36 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 413132.crdownload 2015-05-08 13:35 - 2015-05-08 13:35 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 191145.crdownload 2015-05-08 13:34 - 2015-05-08 13:36 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 1297.crdownload 2015-05-08 13:32 - 2015-05-08 13:34 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 789005.crdownload 2015-05-08 08:20 - 2015-05-08 08:21 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 807556.crdownload 2015-05-08 08:20 - 2015-05-08 08:21 - 00813341 _____ () C:\Users\Kathy\Downloads\Unconfirmed 800374.crdownload 2015-05-08 08:20 - 2015-05-08 08:21 - 00594317 _____ () C:\Users\Kathy\Downloads\Unconfirmed 706820.crdownload 2015-05-08 08:19 - 2015-05-08 08:21 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 701982.crdownload 2015-05-08 08:19 - 2015-05-08 08:21 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 345926.crdownload 2015-05-08 08:18 - 2015-05-08 08:20 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 271309.crdownload 2015-05-08 08:18 - 2015-05-08 08:18 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 765814.crdownload 2015-05-08 08:18 - 2015-05-08 08:18 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 574733.crdownload 2015-05-08 08:18 - 2015-05-08 08:18 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 461331.crdownload 2015-05-08 08:17 - 2015-05-08 08:17 - 06512744 _____ (383 Media, Inc.) C:\Users\Kathy\Downloads\Unconfirmed 637121.crdownload 2015-05-08 08:17 - 2015-05-08 08:17 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 736598.crdownload 2015-05-08 08:17 - 2015-05-08 08:17 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 681023.crdownload 2015-05-08 08:16 - 2015-05-08 08:16 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 312251.crdownload 2015-05-08 08:16 - 2015-05-08 08:16 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 25339.crdownload 2015-05-08 08:15 - 2015-05-08 08:16 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 765236.crdownload 2015-05-08 08:15 - 2015-05-08 08:15 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 80062.crdownload 2015-05-08 08:15 - 2015-05-08 08:15 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 489253.crdownload 2015-05-08 08:15 - 2015-05-08 08:15 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 142558.crdownload 2015-05-08 08:15 - 2015-05-08 08:15 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (10).website 2015-05-08 08:14 - 2015-05-08 08:15 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 969426.crdownload 2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 640561.crdownload 2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 563334.crdownload 2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 398976.crdownload 2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 294754.crdownload 2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 190009.crdownload 2015-05-08 08:13 - 2015-05-08 08:13 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 76602.crdownload 2015-05-08 08:13 - 2015-05-08 08:13 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 492603.crdownload 2015-05-08 08:12 - 2015-05-08 08:12 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 830464.crdownload 2015-05-08 07:30 - 2015-05-08 07:31 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 707737.crdownload 2015-05-08 06:47 - 2015-05-08 06:47 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 251721.crdownload 2015-05-08 06:23 - 2015-05-08 06:23 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 950841.crdownload 2015-05-08 05:53 - 2015-05-08 05:54 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 935422.crdownload 2015-05-08 05:20 - 2015-05-08 05:20 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (9).website 2015-05-08 04:49 - 2015-05-08 04:49 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 64635.crdownload 2015-05-08 04:49 - 2015-05-08 04:49 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 500351.crdownload 2015-05-08 04:49 - 2015-05-08 04:49 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 217228.crdownload 2015-05-08 04:48 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 697307.crdownload 2015-05-08 04:48 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 453978.crdownload 2015-05-08 04:48 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 373085.crdownload 2015-05-08 04:48 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 317936.crdownload 2015-05-08 04:47 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 792553.crdownload 2015-05-08 04:47 - 2015-05-08 04:47 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 917644.crdownload 2015-05-08 04:47 - 2015-05-08 04:47 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 358462.crdownload 2015-05-08 04:47 - 2015-05-08 04:47 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 144710.crdownload 2015-05-08 04:46 - 2015-05-08 04:46 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 605588.crdownload 2015-05-08 04:46 - 2015-05-08 04:46 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 561522.crdownload 2015-05-08 04:46 - 2015-05-08 04:46 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 330583.crdownload 2015-05-08 04:45 - 2015-05-08 04:45 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 748003.crdownload 2015-05-08 04:45 - 2015-05-08 04:45 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 734362.crdownload 2015-05-08 04:45 - 2015-05-08 04:45 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 590101.crdownload 2015-05-08 04:45 - 2015-05-08 04:45 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 477647.crdownload 2015-05-08 04:44 - 2015-05-08 04:44 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 334451.crdownload 2015-05-08 04:44 - 2015-05-08 04:44 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 313176.crdownload 2015-05-08 04:44 - 2015-05-08 04:44 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 302951.crdownload 2015-05-08 04:44 - 2015-05-08 04:44 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 28181.crdownload 2015-05-08 04:43 - 2015-05-08 04:43 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 841479.crdownload 2015-05-08 04:43 - 2015-05-08 04:43 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 672562.crdownload 2015-05-08 04:43 - 2015-05-08 04:43 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 663360.crdownload 2015-05-08 04:42 - 2015-05-08 04:43 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 272579.crdownload 2015-05-08 04:42 - 2015-05-08 04:42 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 582033.crdownload 2015-05-08 04:42 - 2015-05-08 04:42 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 480227.crdownload 2015-05-08 04:42 - 2015-05-08 04:42 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 299096.crdownload 2015-05-08 04:41 - 2015-05-08 04:41 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 641701.crdownload 2015-05-08 04:41 - 2015-05-08 04:41 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 247275.crdownload 2015-05-08 04:41 - 2015-05-08 04:41 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 200807.crdownload 2015-05-08 03:14 - 2015-05-08 03:14 - 00197777 _____ () C:\Users\Kathy\Downloads\7B53.tmp 2015-05-08 03:14 - 2015-05-08 03:14 - 00076793 _____ () C:\Users\Kathy\Downloads\3120.tmp 2015-05-08 03:11 - 2015-05-08 03:11 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 485859.crdownload 2015-05-08 03:11 - 2015-05-08 03:11 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 315311.crdownload 2015-05-08 03:10 - 2015-05-08 03:10 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 913740.crdownload 2015-05-08 03:10 - 2015-05-08 03:10 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 185390.crdownload 2015-05-08 03:09 - 2015-05-08 03:09 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 828839.crdownload 2015-05-08 03:09 - 2015-05-08 03:09 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 764192.crdownload 2015-05-08 03:08 - 2015-05-08 03:08 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 590590.crdownload 2015-05-08 03:07 - 2015-05-08 03:07 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 950381.crdownload 2015-05-08 00:39 - 2015-05-08 00:40 - 01564066 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 857448.crdownload 2015-05-08 00:32 - 2015-05-08 00:36 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 577490.crdownload 2015-05-07 23:23 - 2015-05-07 23:23 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 546478.crdownload 2015-05-07 23:22 - 2015-05-07 23:23 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 318684.crdownload 2015-05-07 23:22 - 2015-05-07 23:22 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 813259.crdownload 2015-05-07 23:22 - 2015-05-07 23:22 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 725476.crdownload 2015-05-07 23:20 - 2015-05-07 23:20 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 723845.crdownload 2015-05-07 23:20 - 2015-05-07 23:20 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 379276.crdownload 2015-05-07 23:19 - 2015-05-07 23:19 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 682146.crdownload 2015-05-07 23:18 - 2015-05-07 23:18 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 815696.crdownload 2015-05-07 23:17 - 2015-05-07 23:17 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 229100.crdownload 2015-05-07 23:16 - 2015-05-07 23:17 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 475796.crdownload 2015-05-07 23:16 - 2015-05-07 23:16 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 468554.crdownload 2015-05-07 23:16 - 2015-05-07 23:16 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 366806.crdownload 2015-05-07 23:11 - 2015-05-07 23:12 - 00210265 _____ () C:\Users\Kathy\Downloads\4502.tmp 2015-05-07 23:11 - 2015-05-07 23:11 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 494962.crdownload 2015-05-07 23:10 - 2015-05-07 23:10 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 853130.crdownload 2015-05-07 23:09 - 2015-05-07 23:10 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 29101.crdownload 2015-05-07 23:09 - 2015-05-07 23:09 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 77296.crdownload 2015-05-07 23:08 - 2015-05-07 23:08 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 865766.crdownload 2015-05-07 23:08 - 2015-05-07 23:08 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 656902.crdownload 2015-05-07 23:07 - 2015-05-07 23:07 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 626078.crdownload 2015-05-07 20:08 - 2015-05-07 20:09 - 18650456 _____ () C:\Users\Kathy\Downloads\Unconfirmed 253080.crdownload 2015-05-07 18:58 - 2015-05-07 18:58 - 00829656 _____ () C:\Users\Kathy\Downloads\Unconfirmed 119752.crdownload 2015-05-07 16:59 - 2015-05-07 16:59 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (8).website 2015-05-07 16:58 - 2015-05-07 16:58 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (7).website 2015-05-07 16:42 - 2015-05-07 16:42 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 610377.crdownload 2015-05-07 16:42 - 2015-05-07 16:42 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 464591.crdownload 2015-05-07 16:41 - 2015-05-07 16:41 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 876615.crdownload 2015-05-07 16:41 - 2015-05-07 16:41 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 420473.crdownload 2015-05-07 16:40 - 2015-05-07 16:40 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 819992.crdownload 2015-05-07 16:39 - 2015-05-07 16:39 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 984507.crdownload 2015-05-07 16:39 - 2015-05-07 16:39 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 516223.crdownload 2015-05-07 16:38 - 2015-05-07 16:39 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 450710.crdownload 2015-05-07 16:38 - 2015-05-07 16:38 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 964707.crdownload 2015-05-07 16:38 - 2015-05-07 16:38 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 427271.crdownload 2015-05-07 16:37 - 2015-05-07 16:37 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 182192.crdownload 2015-05-07 16:36 - 2015-05-07 16:37 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 34131.crdownload 2015-05-07 16:36 - 2015-05-07 16:36 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 286693.crdownload 2015-05-07 16:35 - 2015-05-07 16:36 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 396230.crdownload 2015-05-07 16:35 - 2015-05-07 16:35 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 914573.crdownload 2015-05-07 16:35 - 2015-05-07 16:35 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 530481.crdownload 2015-05-07 16:34 - 2015-05-07 16:34 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 609661.crdownload 2015-05-07 16:33 - 2015-05-07 16:33 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 911249.crdownload 2015-05-07 16:33 - 2015-05-07 16:33 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 501364.crdownload 2015-05-07 16:27 - 2015-05-07 16:31 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 271838.crdownload 2015-05-07 15:44 - 2015-05-07 15:46 - 18650456 _____ () C:\Users\Kathy\Downloads\Unconfirmed 410279.crdownload 2015-05-07 15:33 - 2015-05-07 15:33 - 00025265 _____ () C:\Users\Kathy\Downloads\download 2015-05-07 11:42 - 2015-05-07 11:46 - 16553558 _____ () C:\Users\Kathy\Downloads\Unconfirmed 261977.crdownload 2015-05-07 04:17 - 2015-05-07 04:17 - 07896440 _____ () C:\Users\Kathy\Downloads\Unconfirmed 910661.crdownload 2015-05-06 21:46 - 2015-05-06 21:46 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 745041.crdownload 2015-05-06 17:31 - 2015-05-06 17:31 - 00857648 _____ () C:\Users\Kathy\Downloads\Unconfirmed 499205.crdownload 2015-05-06 17:29 - 2015-05-06 17:31 - 00857648 _____ () C:\Users\Kathy\Downloads\Unconfirmed 625077.crdownload 2015-05-06 17:29 - 2015-05-06 17:30 - 00857648 _____ () C:\Users\Kathy\Downloads\Unconfirmed 559162.crdownload 2015-05-06 17:25 - 2015-05-06 17:25 - 00857648 _____ () C:\Users\Kathy\Downloads\Unconfirmed 392991.crdownload 2015-05-06 17:16 - 2015-05-06 17:17 - 18650456 _____ () C:\Users\Kathy\Downloads\Unconfirmed 526487.crdownload 2015-05-06 16:23 - 2015-05-06 16:23 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 934993.crdownload 2015-05-06 16:22 - 2015-05-06 16:22 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 374272.crdownload 2015-05-06 16:22 - 2015-05-06 16:22 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 178674.crdownload 2015-05-06 16:21 - 2015-05-06 16:21 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 458298.crdownload 2015-05-06 16:21 - 2015-05-06 16:21 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 119589.crdownload 2015-05-06 16:20 - 2015-05-06 16:20 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 109811.crdownload 2015-05-06 16:19 - 2015-05-06 16:19 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 637599.crdownload 2015-05-06 16:19 - 2015-05-06 16:19 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 307157.crdownload 2015-05-06 16:18 - 2015-05-06 16:18 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 342905.crdownload 2015-05-06 16:17 - 2015-05-06 16:17 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 593886.crdownload 2015-05-06 16:17 - 2015-05-06 16:17 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 451054.crdownload 2015-05-06 16:16 - 2015-05-06 16:16 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 538280.crdownload 2015-05-06 11:29 - 2015-05-06 11:31 - 00074105 _____ () C:\Users\Kathy\Downloads\4144.tmp 2015-05-06 11:28 - 2015-05-06 11:31 - 00215657 _____ () C:\Users\Kathy\Downloads\8CA0.tmp 2015-05-06 11:20 - 2015-05-06 11:21 - 00768097 _____ () C:\Users\Kathy\Downloads\Unconfirmed 538744.crdownload 2015-05-06 11:19 - 2015-05-06 11:19 - 00857176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 832832.crdownload 2015-05-06 11:17 - 2015-05-06 11:18 - 00857176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 703850.crdownload 2015-05-06 11:17 - 2015-05-06 11:17 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (6).website 2015-05-06 11:16 - 2015-05-06 11:16 - 00857176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 466801.crdownload 2015-05-06 11:16 - 2015-05-06 11:16 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (5).website 2015-05-06 11:15 - 2015-05-06 11:15 - 00857176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 696768.crdownload 2015-05-06 08:40 - 2015-05-06 08:45 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 462644.crdownload 2015-05-06 07:59 - 2015-05-06 07:59 - 00142489 _____ () C:\Users\Kathy\Downloads\mod_fcgid-2.3.9-crlf.zip 2015-05-06 04:13 - 2015-05-06 04:13 - 00796072 _____ (Program ) C:\Users\Kathy\Downloads\Unconfirmed 520060.crdownload 2015-05-05 23:24 - 2015-05-05 23:25 - 05054838 _____ () C:\Users\Kathy\Downloads\httpd-2.4.12.tar.bz2 2015-05-05 22:45 - 2015-05-05 22:46 - 29653493 _____ () C:\Users\Kathy\Downloads\tga-spoilercast-episode-1.mp3.crdownload 2015-05-05 22:32 - 2015-05-05 22:36 - 95549608 _____ () C:\Users\Kathy\Downloads\tga-the-raid-episode-16.mp3.crdownload 2015-05-05 16:34 - 2015-05-05 16:34 - 00805253 _____ () C:\Users\Kathy\Downloads\nginx-1.6.3.tar.gz 2015-05-05 16:33 - 2015-05-05 16:34 - 00769153 _____ () C:\Users\Kathy\Downloads\nginx-1.4.7.tar.gz 2015-05-05 15:24 - 2015-05-05 15:24 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 73985.crdownload 2015-05-04 23:36 - 2015-05-04 23:36 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 919502.crdownload 2015-04-30 19:48 - 2015-04-30 19:48 - 00797248 _____ (Generic ) C:\Users\Kathy\Downloads\Unconfirmed 288937.crdownload 2015-04-30 19:48 - 2015-04-30 19:48 - 00084293 _____ () C:\Users\Kathy\Downloads\CB50.tmp 2015-04-30 19:45 - 2015-04-30 19:45 - 00797248 _____ (Generic ) C:\Users\Kathy\Downloads\Unconfirmed 337898.crdownload 2015-04-30 19:44 - 2015-04-30 19:45 - 00797248 _____ (Generic ) C:\Users\Kathy\Downloads\Unconfirmed 9156.crdownload 2015-04-30 18:46 - 2015-04-30 18:47 - 00373373 _____ () C:\Users\Kathy\Downloads\Unconfirmed 191909.crdownload 2015-04-30 18:46 - 2015-04-30 18:46 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 815207.crdownload 2015-04-30 18:46 - 2015-04-30 18:46 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 21781.crdownload 2015-04-30 18:45 - 2015-04-30 18:46 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 122665.crdownload 2015-04-30 18:44 - 2015-04-30 18:44 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 89237.crdownload 2015-04-30 18:44 - 2015-04-30 18:44 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 291366.crdownload 2015-04-30 18:43 - 2015-04-30 18:43 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 914169.crdownload 2015-04-30 18:43 - 2015-04-30 18:43 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 391891.crdownload 2015-04-30 14:19 - 2015-04-30 14:19 - 00795192 _____ (Software Internet ) C:\Users\Kathy\Downloads\Unconfirmed 284494.crdownload 2015-04-30 12:21 - 2015-04-30 12:21 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (5).website.crdownload 2015-04-30 12:19 - 2015-04-30 12:20 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (4).website 2015-04-29 12:52 - 2015-04-29 12:52 - 00000558 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (3).website 2015-04-28 14:40 - 2015-04-28 14:40 - 00795200 _____ (Software Internet ) C:\Users\Kathy\Downloads\Unconfirmed 364104.crdownload 2015-04-27 12:45 - 2015-04-27 12:46 - 26372721 _____ () C:\Users\Kathy\Downloads\349043891 (1).mp4 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-24 19:01 - 2014-11-08 21:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-24 18:04 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-24 18:04 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-24 18:00 - 2014-11-08 18:59 - 02014833 _____ () C:\Windows\WindowsUpdate.log 2015-05-24 17:52 - 2015-03-01 14:56 - 00005743 _____ () C:\Windows\setupact.log 2015-05-24 17:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-24 13:55 - 2009-07-14 00:13 - 00006170 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-24 13:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-05-24 13:47 - 2015-03-29 18:23 - 00053202 _____ () C:\Windows\PFRO.log 2015-05-24 13:02 - 2014-11-09 16:52 - 00000000 ____D () C:\Users\Kathy\Documents\First Steps 2015-05-23 21:35 - 2014-12-15 09:50 - 00000000 ____D () C:\Users\Kathy\Desktop\Windows Loader v2.2.2 2015-05-23 21:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources 2015-05-23 11:33 - 2014-11-09 16:47 - 00000000 ____D () C:\Users\Kathy\Documents\calendars 2015-05-23 10:29 - 2015-02-28 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-23 09:08 - 2015-01-12 21:32 - 00012950 ____H () C:\Users\Kathy\Documents\~WRL3697.tmp 2015-05-21 06:46 - 2015-04-21 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-21 06:46 - 2014-11-08 21:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-12 18:35 - 2015-01-13 19:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-10 15:48 - 2014-11-08 17:04 - 00000000 ____D () C:\Users\Kathy 2015-05-10 15:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-05-08 17:57 - 2009-07-14 00:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2015-03-01 14:49 - 2015-03-01 14:49 - 0000017 _____ () C:\Users\Kathy\AppData\Local\resmon.resmoncfg 2014-11-12 11:03 - 2014-11-12 11:03 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 17:38 ==================== End of log ============================ ADDITION: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01 Ran by Kathy at 2015-05-24 19:05:51 Running from C:\Users\Kathy\Desktop\FRST Scans Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2506747023-1352019474-4072486413-500 - Administrator - Disabled) Guest (S-1-5-21-2506747023-1352019474-4072486413-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2506747023-1352019474-4072486413-1002 - Limited - Enabled) Kathy (S-1-5-21-2506747023-1352019474-4072486413-1000 - Administrator - Enabled) => C:\Users\Kathy ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft) AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - ) CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform) FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.) gBot (HKLM-x32\...\407308A3-D7DA-A7A5-C900-000000B100) (Version: 107.0.0.454 - gBot team) HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company) HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard) HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Inspector Parker (HKLM-x32\...\BFG-Inspector Parker) (Version: - ) Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla) Mystery Case Files: Prime Suspects ™ (HKLM-x32\...\BFG-Mystery Case Files - Prime Suspects) (Version: - ) Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.) OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd) Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.30.0239 - ) Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.19.0 - Seagate) Super Mahjong (HKLM-x32\...\e7ae5e74e555b485845f9811708aa158) (Version: - GameHouse) Tixati (HKLM-x32\...\tixati) (Version: - ) WinDirStat 1.1.2 (HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\WinDirStat) (Version: - ) WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 24-05-2015 13:11:36 AA11 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B4DF142-C1DF-426D-A59F-179B3B86F448} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated) Task: {1473CC2A-B67D-4812-B3E3-FEA809260A97} - System32\Tasks\ScanToPCActivationApp.exe_{B0C2E6BD-C1A6-49E6-A0CC-74081F080AFF} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.) Task: {227ABE67-3CE1-4D77-A7C5-85899ED5B238} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd) Task: {31F80569-458F-4A2A-954A-CAFE4FE849AB} - System32\Tasks\{DF5E0E28-42F3-4954-829F-6BB9FF8E6E7E} => pcalua.exe -a C:\Users\Kathy\Downloads\Install-winMd5Sum.exe -d C:\Users\Kathy\Downloads Task: {4A9CF1BC-EC6A-496C-AA8F-64588807975A} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-03] (Seagate Technology LLC) Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION Task: {5D393784-9E8B-4566-8704-01F03A820908} - System32\Tasks\GB Runner => %LOCALAPPDATA%\407308A3-D7DA-A7A5-C900-000000B100\gbRunner.exe Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION Task: {8E728DAD-FCF3-4BCD-B218-CFCD47442B89} - System32\Tasks\{D9065875-F2C5-4397-A201-02682A0A1EE3} => pcalua.exe -a E:\sp48482.exe -d E:\ Task: {8E7CA9EB-8A00-4D97-BE28-48DE710191D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {910840FB-36F9-4ACC-B238-CE9F37633707} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-02-24] () Task: {972B388A-3F17-43C3-BF4A-ECB145C54E42} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Kathy) => C:\Users\Kathy\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2015-05-10] (Leader Technologies/Seagate) Task: {B0379419-4F21-4A1C-AB2B-E949E267A6FB} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop Task: {F42509DD-F87B-420E-9A08-91350E34F247} - System32\Tasks\Kathy DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-03] (Seagate Technology LLC) Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-10 18:50 - 2015-03-10 18:50 - 02756616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe 2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe 2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll 2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll 2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe 2014-11-15 04:07 - 2014-11-15 04:07 - 00386624 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\gbRunner.exe 2015-05-24 17:53 - 2015-05-24 17:53 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\src\rgloader\rgloader193.mswin.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\bin\libffi-6.dll 2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll 2015-05-24 17:53 - 2015-05-24 17:53 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\src\rgloader\rgloader193.mswin.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00118784 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00069120 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00083968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\bin\zlib1.dll 2015-05-24 17:53 - 2015-05-24 17:53 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00275968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00015360 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00008192 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00023552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00036352 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\bin\libffi-6.dll 2015-05-24 17:53 - 2015-05-24 17:53 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so 2015-05-24 17:53 - 2015-05-24 17:53 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so 2015-02-24 13:11 - 2015-02-24 13:11 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll 2015-02-24 13:11 - 2015-02-24 13:11 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll 2014-11-15 04:08 - 2014-11-15 04:08 - 00094784 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\ManXec.dll 2014-11-15 04:08 - 2014-11-15 04:08 - 00071232 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmdProc.dll 2014-11-15 04:09 - 2014-11-15 04:09 - 00043072 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\PrfIns.dll 2014-11-15 04:09 - 2014-11-15 04:09 - 00054336 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\WbSes.dll 2014-11-15 04:09 - 2014-11-15 04:09 - 00120384 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\WdcMan.dll 2014-11-15 04:09 - 2014-11-15 04:09 - 00122432 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\WblSupp.dll 2014-11-15 04:08 - 2014-11-15 04:08 - 00101952 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmnUtls.dll 2014-12-15 10:02 - 2014-10-23 03:14 - 01091584 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\libglesv2.dll 2014-12-15 10:02 - 2014-10-23 03:19 - 00167936 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\libEGL.dll 2014-12-15 10:02 - 2014-10-23 03:26 - 08569856 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\pdf.dll 2014-12-15 10:02 - 2014-10-23 03:20 - 00324608 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\ppGoogleNaClPluginChrome.dll 2014-12-15 10:02 - 2014-10-23 03:23 - 00880128 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\ffmpegsumo.dll 2014-12-15 10:02 - 2014-09-22 23:07 - 14891848 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72 AlternateDataStreams: C:\ProgramData\TEMP:80FE037D ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B85C99DF-9DF1-4912-A476-DBA4D9574C00}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe FirewallRules: [{C780F957-B6C3-4FE6-85BD-4B794F110D33}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{6EBF6E00-4899-441C-966A-5799CDE6393E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{6D931486-EACD-41E3-B260-7D975C177D89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{113CC051-69BC-4130-AD11-131C8F8B3DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{53440948-0468-4E5F-A280-425637353164}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{A4A4E9F1-EA2C-4AAB-85FF-5B480CDFFE0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{BE4F7C7B-D685-4CC4-A40E-0F33EBE30F24}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe FirewallRules: [uDP Query User{98255DD5-EB27-4EEE-ADB4-6EEF79ADC795}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe FirewallRules: [{CA2DBDAB-1987-41A9-B259-6947D7B9C251}] => (Allow) LPort=8888 FirewallRules: [{3504F4C9-79D9-480B-B419-5E8796EA1C3A}] => (Allow) LPort=8888 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/23/2015 11:11:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/23/2015 11:11:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/23/2015 09:39:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (05/23/2015 09:39:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (05/23/2015 10:43:22 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program CCleaner64.exe version 5.3.0.5128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 6e8 Start Time: 01d0956b063cb385 Termination Time: 32 Application Path: C:\Program Files\CCleaner\CCleaner64.exe Report Id: 63fd7f46-0162-11e5-9c92-8cdcd488ce35 Error: (05/22/2015 08:48:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x54637c3c Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5463780e Exception code: 0x80000003 Fault offset: 0x00056cd0 Faulting process id: 0x34a4 Faulting application start time: 0xchrome.exe0 Faulting application path: chrome.exe1 Faulting module path: chrome.exe2 Report Id: chrome.exe3 Error: (05/22/2015 04:12:32 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. System errors: ============= Error: (05/24/2015 07:02:18 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC) Error: (05/24/2015 06:51:08 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC) Error: (05/24/2015 06:04:31 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC) Error: (05/24/2015 05:56:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom qtbc Error: (05/24/2015 05:54:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate MobileBackup Service service to connect. Error: (05/24/2015 05:53:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Solutions Framework Service service failed to start due to the following error: %%1053 Error: (05/24/2015 05:53:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect. Error: (05/24/2015 05:08:06 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC) Error: (05/24/2015 04:59:56 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC) Error: (05/24/2015 04:51:45 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver) Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC) Microsoft Office: ========================= Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/23/2015 11:11:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/23/2015 11:11:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/23/2015 09:39:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: WmiApRplWmiApRpl8F20300004D070000 Error: (05/23/2015 09:39:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: Performance1637070000000000000000000009030000 Error: (05/23/2015 10:43:22 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: CCleaner64.exe5.3.0.51286e801d0956b063cb38532C:\Program Files\CCleaner\CCleaner64.exe63fd7f46-0162-11e5-9c92-8cdcd488ce35 Error: (05/22/2015 08:48:28 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: chrome.exe37.0.2062.12454637c3cchrome.dll37.0.2062.1245463780e8000000300056cd034a401d09494b054f135C:\Users\Kathy\AppData\Local\407308~1\CHROME~1\chrome.exeC:\Users\Kathy\AppData\Local\407308~1\CHROME~1\chrome.dll392bf45a-0089-11e5-9c92-8cdcd488ce35 Error: (05/22/2015 04:12:32 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 ==================== Memory info =========================== Processor: Intel® Core i5-4210U CPU @ 1.70GHz Percentage of memory in use: 36% Total physical RAM: 8126.3 MB Available physical RAM: 5150.44 MB Total Pagefile: 16250.78 MB Available Pagefile: 13489.33 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.54 GB) (Free:580.61 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6484D2A8) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS) ==================== End of log ============================ I really appreciate your help in dealing with this. Cheers.
  7. Ok, I have done the ADW and OTC cleanup and uninstalls. Thank you so much for your help. I won't be boneheaded again and click things reflexively.
  8. I opened internet explorer and surfed around to several sites, and noticed nothing unusual. There also are no more flashing ads or popups on chrome. Firefox and Opera are not even installed anymore on my system, so couldn't check them. On reboots, my LAN card seems to be connecting better than I had noticed recently. Before I reinstalled chrome, I had the addon Adblocker installed. Is this a good choice for keeping banners and such off of webpages, or is there another one you would recommend? Attached is the requested fixlog file. Fixlog.txt
  9. ADWCLEANER Log: # AdwCleaner v4.111 - Logfile created 28/02/2015 at 21:48:09 # Updated 18/02/2015 by Xplode # Database : 2015-02-18.3 [Local] # Operating system : Windows 7 Ultimate Service Pack 1 (x64) # Username : Zubba - TESLA # Running from : C:\Users\Zubba\Desktop\Malware Removal\adwcleaner_4.111.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\ProgramData\4557412500390496948 Folder Found : C:\ProgramData\bjkogcbbfiiejfpfgjkddfmmnhnlnfpk Folder Found : C:\ProgramData\bjkogcbbfiiejfpfgjkddfmmnhnlnfpk Folder Found : C:\Users\Zubba\AppData\Local\AVG SafeGuard toolbar ***** [ Scheduled tasks ] ***** Task Found : update-sys Task Found : update-S-1-5-21-3403507024-58037063-281187845-1000 Task Found : update-sys ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Key Found : HKCU\Software\AppDataLow\Software\adawarebp Key Found : HKCU\Software\Conduit Key Found : [x64] HKCU\Software\Conduit Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81} Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Lightshot] ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17631 -\\ Mozilla Firefox v -\\ Google Chrome v40.0.2214.115 [C:\Users\Zubba\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Zubba\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} -\\ Chromium v ************************* AdwCleaner[R0].txt - [9769 bytes] - [22/11/2014 20:38:31] AdwCleaner[R1].txt - [2079 bytes] - [28/02/2015 21:48:09] AdwCleaner[s0].txt - [9820 bytes] - [22/11/2014 20:39:21] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2197 bytes] ########## Private internet access was an intentional install, and I plan on keeping it. I only use chrome, I really have no need for Firefox, I.E., or Opera. I only had the others installed at some point because I'm helping to beta test an online game and they wanted users to try other browsers than just Chrome. I am not needing to do that any longer, so I really just need chrome at this point. Thank you. Fixlog.txt
  10. I thought I had installed chrome from the official site, but uninstalled and reinstalled it. I also uninstalled download your driver. I went ahead and deleted that android app file, as I don't even use it. I downloaded and rant the AVG remover, and it ran a command prompt, but was too fast to see anything, and it gave no prompt afterward to indicate if it had done anything successfully or not. I followed the instructions for the sunbelt uninstall. It took a few minutes, but the system reconnected through the LAN. The fixlist was run and the reboot was successful this time. Attached are the requested logfiles. FRST.txt Addition.txt Fixlog.txt
  11. I do not recognize the 'download you driver' entry, and have not done anything with chrome (I just did a vanilla install and then used it). I did uninstall the outdated Java as instructed. I created the fixlist file and ran FRST fix mode. It ran the script and completed with a reboot. However, my LAN card had no connectivity after the reboot. I was forced to use the created restore point. Upon reboot, the internet connection was established. I have noticed lately that my LAN card has had some issues connecting on reboots. Sometimes it is very slow to finally connect. I'm not sure if this is malware/infection related or if it is something else? I've also noticed that my computer (windows explorer especially) gets very laggy and nonresponsive (especially when reusing the computer that has been sitting idle for hours). I've had more forced reboots in the last 2-3 weeks than in the previous 3 years combined. ESET found 18 threats, so hopefully that gives you more clues. Thanks again for all your help. Eset 2-27-15.txt Fixlog.txt
  12. I stupidly clicked a link in a skype chat that has now given me an infection. It causes lots of popup tabs when browsing internet and flashing ads within webpages showing ads by skypemoticon . No matter what I've done, it keeps reappearing after reboot. I ran adaware and it quarantined some things. Attached are the Frst scan logs. I really appreciate your help. FRST.txt Addition.txt
  13. [quote name='zubbs1' post='127896' date='Jun 28 2011, 12:30 PM']I hope you haven't left yet. I cannot update windows now. I get an error Code 80070005 Windows update encountered an unknow error. I've looked all over trying to understand this and nobody has any help. I've tried disabling the windows firewall, and disabling adaware. I only have myself as the user (with admin rights). I realize this is may only be a side effect of the infection, but so you have any ideas?[/quote] Ok, nevermind. I was able to find a solution. Have a great day.
  14. [quote name='CeciliaB' post='127891' date='Jun 28 2011, 10:50 AM']You are welcome [/quote] I hope you haven't left yet. I cannot update windows now. I get an error Code 80070005 Windows update encountered an unknow error. I've looked all over trying to understand this and nobody has any help. I've tried disabling the windows firewall, and disabling adaware. I only have myself as the user (with admin rights). I realize this is may only be a side effect of the infection, but so you have any ideas?
  15. [quote name='CeciliaB' post='127886' date='Jun 28 2011, 06:48 AM']Looks good Time for final clean-up. [u]1. Removal of all system restore points since they might be infected.[/u] XP: Create a new system restore point: [b]Start - Programs - Accessories - System Tools - System Restore[/b] Choose [b]Create a Restore Point[/b] and then click [b]Next[/b]. Give the R.P. a name, then click [b]Create[/b]. Remove all old restore points by running Disk Cleanup. [b]Start - Run[/b] and type: [b]Cleanmgr[/b] Click [b]Ok[/b]. Disk Cleanup will scan your files for several minutes, then open. Select the [b]More Options [/b]tab, and then click the [b]Clean up[/b] button under System Restore. Click [b]Ok [/b]and then [b]Yes [/b]twice. Vista and WIndows 7: Create a new system restore point by following [url="http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/"]http://www.howtogeek.com/howto/windows-vis...system-restore/[/url] Remove all old restore points by following [url="http://bertk.mvps.org/html/diskcleanupv.html"]http://bertk.mvps.org/html/diskcleanupv.html[/url] (Vista) or [url="http://www.sevenforums.com/tutorials/818-disk-cleanup-open-use.html"]http://www.sevenforums.com/tutorials/818-d...p-open-use.html[/url] (Windows 7). [u]2. Removal of tools[/u] [u]a. [/u]Press Windows-key + R Copy and paste this line: ComboFix /Uninstall Note the space before / Click on OK. [u]b. [/u]Close all programs. Start OTL program. Click the [b]CleanUp[/b]! button. Select [b]Yes[/b] when asked "Begin cleanup process". If you are asked to reboot, select [b]Yes[/b]. If any logs remain on the computer you can remove them. Any tools left? [u]3. Improve the security in the computer[/u] It is very important to keep Windows and all programs updated, for example there is an old version of Java with known security issues that makes it easy to infect the computer. To help you with that you can use the program [url="http://secunia.com/vulnerability_scanning/personal/"]Secunia Personal Software Inspector (PSI)[/url]. Read what Blade81 writes in the post [url="http://www.lavasoftsupport.com/index.php?showtopic=30610&view=findpost&p=124337"]http://www.lavasoftsupport.com/index.php?s...st&p=124337[/url] from the header "Make your Internet Explorer more secure" and downwards.[/quote] Ok all things done. Thank you so much for your time and patience. I really appreciate all your help.