Sign in to follow this  
djayem

"Ad by Provider" and other Malware - not detected by Ad-Aware 11

Recommended Posts

Ad-Awarearrow-10x10.png 11 is scanning my system daily and doesn't pick up this malwarearrow-10x10.png that is basically crippling my web browser(s) I've tried both Chrome and IE - they're both affected. I get multiple ad windows inserting themselves into the page (with a caption of "Ad by Provider"), as well as so-called 'corruption alerts' asking me to download a fix, and finally multiple words will be hyperlinked to various websites. I've attached a screen capture of the Lavasoftarrow-10x10.png website, showing the various annoying malware ads.

 

This is what I bought Ad-Awarearrow-10x10.png for, but it's not even seeing the problem. How can I get rid of this stuff?

 

Thanksarrow-10x10.png,

Dorothy

post-107927-0-67900400-1429806063_thumb.jpg

Share this post


Link to post
Share on other sites

Hi Dorothy,

 

The ads aren't categorized as malware but adware.

 

Please, to get help with removing the ads follow the instructions in the topic Read This Before You Post!.

Share this post


Link to post
Share on other sites

Hi Cecilia,

Thanks for the clarification of malware vs adware. I reviewed the 'read before posting' and realized I missed step 2. So I have now downloaded and run FRST, and I have the two files requested. I can't see how to attach to this reply (I'm sure it's very easy, but I can't find the right button) so I'll create a fresh post.

Share this post


Link to post
Share on other sites

So I double checked the instructions and realized it said to insert the content of the files into my post, so I'm reading that to mean copy/paste here. So...below is the content of the two files:

 

 

 

 

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Dorothy (administrator) on DOROTHY-HP on 23-04-2015 13:30:57
Running from C:\Users\Dorothy\Desktop
Loaded Profiles: Dorothy (Available profiles: Dorothy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\IT Viewer\privoxy.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\PreSonus\AudioBox\AudioBox.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
() C:\Users\Dorothy\AppData\Roaming\NetMon\netmon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Google Update] => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-16] (Google Inc.)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-11] ()
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [backgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Dorothy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7591424 2012-10-09] ()
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [707416 2015-03-10] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [NetMon] => C:\Users\Dorothy\AppData\Roaming\NetMon\netmon.exe [840206 2015-03-18] ()
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\MountPoints2: {b02ce3b0-5a36-11e2-9537-9cb70d9c1aa2} - J:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-04-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to mimobyte.exe.lnk [2013-06-21]
ShortcutTarget: Shortcut to mimobyte.exe.lnk -> C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe ()
Startup: C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-07-18]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [s-1-5-21-2253929276-2761414899-1364960208-1000] => Internet Explorer proxy is enabled.
ProxyServer: [s-1-5-21-2253929276-2761414899-1364960208-1000] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - VisualBee V.3 Toolbar - {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVisu.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 - VisualBee V.3 Toolbar - {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVisu.dll (Conduit Ltd.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {134839E3-4408-4006-9B48-AA528D1EABF6} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287802&CUI=UN11782800362545720&UM=2&UP=SP3841609E-7D4F-4ED8-8344-176211904FF4&SSPV=
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {134839E3-4408-4006-9B48-AA528D1EABF6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287802&CUI=UN11782800362545720&UM=2
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchTerms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {8FA5D783-B1F8-4F89-AAC3-E75B93E3F2D3} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {A640573D-48E5-4AAB-A0E1-24B62217E276} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_upclick_150317&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: VisualBee V.3 Toolbar -> {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} -> C:\Program Files (x86)\VisualBee_V.3\prxtbVisu.dll [2013-11-06] (Conduit Ltd.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - VisualBee V.3 Toolbar - {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVisu.dll [2013-11-06] (Conduit Ltd.)
Toolbar: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> No Name - {BF9194C2-B86D-4EBC-9B53-1C08B6FF779E} - No File
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [326288 2015-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [373864 2015-03-17] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F3131339-8F2A-4098-8C4E-FCC9585322CC}: [NameServer] 208.67.222.222
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-11] (Pando Networks)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\37\NP_wtapp.dll [2014-11-21] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-11] (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-05-28]
Chrome:
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR DefaultSearchKeyword: Default -> \t\tgo search
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Duolingo on the Web) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-01-25]
CHR Extension: (Gojee Food) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2014-01-25]
CHR Extension: (YouTube) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-16]
CHR Extension: (Google Search) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (Candy Matcher Deluxe) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2014-01-25]
CHR Extension: (Hola Better Internet) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-15]
CHR Extension: (Bookmark Manager) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Scott Draves) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldociafpimkkkdneicfdkdbgcllhdhj [2014-01-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-01-25]
CHR Extension: (Floor plans and interior design) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-01-25]
CHR Extension: (Do It (Tomorrow)) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-16]
CHR HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21]
StartMenuInternet: Google Chrome - C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-02] (WildTangent)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [699912 2015-03-10] (Garmin Ltd. or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-03-17] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio_x64.sys [250728 2012-10-09] ()
S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp_x64.sys [69992 2012-10-09] ()
S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks_x64.sys [51560 2012-10-09] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 13:30 - 2015-04-23 13:31 - 00037677 _____ () C:\Users\Dorothy\Desktop\FRST.txt
2015-04-23 13:30 - 2015-04-23 13:31 - 00000000 ____D () C:\FRST
2015-04-23 13:27 - 2015-04-23 13:27 - 02099712 _____ (Farbar) C:\Users\Dorothy\Desktop\FRST64.exe
2015-04-23 13:22 - 2015-04-23 13:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-04-23 12:42 - 2015-04-23 12:42 - 00000000 ____D () C:\ProgramData\BitDefender
2015-04-23 12:41 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-04-23 12:41 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-04-20 08:18 - 2015-04-20 08:18 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-20 08:18 - 2015-04-20 08:18 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-20 08:13 - 2015-04-23 13:18 - 00003382 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2015-04-20 03:49 - 2015-04-20 03:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Webshots Data
2015-04-20 03:18 - 2015-04-20 03:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-20 03:18 - 2015-04-20 03:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-19 17:30 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-19 17:30 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-19 17:30 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-19 17:30 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-19 17:30 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-19 17:30 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-19 17:30 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-19 17:30 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-19 17:30 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-19 17:30 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-19 17:30 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-19 17:30 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-19 17:30 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-19 17:30 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-19 17:30 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-19 17:30 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-19 17:30 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-19 17:30 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-19 17:30 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-19 17:30 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-19 17:30 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-19 17:30 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-19 17:30 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-19 17:30 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-19 17:30 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-19 17:30 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-19 17:30 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-19 17:30 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-19 17:30 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-19 17:30 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-19 17:30 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-19 17:30 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-19 17:30 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-19 17:30 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-19 17:30 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-19 17:30 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-19 17:30 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 17:30 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 17:30 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-19 17:30 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 17:30 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 17:30 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-19 17:30 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-19 17:30 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 17:30 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 17:30 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-19 17:30 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 17:30 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-19 17:30 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 17:30 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-19 17:30 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 17:30 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-19 17:30 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-19 17:30 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-19 17:30 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 17:30 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-19 17:30 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-19 17:30 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-19 17:30 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 17:30 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-19 17:30 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-19 17:30 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-19 17:30 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-19 17:30 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-19 17:30 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-19 17:30 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 17:30 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-19 17:30 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 17:30 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-19 17:30 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-19 17:30 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-19 17:30 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-19 17:30 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-19 17:30 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-19 17:30 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-19 17:30 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 17:30 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-19 17:30 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 17:30 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-19 17:30 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-19 17:30 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-19 17:30 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-19 17:30 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-19 17:30 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-19 17:30 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-19 17:30 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 17:30 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-19 17:30 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-19 17:30 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-19 17:30 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-19 17:30 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 17:30 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-19 17:30 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-19 17:30 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-19 17:30 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-19 17:30 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 17:30 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-19 17:30 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-19 17:30 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-19 17:30 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-19 17:30 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-19 17:30 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-19 17:29 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-19 17:29 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-19 17:29 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-19 11:59 - 2015-04-19 11:59 - 00000000 ____D () C:\Users\Dorothy\Documents\Bluetooth Exchange Folder
2015-04-08 09:24 - 2015-04-08 09:24 - 00003638 _____ () C:\Windows\System32\Tasks\Anti Virus Updater Schedualer
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Anti Virus Updater
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-26 11:22 - 2015-03-26 11:22 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\{6B85176D-2AF4-4432-BFAD-A1B324BEE743}
2015-03-24 19:44 - 2015-03-24 19:44 - 00000021 _____ () C:\Windows\SurCode.INI
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 13:32 - 2013-01-11 16:29 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\PMB Files
2015-04-23 13:27 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 13:27 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 13:26 - 2012-08-20 19:36 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-04-23 13:25 - 2012-07-09 14:14 - 01784717 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 13:24 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 13:22 - 2009-07-14 00:51 - 00092092 _____ () C:\Windows\setupact.log
2015-04-23 13:20 - 2013-05-14 16:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 13:19 - 2015-03-23 14:03 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-04-23 13:19 - 2012-07-16 09:47 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA.job
2015-04-23 13:17 - 2013-05-14 16:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 13:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 13:11 - 2012-09-22 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 12:30 - 2014-02-11 16:58 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDorothy.job
2015-04-23 12:29 - 2010-11-20 23:47 - 01069078 _____ () C:\Windows\PFRO.log
2015-04-23 12:28 - 2012-07-10 16:49 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Hoyle Puzzle and Board Games
2015-04-23 12:28 - 2012-07-09 20:44 - 00000000 ____D () C:\Users\Dorothy\Documents\Outlook Files
2015-04-23 12:24 - 2012-07-11 12:36 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-23 12:18 - 2015-03-17 09:22 - 00003266 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer
2015-04-23 09:24 - 2012-07-09 18:40 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\CrashDumps
2015-04-23 09:22 - 2015-03-18 09:22 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2015-04-23 02:00 - 2014-07-13 21:29 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\Adobe
2015-04-22 22:19 - 2012-07-16 09:47 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core.job
2015-04-22 21:38 - 2012-07-09 14:21 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A08C57D-C34B-40CB-995F-A062CE32B1FD}
2015-04-22 17:05 - 2012-07-09 19:25 - 00000000 ____D () C:\Users\Dorothy\Documents\Financial
2015-04-21 15:50 - 2014-02-11 16:58 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDorothy
2015-04-21 15:49 - 2012-07-10 15:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-21 13:11 - 2012-07-09 19:22 - 00000000 ____D () C:\Users\Dorothy\Documents\Employment
2015-04-20 11:23 - 2012-07-09 20:44 - 00000000 ____D () C:\Users\Dorothy\Documents\OMHS
2015-04-20 08:19 - 2015-03-23 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-04-20 08:19 - 2015-03-23 14:02 - 00023512 _____ () C:\Windows\DPINST.LOG
2015-04-20 08:18 - 2015-03-23 14:01 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-20 08:18 - 2015-03-23 14:01 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-20 08:16 - 2013-09-24 16:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 08:13 - 2012-09-22 11:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-20 08:13 - 2012-09-22 11:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-20 08:13 - 2012-04-09 16:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-20 04:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-20 03:49 - 2014-12-10 04:30 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-20 03:49 - 2014-05-16 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-20 03:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-20 03:33 - 2012-07-09 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 03:27 - 2011-02-11 13:15 - 00770488 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-20 03:18 - 2012-04-09 16:26 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 03:17 - 2013-07-23 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 03:07 - 2012-12-13 12:52 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-20 03:07 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-19 19:45 - 2013-12-11 12:33 - 00000014 _____ () C:\Windows\popcinfo.dat
2015-04-19 18:02 - 2015-01-14 14:18 - 00000000 ____D () C:\Users\Dorothy\Documents\My Kindle Content
2015-04-19 16:37 - 2012-11-13 13:20 - 00000000 ___RD () C:\Users\Dorothy\Dropbox
2015-04-19 16:37 - 2012-11-13 13:18 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Dropbox
2015-04-11 13:39 - 2012-07-09 20:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Recipes
2015-04-10 23:07 - 2012-11-13 13:18 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-10 16:24 - 2014-01-27 13:41 - 00000000 ____D () C:\Program Files (x86)\SpiteNET9
2015-04-09 11:08 - 2014-11-26 11:42 - 00000000 ____D () C:\Users\Dorothy\Documents\Shopping
2015-04-08 09:18 - 2012-07-23 19:45 - 00000000 ____D () C:\Users\Dorothy\.frostwire5
2015-04-02 20:17 - 2012-12-20 11:34 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\vlc
2015-04-02 16:15 - 2012-04-09 16:28 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-04-01 12:01 - 2015-03-17 09:22 - 00000000 ____D () C:\Program Files (x86)\IT Viewer
2015-03-29 13:18 - 2012-07-09 19:32 - 00000000 ____D () C:\Users\Dorothy\Documents\My eBooks
2015-03-28 18:01 - 2012-08-20 14:25 - 00000000 ____D () C:\ProgramData\Recovery
2015-03-26 13:01 - 2015-01-14 14:17 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-03-24 16:01 - 2012-07-09 19:28 - 00000000 ____D () C:\Users\Dorothy\Documents\Licenses
2015-03-24 10:44 - 2012-07-09 19:29 - 00000000 ____D () C:\Users\Dorothy\Documents\MISC
2015-03-24 10:41 - 2012-07-09 20:46 - 00000000 ____D () C:\Users\Dorothy\Documents\Printing Projects
2015-03-24 09:54 - 2012-07-09 20:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Travel
2015-03-24 09:49 - 2012-07-09 20:47 - 00000000 ____D () C:\Users\Dorothy\Documents\Rebecca
==================== Files in the root of some directories =======
2014-10-16 18:54 - 2014-10-16 18:54 - 0000132 _____ () C:\Users\Dorothy\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2014-12-08 17:45 - 2015-02-13 22:02 - 0000132 _____ () C:\Users\Dorothy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-17 09:22 - 2015-03-17 09:22 - 0000000 _____ () C:\Users\Dorothy\AppData\Roaming\C281.tmp
2015-03-29 09:24 - 2015-03-29 09:24 - 0009662 _____ () C:\Users\Dorothy\AppData\Roaming\em_64x64.ico
2014-10-16 18:55 - 2014-10-16 18:57 - 0001456 _____ () C:\Users\Dorothy\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-03 15:04 - 2013-12-03 15:04 - 0003584 _____ () C:\Users\Dorothy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 12:02 - 2014-05-17 20:31 - 0007595 _____ () C:\Users\Dorothy\AppData\Local\Resmon.ResmonCfg
2012-08-17 13:22 - 2012-08-17 13:22 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Dorothy\AppData\Local\Temp\1725.tmp.exe
C:\Users\Dorothy\AppData\Local\Temp\698A.tmp.exe
C:\Users\Dorothy\AppData\Local\Temp\a8cb9012-c9e9-4a57-9f84-9531a4efcbf1.exe
C:\Users\Dorothy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Dorothy\AppData\Local\Temp\BF57.tmp.exe
C:\Users\Dorothy\AppData\Local\Temp\BF96.tmp.exe
C:\Users\Dorothy\AppData\Local\Temp\C60A.tmp.exe
C:\Users\Dorothy\AppData\Local\Temp\conduitchecker.exe
C:\Users\Dorothy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc4_jfq.dll
C:\Users\Dorothy\AppData\Local\Temp\GetCC.dll
C:\Users\Dorothy\AppData\Local\Temp\GPUpd55097C840.exe
C:\Users\Dorothy\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Dorothy\AppData\Local\Temp\htchome_installer.exe
C:\Users\Dorothy\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Dorothy\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Dorothy\AppData\Local\Temp\MotoCast_Installer_2.0031.exe
C:\Users\Dorothy\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Dorothy\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Dorothy\AppData\Local\Temp\nse2519.exe
C:\Users\Dorothy\AppData\Local\Temp\nsj978A.exe
C:\Users\Dorothy\AppData\Local\Temp\nsu2FD6.exe
C:\Users\Dorothy\AppData\Local\Temp\nsuB338.exe
C:\Users\Dorothy\AppData\Local\Temp\ose00000.exe
C:\Users\Dorothy\AppData\Local\Temp\ose00001.exe
C:\Users\Dorothy\AppData\Local\Temp\Resource.exe
C:\Users\Dorothy\AppData\Local\Temp\SendMsg.dll
C:\Users\Dorothy\AppData\Local\Temp\sp58915.exe
C:\Users\Dorothy\AppData\Local\Temp\sp64126.exe
C:\Users\Dorothy\AppData\Local\Temp\SpOrder.dll
C:\Users\Dorothy\AppData\Local\Temp\SPSetup.exe
C:\Users\Dorothy\AppData\Local\Temp\SPStub.exe
C:\Users\Dorothy\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Dorothy\AppData\Local\Temp\tasks.dll
C:\Users\Dorothy\AppData\Local\Temp\uninstall.exe
C:\Users\Dorothy\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Dorothy\AppData\Local\Temp\vbmz2.exe
C:\Users\Dorothy\AppData\Local\Temp\Vid-Saver-rs.exe
C:\Users\Dorothy\AppData\Local\Temp\VisualBeeSilent.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-20 04:22
==================== End Of Log ============================
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015 01
Ran by Dorothy at 2015-04-23 13:32:25
Running from C:\Users\Dorothy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Abyss: The Wraiths of Eden Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe OnLocation Cs5.5 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Visual Communicator 3 (HKLM-x32\...\InstallShield_{A5335A43-C886-4447-9885-013E62796E7C}) (Version: 3.0.3129.0 - Adobe Systems Incorporated)
After Effects CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazing Pyramids (x32 Version: 2.2.0.110 - WildTangent) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Amulet of Time: Shadow of La Rochelle (x32 Version: 3.0.2.32 - WildTangent) Hidden
Angelica Weaver: Catch Me When You Can Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atlantis Adventure 1.0 (HKLM-x32\...\Atlantis_Adventure_1.0) (Version: - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudioBox version 1.21 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.21 - PreSonus)
Audition CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Between the Worlds 2: The Pyramid (x32 Version: 2.2.0.110 - WildTangent) Hidden
Big Kahuna Reef 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Black Rainbow (x32 Version: 3.0.2.59 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Call of Atlantis: Treasures of Poseidon Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Call of the Ages (x32 Version: 3.0.2.51 - WildTangent) Hidden
Castle: Never Judge a Book by Its Cover (x32 Version: 3.0.2.51 - WildTangent) Hidden
Celtx (2.9.1) (HKLM-x32\...\Celtx (2.9.1)) (Version: 2.9.1 (en-US) - Greyfirst)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Dynomite (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elevated Installer (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden
Eternal Journey: New Atlantis (x32 Version: 3.0.2.32 - WildTangent) Hidden
Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.)
Fall of the New Age Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FitDay PC version 1.0 (HKLM-x32\...\FitDay_is1) (Version: 1.0 - Cyser Software, Inc.)
FrostWire 5.7.7 (HKLM-x32\...\FrostWire 5) (Version: 5.7.7.2 - FrostWire LLC)
Garmin Communicator Plugin (HKLM-x32\...\{E883466C-77EC-44AC-8EC8-417A4A16AB3F}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{D2DB454C-645C-448A-A0B9-B6F6C1D75BA8}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{ec94ae3d-c856-4a54-b596-a5c2c36a0208}) (Version: 4.0.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin VoiceStudio v2.40 (HKLM-x32\...\{15DF4EE8-DE41-453A-800A-5814A5CDF003}) (Version: 2.40.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hexus (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hidden Path of Faery (x32 Version: 3.0.2.32 - WildTangent) Hidden
Hoyle Classic Board Game Collection 1 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Hoyle Classic Board Game Collection 2 (x32 Version: 3.0.2.32 - WildTangent) Hidden
Hoyle Classic Board Game Collection 3 (x32 Version: 3.0.2.118 - WildTangent) Hidden
Hoyle Classic Board Game Collection 4 (x32 Version: 3.0.2.118 - WildTangent) Hidden
Hoyle Puzzle and Board Games 2011 (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.8812 - HP Photo Creations)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{0446B95B-C0FD-4DE9-BD8E-76015D05E4F3}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{D9F55AA1-FD3E-47FF-A385-72ED53666D3F}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
Illustrator CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jacquie Lawson Christmas Market (HKLM-x32\...\com.jacquielawson.marketadventcalendar2014) (Version: 1.0.1 - MicroCourt Limited)
Jacquie Lawson Christmas Market (x32 Version: 1.0.1 - MicroCourt Limited) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
Jewel Match 4 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.6.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.6.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: 3.6.0 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Legalsounds Download Manager (HKLM-x32\...\LegalsoundsDownloadManager) (Version: 1.4.9 - LegalMedia)
Legalsounds Download Manager (x32 Version: 1.4.9 - LegalMedia) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft MapPoint North America 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-1111BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MimoByte Sound Application (HKLM-x32\...\{9CF4DEF6-33FE-415C-82D8-23C31EF0A7AD}) (Version: 1.0.0 - Mimoco)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myths of Orion: Lights From The North (x32 Version: 3.0.2.118 - WildTangent) Hidden
NetMon (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\NetMon) (Version: 0.5b - NetMon) <==== ATTENTION!
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Path of Hercules (x32 Version: 3.0.2.51 - WildTangent) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photoshop CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
Prelude CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Premiere Pro CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
PreSonus Studio One (HKLM-x32\...\PreSonus Studio One) (Version: 1.6.4.14644 - PreSonus Audio Electronics)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
Puzzle Express (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}) (Version: - Oberon Media)
Puzzle Kingdoms (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Sacra Terra: Kiss of Death Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.21.0.204 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sparkle (x32 Version: 2.2.0.98 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
SpeedGrade CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
SpiteNET: Spite and Malice Multiplayer Edition v.9.2.1 (HKLM-x32\...\ST6UNST #1) (Version: - )
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
StudioTax 2008 (HKLM\...\{B87ED12E-A95F-45AC-89E7-02CFD5BD2353}) (Version: 4.0.3.6 - BHOK It Consulting)
StudioTax 2012 (HKLM-x32\...\{73C5CC89-3567-4B27-A7A0-28267FA7E037}) (Version: 8.0.4.0 - BHOK IT Consulting)
Super Collapse! (HKLM-x32\...\{A301896D-9F55-4492-B518-30EAC4C723E1}) (Version: - )
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Book of Desires (x32 Version: 3.0.2.38 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
The Game of Life® (x32 Version: 3.0.2.32 - WildTangent) Hidden
The Lost Kingdom Prophecy (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Mirror Mysteries: Forgotten Kingdoms (x32 Version: 3.0.2.48 - WildTangent) Hidden
The Treasures of Montezuma 4 (x32 Version: 3.0.2.51 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VisualBee V.3 Toolbar for IE (HKLM-x32\...\IECT3287802) (Version: 6.17.2.8 - VisualBee V.3) <==== ATTENTION
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
Webshots Desktop (HKLM-x32\...\Webshots Desktop) (Version: - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
11-04-2015 12:46:04 Windows Update
20-04-2015 03:00:56 Windows Update
20-04-2015 08:15:51 WD SmartWare Installer
23-04-2015 04:06:08 Windows Update
23-04-2015 12:27:08 AA11
23-04-2015 12:40:27 AA11
23-04-2015 13:21:33 AA11
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {071F6DD1-4EDE-44FA-8748-6E09DD5E9345} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1AB8C2D6-AC4D-4896-ABF3-4B0311915127} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1F34118D-D241-4814-ABA8-E694D0968D06} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {20D30041-C501-4A80-8249-53EC47FDDFF7} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Dorothy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {227B9098-AA08-46CE-90D4-D4B2CA0B5761} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {244F45B5-3D93-4698-A7FC-67F5DDAFF5FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3FBE4538-0868-4FBA-AF73-6BBA96AF945D} - System32\Tasks\Anti Virus Updater Schedualer => C:\Program Files (x86)\Anti Virus Updater\Anti VirusUpdater.exe [2015-04-08] (Secure Updater)
Task: {4E43AC81-4888-4191-BAA7-41EDB2780D60} - System32\Tasks\HPCeeScheduleForDorothy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {506AAA89-B8AF-445B-A06F-F3D91F553BFC} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-08-20] ()
Task: {52A340A7-E925-4C1C-940C-F3BE131D820A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {61E2B452-7FB5-489B-8133-5B7C279CF9FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.)
Task: {636C1F8F-6D38-47EF-A8DB-79E26B579FD1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6A15E9B3-C74A-4692-8F6E-77D87ADEDC02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6AAF245A-CA3E-47A7-A275-52340F196D02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)
Task: {72686360-E05A-4F06-82D1-E37A33A2E617} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.)
Task: {728F3405-6CA9-4CB6-800F-06CDE812A76C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B} - System32\Tasks\IT Viewer Schedualer => C:\Program Files (x86)\IT Viewer\astask.exe [2015-03-17] (Jelbrus)
Task: {76B7F9FB-95A4-4C21-9F23-D1258F3DB3A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {884141AE-1614-4696-A4B6-AC8100EE10E4} - System32\Tasks\{089D7A13-5913-4685-A216-076935143215} => pcalua.exe -a "C:\Users\Dorothy\zips\Soundbooth CS5\English\Installer\Adobe Soundbooth CS5 x64.exe" -d "C:\Users\Dorothy\zips\Soundbooth CS5\English\Installer"
Task: {95B2E5D3-CACA-480E-B873-97273738E9E6} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-03-17] () <==== ATTENTION
Task: {9765BC5E-9920-42C5-8E51-237CE828AA29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9F8373F8-062D-4F3B-94BD-F570DF5C1170} - System32\Tasks\AdobeAAMUpdater-1.0-Dorothy-HP-Dorothy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {9FA72641-E704-42A8-9328-68D1E044DD7C} - System32\Tasks\Western Digital\SmartWare\____Volume_8157bec3_8288_11e1_bf13_806e6f6e6963______Volume_4944edd4_d0b1_11e4_93ef_9cb70d9c1aa2__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-02-12] (Western Digital Technologies, Inc.)
Task: {A3B3047C-3F49-42C6-97FD-D3177FB067DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {AF561A14-5B47-4C5E-8481-1D60949F8140} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {B8644F9B-493E-4BE2-B495-90752EFE23B2} - System32\Tasks\Malware Cleaner => C:\Users\Dorothy\AppData\Roaming\C281.tmp.exe <==== ATTENTION
Task: {BDF69852-547F-4ABA-9855-62FB9C0B832B} - System32\Tasks\VisualBeeRecovery => C:\Users\Dorothy\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe <==== ATTENTION
Task: {BE711AAA-ACDC-45C3-ACF9-5F799614BE3C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DC6003F1-A5AF-4818-8123-C8E0F36AAEE2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {DF7998FF-AD35-4067-A644-EEF706AEE556} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {EB80503C-2907-4771-A421-F55D87B1FBAF} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31] (Hewlett-Packard Co.)
Task: {F0670C58-766D-4211-8A4C-15496306C524} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {F64772EB-2CDA-4987-8BC1-9DC69FB223D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core.job => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA.job => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDorothy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) ==============
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-11 16:29 - 2013-01-11 16:29 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2014-01-11 18:40 - 2012-10-09 13:02 - 07591424 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe
2015-03-18 09:24 - 2015-03-18 09:24 - 00840206 _____ () C:\Users\Dorothy\AppData\Roaming\NetMon\netmon.exe
2012-09-04 12:44 - 2012-09-04 12:44 - 00987136 _____ () C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe
2011-09-08 16:53 - 2011-09-08 16:53 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-02 15:41 - 2011-08-02 15:41 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-04-23 12:42 - 2015-04-23 12:42 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-04-23 12:42 - 2015-04-23 12:42 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-04-23 12:42 - 2015-04-23 12:42 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-04-23 12:42 - 2015-04-23 12:42 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-17 09:22 - 2015-03-17 09:23 - 00086528 _____ () C:\Program Files (x86)\IT Viewer\mgwz.dll
2014-01-11 18:40 - 2012-05-22 13:07 - 00176128 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00039256 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-04-19 12:32 - 2015-04-13 17:55 - 01252680 _____ () C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-19 12:32 - 2015-04-13 17:55 - 00080712 _____ () C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-19 12:32 - 2015-04-13 17:55 - 14980424 _____ () C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft:9e5DkIG22H43bOvawKEyABE6Sdt
AlternateDataStreams: C:\ProgramData\Microsoft:j1v4uj4DYBR29ESodEPAsF
AlternateDataStreams: C:\ProgramData\Temp:A907E812
AlternateDataStreams: C:\Users\Dorothy\Local Settings:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\Local Settings:eahIT9zHNBFIX68yejqM6kRQ
AlternateDataStreams: C:\Users\Dorothy\AppData\Local:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\AppData\Local:eahIT9zHNBFIX68yejqM6kRQ
AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:eahIT9zHNBFIX68yejqM6kRQ
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2253929276-2761414899-1364960208-500 - Administrator - Disabled)
Dorothy (S-1-5-21-2253929276-2761414899-1364960208-1000 - Administrator - Enabled) => C:\Users\Dorothy
Guest (S-1-5-21-2253929276-2761414899-1364960208-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2253929276-2761414899-1364960208-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/23/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0x2d6c
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
Error: (04/22/2015 11:03:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883401: Failed to uninstall device with serial number: CN26J3514805PX.
Error: (04/22/2015 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883393: Failed to uninstall device with serial number: CN26J3514805PX.
Error: (04/22/2015 11:03:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Photosmart 7510 series' device to complete the uninstallation.
Error: (04/22/2015 09:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0x2700
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
Error: (04/21/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0x2494
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
Error: (04/20/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0xe3c
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
Error: (04/19/2015 00:55:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (04/19/2015 00:17:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0x1dec
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
Error: (04/11/2015 04:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 14.0.7143.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 2aa0
Start Time: 01d06da3824ec760
Termination Time: 3479
Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Report Id: 4473201a-e088-11e4-93ef-9cb70d9c1aa2
System errors:
=============
Error: (04/23/2015 01:21:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (04/23/2015 01:21:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect Service service failed to start due to the following error:
%%2
Error: (04/23/2015 01:19:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WD Backup service failed to start due to the following error:
%%1053
Error: (04/23/2015 01:19:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WD Backup service to connect.
Error: (04/23/2015 01:18:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (04/23/2015 01:18:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IE Search Set service to connect.
Error: (04/23/2015 00:32:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (04/23/2015 00:32:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect Service service failed to start due to the following error:
%%2
Error: (04/23/2015 00:31:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (04/23/2015 00:28:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Microsoft Office Sessions:
=========================
Error: (04/23/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad2d6c01d07dc886348ca8C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll0cb71627-e9bc-11e4-8c58-9cb70d9c1aa2
Error: (04/22/2015 11:03:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883401: Failed to uninstall device with serial number: CN26J3514805PX.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/22/2015 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883393: Failed to uninstall device with serial number: CN26J3514805PX.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/22/2015 11:03:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Photosmart 7510 series' device to complete the uninstallation.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/22/2015 09:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad270001d07cff5bce08efC:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dlle2ca5816-e8f2-11e4-8c58-9cb70d9c1aa2
Error: (04/21/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad249401d07c36316dc6ddC:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dllb7d092e5-e829-11e4-8c58-9cb70d9c1aa2
Error: (04/20/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ade3c01d07b6d06dcf1a8C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll8dc521c8-e760-11e4-8c58-9cb70d9c1aa2
Error: (04/19/2015 00:55:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (04/19/2015 00:17:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad1dec01d07abbc2b2efb1C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll9a5a5835-e6af-11e4-a5f9-9cb70d9c1aa2
Error: (04/11/2015 04:21:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7143.50002aa001d06da3824ec7603479C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE4473201a-e088-11e4-93ef-9cb70d9c1aa2
CodeIntegrity Errors:
===================================
Date: 2012-12-19 22:10:10.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-12-19 22:09:28.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-12-19 22:01:41.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-12-19 22:01:03.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-12-19 22:00:29.888
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD A8-3820 APU with Radeon HD Graphics
Percentage of memory in use: 38%
Total physical RAM: 7666.85 MB
Available physical RAM: 4679.86 MB
Total Pagefile: 15331.89 MB
Available Pagefile: 11733.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1380.36 GB) (Free:919.45 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.8 GB) (Free:2.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1532.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B77F4ACF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1380.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 60D76091)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Hi Dorothy,

 

1. What does this program do?

2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Anti Virus Updater
2. Please, uninstall (or update):
Java 8 Update 31
Java™ 6 Update 35

Since they are old versions with known vulnerabilities that can be exploited by a web page to infect the computer. Most persons don't need to have Java installed, but if you need it's very important to always have the latest version.

 

3. Please, uninstall:
VisualBee V.3 Toolbar for IE, see http://www.systemlookup.com/CLSID/77666-prxtbVisu_dll_prxtbVis0_dll_prxtbVis1_dll_prxtbVis2_dll_prxtbVis3_dll.html

 

 

4. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

Thanks Cecilia,

 

In response to your points:

 

1. What does this program do?

2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\ANTI VIRUSarrow-10x10.png Updater
I'm not sure what that does - I looked at the properties and couldn't tell. The only thing I can think of is that it was part of Microsoft Security Essentials, which I uninstalled because it's not compatible with Ad-Aware. I can't see it in the Programs list, so I don't know how to uninstall it, short of just deleting it.
2. Please, uninstall (or update):
Java 8 Update 31
Java™ 6 Update 35

Since they are old versions with known vulnerabilities that can be exploited by a web page to infect the computer. Most persons don't need to have JAVA INSTALLEDarrow-10x10.png, but if you need it's very important to always have the latest version.

I uninstalled all Java. If I find I need it later, I can always install the latest version, as you suggested.

3. Please, uninstall:
VisualBee V.3 Toolbar for IE, see http://www.systemloo...tbVis3_dll.html

I uninstalled this from the Control Panel / Programs - but it gave an error saying it couldn't find the file.

4. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net...d/1-adwcleaner/

[..]

Done - output is copied below. Please note - it flagged two items for "cleaning". I assume I should click on Clean and let it remove them?

# AdwCleaner v4.202 - Logfile created 24/04/2015 at 09:14:56
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dorothy - DOROTHY-HP
# Running from : C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe
# Option : Scan
***** [ Services ] *****
Service Found : CltMngSvc
Service Found : PrivoxyService
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Dorothy\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\PrivateVPN
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\VisualBee
Folder Found : C:\Users\Dorothy\AppData\Local\avayvaxvaa
Folder Found : C:\Users\Dorothy\AppData\Local\Conduit
Folder Found : C:\Users\Dorothy\AppData\Local\NativeMessaging
Folder Found : C:\Users\Dorothy\AppData\Local\SearchProtect
Folder Found : C:\Users\Dorothy\AppData\Local\Temp\NativeMessaging
Folder Found : C:\Users\Dorothy\AppData\Local\VisualBeeExe
Folder Found : C:\Users\Dorothy\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetMon
Folder Found : C:\Users\Dorothy\AppData\Roaming\NetMon
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Found : C:\Windows\SysWOW64\SearchProtect
***** [ Scheduled tasks ] *****
Task Found : Malware Cleaner
Task Found : VisualBeeRecovery
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134839E3-4408-4006-9B48-AA528D1EABF6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMon
Key Found : HKCU\Software\NetMon
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\visualbee
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134839E3-4408-4006-9B48-AA528D1EABF6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\NetMon
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\visualbee
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287802
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\GamesBarSetup
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKLM\SOFTWARE\VBMZ
Key Found : HKLM\SOFTWARE\visualbee
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [savedLegacySettings]
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Google Chrome v
[C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ontario.ca/government/search-results?query={searchTerms}&op=Search
[C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?client=&qt={searchTerms}&search=%EF%80%A1&charset=utf-8
[C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxps://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861",
"usage_count": 0
}
},
"extensions": {
"settings": {
"ahfgeienlihckogmohjhadlkjgocpleb": {
"active_bit": true,
"active_permissions": {
"api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "n",
"commands": {
},
"creation_flags": 1,
"events": [ ],
"extension_can_script_all_urls": true,
"from_bookmark": false,
"from_webstore": false,
"install_time": "13013879872913013",
"last_launch_time": "13041121758921893",
"location": 5,
"manifest": {
"app": {
"launch": {
"web_url": "hxxps://chrome.google.com/webstore"
},
"urls": [ "hxxps://chrome.google.com/webstore" ]
},
"description": "Chrome Web Store",
"icons": {
"128": "webstore_icon_128.png",
"16": "webstore_icon_16.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
"name": "Store",
"permissions": [ "webstorePrivate", "management" ],
"version": "0.2"
},
"page_ordinal": "n",
"path": "C:\\Users\\Dorothy\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\web_store",
"was_installed_by_default": false
},
"aiahmijlpehemcpleichkcokhegllfjl": {
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "zv",
"commands": {
},
"content_settings": [ ],
"creation_flags": 9,
"events": [ ],
"extension_can_script_all_urls": true,
"from_bookmark": false,
"from_webstore": true,
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13065319636082794",
"lastpingday": "13074073202164881",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxps://www.duolingo.com"
},
"urls": [ "*://*.duolingo.com/" ]
},
"current_locale": "en_US",
"default_locale": "en",
"description": "Learn languages completely free, without ads or hidden charges. It's fun, easy, and scientifically proven.",
"icons": {
"128": "icon_128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7D/xInzxo29PsfM/BsgANUG4q91QHTAN2l+iV+UwA7BQPUwyFSjwOxcnW3VzTRcQOoYrd5Kb0GaWu++DdFy7y4+m1+L3wsCyJB66fp2nQvO88nmVBlaNsvYbo2ZX3BMeucSXuzxDiVAc3K1rd0AFxpwRfM9r2xZjWivRjNuAFvwIDAQAB",
"manifest_version": 2,
"name": "Duolingo on the Web",
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "1.0.13"
},
"page_ordinal": "n",
"path": "aiahmijlpehemcpleichkcokhegllfjl\\1.0.13_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"ajebcmdcgoggdncokkbdifohckmfpgnb": {
"active_bit": false,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "zz",
"creation_flags": 9,
"events": [ ],
"extension_can_script_all_urls": true,
"from_bookmark": false,
"from_webstore": true,
"install_time": "13035152944596110",
"last_active_pingday": "13058089204272585",
"last_launch_time": "13057971137357144",
"lastpingday": "13074073202164881",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxps://www.gojee.com/food/"
},
"urls": [ "*://www.gojee.com/food/" ]
},
"description": "Looking for inspiration? Find recipes from the world's best food writers with ingredients you have at home",
"icons": {
"128": "icon_128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDGlTUGKR6gbU1gyJp0NcEDKrCW4yOg4x85/BAjFGP8dF8BD7uKh1y/aWEaDIGc+habpmbVFN6WVIA1CEuqLRYuDLDm0OxRsLCpVVOXNBOhIymD3+8w+oCU+FuuXR+Pl02ASAmcNv0/o2fdJMOlgfzatEg3rK7ug8Nphh7AF8TwwIDAQAB",
"manifest_version": 2,
"name": "Gojee Food",
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "4.0"
},
"page_ordinal": "n",
"path": "ajebcmdcgoggdncokkbdifohckmfpgnb\\4.0_0",
"state": 1,
"was_installed_by_default": false
},
"bepbmhgboaologfdajaanbcjmnhjmhfn": {
"disable_reasons": 1,
"state": 0
},
"blpcfgokakmgnkcojhhkbfbldkacnbeo": {
"ack_external": true,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "x",
"commands": {
},
"content_settings": [ ],
"creation_flags": 153,
"events": [ ],
"from_bookmark": true,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13067642132303671",
"lastpingday": "13074073202164881",
"location": 1,
"manifest": {
"app": {
"launch": {
"container": "tab",
"web_url": "hxxp://www.youtube.com/?feature=ytca"
},
"web_content": {
"enabled": true,
"origin": "hxxp://www.youtube.com"
}
},
"current_locale": "en_US",
"default_locale": "en",
"description": "The world's most popular online video community.",
"icons": {
"128": "128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
"manifest_version": 2,
"name": "YouTube",
"update_url": "hxxp://clients2.google.com/service/update2/crx",
"version": "4.2.7"
},
"page_ordinal": "n",
"path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"booedmolknjekdopkepjjeckmjkdpfgl": {
"active_permissions": {
"api": [ "tabs", "webNavigation", "webRequest", "webRequestBlocking" ],
"explicit_host": [ "chrome://newtab/*", "chrome://settings-frame/*", "hxxp://*/*", "hxxps://*/*" ],
"manifest_permissions": [ ],
"scriptable_host": [ "chrome://settings-frame/*" ]
},
"creation_flags": 1,
"events": [ ],
"from_bookmark": false,
"from_webstore": false,
"initial_keybindings_set": true,
"install_time": "13034284313462423",
"location": 5,
"manifest": {
"background": {
"persistent": true,
"scripts": [ "bk.js" ]
},
"content_scripts": [ {
"js": [ "cs.js" ],
"matches": [ "chrome://settings-frame/*" ]
} ],
"content_security_policy": "default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';",
"description": "Extutil",
"incognito": "spanning",
"key": "MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+ea9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
"manifest_version": 2,
"name": "Extutil",
"permissions": [ "chrome://newtab/", "tabs", "webNavigation", "hxxp://*/*", "hxxps://*/*", "chrome://settings-frame/" ],
"version": "0.1"
},
"path": "C:\\Users\\Dorothy\\AppData\\Local\\Temp\\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B",
"was_installed_by_default": false
},
"coobgpohoikkiipiblmjeljniedjpjpf": {
"ack_external": true,
"active_bit": false,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "t",
"commands": {
},
"content_settings": [ ],
"creation_flags": 153,
"events": [ ],
"from_bookmark": true,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13072033732613523",
"last_active_pingday": "13029494405575383",
"lastpingday": "13074073202164881",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxp://www.google.com/webhp?source=search_app"
},
"urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ]
},
"current_locale": "en_US",
"default_locale": "en",
"description": "The fastest way to search the web.
*************************
AdwCleaner[R0].txt - [20174 bytes] - [24/04/2015 09:14:56]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20234 bytes] ##########

Share this post


Link to post
Share on other sites

AdwCleaner found a lot more than two items, since there are several tabs, but you're right the next step is to clean using AdwCleaner.

 

1. Please, turn off all programs, including browsers.

If you have exit AdwCleaner:

Double-click on AdwCleaner to start the program.
Click on the Scan button.
Wait until the search has finished.

 

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt

 

3. Start FRST.

Select Addition.txt.

Scan with the program and paste the two new logs into your reply.

 

 

4. Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

Share this post


Link to post
Share on other sites

Ok, so I ran into some issues. FIrst when I ran AdwCleaner, it found the same list of items, so I clicked clean. It went all the way to finish but then froze. I left it for about 10 minute then gave up and shut it down and rebooted. I ran it again after the reboot. It only showed 2 items in the registry tab. I clicked clean again, and this time it finished and rebooted the PC. Here's the log:

 

# AdwCleaner v4.202 - Logfile created 24/04/2015 at 10:58:51
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dorothy - DOROTHY-HP
# Running from : C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17728
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [20422 bytes] - [24/04/2015 09:14:56]
AdwCleaner[R1].txt - [20482 bytes] - [24/04/2015 10:47:08]
AdwCleaner[R2].txt - [1087 bytes] - [24/04/2015 10:57:21]
AdwCleaner[s0].txt - [7801 bytes] - [24/04/2015 10:49:07]
AdwCleaner[s1].txt - [1017 bytes] - [24/04/2015 10:58:51]
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1076 bytes] ##########
I then ran FRST - here are the two logs:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Dorothy (administrator) on DOROTHY-HP on 24-04-2015 11:03:49
Running from C:\Users\Dorothy\Desktop
Loaded Profiles: Dorothy (Available profiles: Dorothy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\PreSonus\AudioBox\AudioBox.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Akamai Technologies, Inc.) C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Google Update] => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-16] (Google Inc.)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-11] ()
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Dorothy\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7591424 2012-10-09] ()
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [707416 2015-03-10] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [NetMon] => C:\Users\Dorothy\AppData\Roaming\NetMon\netmon.exe
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\MountPoints2: {b02ce3b0-5a36-11e2-9537-9cb70d9c1aa2} - J:\MotoCastSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-04-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to mimobyte.exe.lnk [2013-06-21]
ShortcutTarget: Shortcut to mimobyte.exe.lnk -> C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe ()
Startup: C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-07-18]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {134839E3-4408-4006-9B48-AA528D1EABF6} URL =
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/?q={searchTerms}&u=9638d97a1bbc5d62761c21dc1fa10c35&c=up1&src=srch&inst=1428153861
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {8FA5D783-B1F8-4F89-AAC3-E75B93E3F2D3} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {A640573D-48E5-4AAB-A0E1-24B62217E276} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-14] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F3131339-8F2A-4098-8C4E-FCC9585322CC}: [NameServer] 208.67.222.222
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-11] (Pando Networks)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2012-06-20] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\37\NP_wtapp.dll [2014-11-21] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2253929276-2761414899-1364960208-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-11] (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-08-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-05-28]
Chrome:
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Duolingo on the Web) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-01-25]
CHR Extension: (Gojee Food) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2014-01-25]
CHR Extension: (YouTube) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-16]
CHR Extension: (Google Search) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-16]
CHR Extension: (Candy Matcher Deluxe) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2014-01-25]
CHR Extension: (Hola Better Internet) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-12-15]
CHR Extension: (Scott Draves) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldociafpimkkkdneicfdkdbgcllhdhj [2014-01-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2014-01-25]
CHR Extension: (Floor plans and interior design) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2014-01-25]
CHR Extension: (Do It (Tomorrow)) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Dorothy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-16]
CHR HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21]
StartMenuInternet: Google Chrome - C:\Users\Dorothy\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-02] (WildTangent)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [699912 2015-03-10] (Garmin Ltd. or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-12] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio_x64.sys [250728 2012-10-09] ()
S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp_x64.sys [69992 2012-10-09] ()
S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks_x64.sys [51560 2012-10-09] ()
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-24 11:03 - 2015-04-24 11:05 - 00030669 _____ () C:\Users\Dorothy\Desktop\FRST.txt
2015-04-24 11:01 - 2015-04-24 11:01 - 00001156 _____ () C:\Users\Dorothy\Desktop\AdwCleaner[s1].txt
2015-04-24 09:14 - 2015-04-24 10:58 - 00000000 ____D () C:\AdwCleaner
2015-04-24 08:56 - 2015-04-24 08:56 - 02224640 _____ () C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe
2015-04-23 13:30 - 2015-04-24 11:03 - 00000000 ____D () C:\FRST
2015-04-23 13:27 - 2015-04-23 13:27 - 02099712 _____ (Farbar) C:\Users\Dorothy\Desktop\FRST64.exe
2015-04-23 13:22 - 2015-04-23 13:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-04-23 12:42 - 2015-04-23 12:42 - 00000000 ____D () C:\ProgramData\BitDefender
2015-04-23 12:41 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-04-23 12:41 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-04-20 08:18 - 2015-04-20 08:18 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-20 08:18 - 2015-04-20 08:18 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-04-20 03:49 - 2015-04-20 03:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Webshots Data
2015-04-20 03:18 - 2015-04-20 03:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-20 03:18 - 2015-04-20 03:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-19 17:30 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-19 17:30 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-19 17:30 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-19 17:30 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-19 17:30 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-19 17:30 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-19 17:30 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-19 17:30 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-19 17:30 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-19 17:30 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-19 17:30 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-19 17:30 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-19 17:30 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-19 17:30 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-19 17:30 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-19 17:30 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-19 17:30 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-19 17:30 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-19 17:30 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-19 17:30 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-19 17:30 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-19 17:30 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-19 17:30 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-19 17:30 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-19 17:30 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-19 17:30 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-19 17:30 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-19 17:30 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-19 17:30 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-19 17:30 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-19 17:30 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-19 17:30 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-19 17:30 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-19 17:30 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-19 17:30 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-19 17:30 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-19 17:30 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-19 17:30 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-19 17:30 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-19 17:30 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-19 17:30 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-19 17:30 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-19 17:30 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-19 17:30 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-19 17:30 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-19 17:30 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-19 17:30 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-19 17:30 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-19 17:30 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-19 17:30 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-19 17:30 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-19 17:30 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-19 17:30 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-19 17:30 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-19 17:30 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-19 17:30 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-19 17:30 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-19 17:30 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-19 17:30 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-19 17:30 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-19 17:30 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-19 17:30 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-19 17:30 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-19 17:30 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-19 17:30 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-19 17:30 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-19 17:30 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-19 17:30 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-19 17:30 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-19 17:30 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-19 17:30 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-19 17:30 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-19 17:30 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-19 17:30 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-19 17:30 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-19 17:30 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-19 17:30 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-19 17:30 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-19 17:30 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-19 17:30 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-19 17:30 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-19 17:30 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-19 17:30 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-19 17:30 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-19 17:30 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-19 17:30 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-19 17:30 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-19 17:30 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-19 17:30 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-19 17:30 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-19 17:30 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-19 17:30 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-19 17:30 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-19 17:30 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-19 17:30 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-19 17:30 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-19 17:30 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-19 17:30 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-19 17:30 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-19 17:30 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-19 17:30 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-19 17:30 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-19 17:30 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-19 17:30 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-19 17:30 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-19 17:30 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-19 17:30 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-19 17:30 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-19 17:29 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-19 17:29 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-19 17:29 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-19 11:59 - 2015-04-19 11:59 - 00000000 ____D () C:\Users\Dorothy\Documents\Bluetooth Exchange Folder
2015-04-08 09:24 - 2015-04-08 09:24 - 00003638 _____ () C:\Windows\System32\Tasks\Anti Virus Updater Schedualer
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Anti Virus Updater
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-26 11:22 - 2015-03-26 11:22 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\{6B85176D-2AF4-4432-BFAD-A1B324BEE743}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-24 11:05 - 2013-01-11 16:29 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\PMB Files
2015-04-24 11:03 - 2012-07-09 20:44 - 00000000 ____D () C:\Users\Dorothy\Documents\Outlook Files
2015-04-24 11:01 - 2015-03-23 14:03 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-04-24 11:00 - 2013-05-14 16:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-24 11:00 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 11:00 - 2009-07-14 00:51 - 00092372 _____ () C:\Windows\setupact.log
2015-04-24 10:59 - 2012-07-09 14:14 - 01815176 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 10:59 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 10:59 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 10:51 - 2009-07-14 01:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-24 10:45 - 2012-10-29 20:09 - 00000000 ____D () C:\Windows\Minidump
2015-04-24 10:45 - 2012-04-09 17:11 - 00289941 ____N () C:\Windows\Minidump\042415-23571-01.dmp
2015-04-24 10:45 - 2009-07-14 01:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-24 10:26 - 2012-08-20 19:36 - 00000342 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-04-24 10:20 - 2013-05-14 16:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-24 10:19 - 2012-07-16 09:47 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA.job
2015-04-24 10:11 - 2012-09-22 11:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-24 08:58 - 2012-07-23 19:44 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-24 08:22 - 2012-04-09 17:11 - 00288789 ____N () C:\Windows\Minidump\042415-38282-01.dmp
2015-04-24 06:48 - 2012-04-09 17:11 - 00290773 ____N () C:\Windows\Minidump\042415-23322-01.dmp
2015-04-24 02:00 - 2014-07-13 21:29 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\Adobe
2015-04-24 00:10 - 2012-07-09 14:21 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A08C57D-C34B-40CB-995F-A062CE32B1FD}
2015-04-23 22:19 - 2012-07-16 09:47 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core.job
2015-04-23 18:29 - 2014-01-27 13:41 - 00000000 ____D () C:\Program Files (x86)\SpiteNET9
2015-04-23 18:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-23 17:10 - 2015-03-17 09:22 - 00000000 ____D () C:\Program Files (x86)\IT Viewer
2015-04-23 15:02 - 2013-12-11 12:33 - 00000014 _____ () C:\Windows\popcinfo.dat
2015-04-23 12:30 - 2014-02-11 16:58 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDorothy.job
2015-04-23 12:29 - 2010-11-20 23:47 - 01069078 _____ () C:\Windows\PFRO.log
2015-04-23 12:28 - 2012-07-10 16:49 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Hoyle Puzzle and Board Games
2015-04-23 12:24 - 2012-07-11 12:36 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-23 12:18 - 2015-03-17 09:22 - 00003266 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer
2015-04-23 09:24 - 2012-07-09 18:40 - 00000000 ____D () C:\Users\Dorothy\AppData\Local\CrashDumps
2015-04-23 09:22 - 2015-03-18 09:22 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2015-04-22 17:05 - 2012-07-09 19:25 - 00000000 ____D () C:\Users\Dorothy\Documents\Financial
2015-04-21 15:50 - 2014-02-11 16:58 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDorothy
2015-04-21 15:49 - 2012-07-10 15:48 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-21 13:11 - 2012-07-09 19:22 - 00000000 ____D () C:\Users\Dorothy\Documents\Employment
2015-04-20 11:23 - 2012-07-09 20:44 - 00000000 ____D () C:\Users\Dorothy\Documents\OMHS
2015-04-20 08:19 - 2015-03-23 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-04-20 08:19 - 2015-03-23 14:02 - 00023512 _____ () C:\Windows\DPINST.LOG
2015-04-20 08:18 - 2015-03-23 14:01 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-20 08:18 - 2015-03-23 14:01 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-20 08:16 - 2013-09-24 16:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-20 08:13 - 2012-09-22 11:29 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-20 08:13 - 2012-09-22 11:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-20 08:13 - 2012-04-09 16:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-20 04:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-20 03:49 - 2014-12-10 04:30 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-20 03:49 - 2014-05-16 03:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-20 03:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-20 03:33 - 2012-07-09 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-20 03:27 - 2011-02-11 13:15 - 00770488 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-20 03:18 - 2012-04-09 16:26 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 03:17 - 2013-07-23 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-20 03:07 - 2012-12-13 12:52 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-20 03:07 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-19 18:02 - 2015-01-14 14:18 - 00000000 ____D () C:\Users\Dorothy\Documents\My Kindle Content
2015-04-19 16:37 - 2012-11-13 13:20 - 00000000 ___RD () C:\Users\Dorothy\Dropbox
2015-04-19 16:37 - 2012-11-13 13:18 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Dropbox
2015-04-11 13:39 - 2012-07-09 20:49 - 00000000 ____D () C:\Users\Dorothy\Documents\Recipes
2015-04-10 23:07 - 2012-11-13 13:18 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-09 11:08 - 2014-11-26 11:42 - 00000000 ____D () C:\Users\Dorothy\Documents\Shopping
2015-04-08 09:18 - 2012-07-23 19:45 - 00000000 ____D () C:\Users\Dorothy\.frostwire5
2015-04-02 20:17 - 2012-12-20 11:34 - 00000000 ____D () C:\Users\Dorothy\AppData\Roaming\vlc
2015-04-02 16:15 - 2012-04-09 16:28 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-03-29 13:18 - 2012-07-09 19:32 - 00000000 ____D () C:\Users\Dorothy\Documents\My eBooks
2015-03-28 18:01 - 2012-08-20 14:25 - 00000000 ____D () C:\ProgramData\Recovery
2015-03-26 13:01 - 2015-01-14 14:17 - 00000000 ____D () C:\Program Files (x86)\Amazon
==================== Files in the root of some directories =======
2014-10-16 18:54 - 2014-10-16 18:54 - 0000132 _____ () C:\Users\Dorothy\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2014-12-08 17:45 - 2015-02-13 22:02 - 0000132 _____ () C:\Users\Dorothy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-17 09:22 - 2015-03-17 09:22 - 0000000 _____ () C:\Users\Dorothy\AppData\Roaming\C281.tmp
2015-03-29 09:24 - 2015-03-29 09:24 - 0009662 _____ () C:\Users\Dorothy\AppData\Roaming\em_64x64.ico
2014-10-16 18:55 - 2014-10-16 18:57 - 0001456 _____ () C:\Users\Dorothy\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-03 15:04 - 2013-12-03 15:04 - 0003584 _____ () C:\Users\Dorothy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 12:02 - 2014-05-17 20:31 - 0007595 _____ () C:\Users\Dorothy\AppData\Local\Resmon.ResmonCfg
2012-08-17 13:22 - 2012-08-17 13:22 - 0000057 _____ () C:\ProgramData\Ament.ini
Some content of TEMP:
====================
C:\Users\Dorothy\AppData\Local\Temp\a8cb9012-c9e9-4a57-9f84-9531a4efcbf1.exe
C:\Users\Dorothy\AppData\Local\Temp\BackupSetup.exe
C:\Users\Dorothy\AppData\Local\Temp\BF96.tmp.exe
C:\Users\Dorothy\AppData\Local\Temp\conduitchecker.exe
C:\Users\Dorothy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc4_jfq.dll
C:\Users\Dorothy\AppData\Local\Temp\GetCC.dll
C:\Users\Dorothy\AppData\Local\Temp\GPUpd55097C840.exe
C:\Users\Dorothy\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Dorothy\AppData\Local\Temp\htchome_installer.exe
C:\Users\Dorothy\AppData\Local\Temp\incredibar_installer.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Dorothy\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Dorothy\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Dorothy\AppData\Local\Temp\MotoCast_Installer_2.0031.exe
C:\Users\Dorothy\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Dorothy\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Dorothy\AppData\Local\Temp\ose00000.exe
C:\Users\Dorothy\AppData\Local\Temp\ose00001.exe
C:\Users\Dorothy\AppData\Local\Temp\Quarantine.exe
C:\Users\Dorothy\AppData\Local\Temp\Resource.exe
C:\Users\Dorothy\AppData\Local\Temp\SendMsg.dll
C:\Users\Dorothy\AppData\Local\Temp\sp58915.exe
C:\Users\Dorothy\AppData\Local\Temp\sp64126.exe
C:\Users\Dorothy\AppData\Local\Temp\SpOrder.dll
C:\Users\Dorothy\AppData\Local\Temp\SPSetup.exe
C:\Users\Dorothy\AppData\Local\Temp\SPStub.exe
C:\Users\Dorothy\AppData\Local\Temp\sqlite3.dll
C:\Users\Dorothy\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Dorothy\AppData\Local\Temp\tasks.dll
C:\Users\Dorothy\AppData\Local\Temp\tbVisu.dll
C:\Users\Dorothy\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Dorothy\AppData\Local\Temp\vbmz2.exe
C:\Users\Dorothy\AppData\Local\Temp\Vid-Saver-rs.exe
C:\Users\Dorothy\AppData\Local\Temp\VisualBeeSilent.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-24 00:56
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015 01
Ran by Dorothy at 2015-04-24 11:05:58
Running from C:\Users\Dorothy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Abyss: The Wraiths of Eden Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe OnLocation Cs5.5 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Visual Communicator 3 (HKLM-x32\...\InstallShield_{A5335A43-C886-4447-9885-013E62796E7C}) (Version: 3.0.3129.0 - Adobe Systems Incorporated)
After Effects CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazing Pyramids (x32 Version: 2.2.0.110 - WildTangent) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Amulet of Time: Shadow of La Rochelle (x32 Version: 3.0.2.32 - WildTangent) Hidden
Angelica Weaver: Catch Me When You Can Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atlantis Adventure 1.0 (HKLM-x32\...\Atlantis_Adventure_1.0) (Version: - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudioBox version 1.21 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.21 - PreSonus)
Audition CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Between the Worlds 2: The Pyramid (x32 Version: 2.2.0.110 - WildTangent) Hidden
Big Kahuna Reef 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Black Rainbow (x32 Version: 3.0.2.59 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Call of Atlantis: Treasures of Poseidon Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Call of the Ages (x32 Version: 3.0.2.51 - WildTangent) Hidden
Castle: Never Judge a Book by Its Cover (x32 Version: 3.0.2.51 - WildTangent) Hidden
Celtx (2.9.1) (HKLM-x32\...\Celtx (2.9.1)) (Version: 2.9.1 (en-US) - Greyfirst)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Dynomite (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elevated Installer (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden
Eternal Journey: New Atlantis (x32 Version: 3.0.2.32 - WildTangent) Hidden
Evernote v. 5.2.1 (HKLM-x32\...\{5E6D0ABA-ABDE-11E3-9AED-00163E98E7D6}) (Version: 5.2.1.3108 - Evernote Corp.)
Fall of the New Age Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FitDay PC version 1.0 (HKLM-x32\...\FitDay_is1) (Version: 1.0 - Cyser Software, Inc.)
FrostWire 5.7.7 (HKLM-x32\...\FrostWire 5) (Version: 5.7.7.2 - FrostWire LLC)
Garmin Communicator Plugin (HKLM-x32\...\{E883466C-77EC-44AC-8EC8-417A4A16AB3F}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{D2DB454C-645C-448A-A0B9-B6F6C1D75BA8}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{ec94ae3d-c856-4a54-b596-a5c2c36a0208}) (Version: 4.0.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin VoiceStudio v2.40 (HKLM-x32\...\{15DF4EE8-DE41-453A-800A-5814A5CDF003}) (Version: 2.40.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hexus (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hidden Path of Faery (x32 Version: 3.0.2.32 - WildTangent) Hidden
Hoyle Classic Board Game Collection 1 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Hoyle Classic Board Game Collection 2 (x32 Version: 3.0.2.32 - WildTangent) Hidden
Hoyle Classic Board Game Collection 3 (x32 Version: 3.0.2.118 - WildTangent) Hidden
Hoyle Classic Board Game Collection 4 (x32 Version: 3.0.2.118 - WildTangent) Hidden
Hoyle Puzzle and Board Games 2011 (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.8812 - HP Photo Creations)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{0446B95B-C0FD-4DE9-BD8E-76015D05E4F3}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{D9F55AA1-FD3E-47FF-A385-72ED53666D3F}) (Version: 25.0.617.0 - Hewlett-Packard Co.)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
Illustrator CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Jacquie Lawson Christmas Market (HKLM-x32\...\com.jacquielawson.marketadventcalendar2014) (Version: 1.0.1 - MicroCourt Limited)
Jacquie Lawson Christmas Market (x32 Version: 1.0.1 - MicroCourt Limited) Hidden
Jewel Match 4 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.6.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.6.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: 3.6.0 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Legalsounds Download Manager (HKLM-x32\...\LegalsoundsDownloadManager) (Version: 1.4.9 - LegalMedia)
Legalsounds Download Manager (x32 Version: 1.4.9 - LegalMedia) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft MapPoint North America 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-1111BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MimoByte Sound Application (HKLM-x32\...\{9CF4DEF6-33FE-415C-82D8-23C31EF0A7AD}) (Version: 1.0.0 - Mimoco)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Myths of Orion: Lights From The North (x32 Version: 3.0.2.118 - WildTangent) Hidden
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Path of Hercules (x32 Version: 3.0.2.51 - WildTangent) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photoshop CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
Prelude CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Premiere Pro CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
PreSonus Studio One (HKLM-x32\...\PreSonus Studio One) (Version: 1.6.4.14644 - PreSonus Audio Electronics)
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
Puzzle Express (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}) (Version: - Oberon Media)
Puzzle Kingdoms (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Sacra Terra: Kiss of Death Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sparkle (x32 Version: 2.2.0.98 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
SpeedGrade CS6 x64 (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
SpiteNET: Spite and Malice Multiplayer Edition v.9.2.1 (HKLM-x32\...\ST6UNST #1) (Version: - )
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
StudioTax 2008 (HKLM\...\{B87ED12E-A95F-45AC-89E7-02CFD5BD2353}) (Version: 4.0.3.6 - BHOK It Consulting)
StudioTax 2012 (HKLM-x32\...\{73C5CC89-3567-4B27-A7A0-28267FA7E037}) (Version: 8.0.4.0 - BHOK IT Consulting)
Super Collapse! (HKLM-x32\...\{A301896D-9F55-4492-B518-30EAC4C723E1}) (Version: - )
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Book of Desires (x32 Version: 3.0.2.38 - WildTangent) Hidden
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
The Game of Life® (x32 Version: 3.0.2.32 - WildTangent) Hidden
The Lost Kingdom Prophecy (x32 Version: 2.2.0.95 - WildTangent) Hidden
The Mirror Mysteries: Forgotten Kingdoms (x32 Version: 3.0.2.48 - WildTangent) Hidden
The Treasures of Montezuma 4 (x32 Version: 3.0.2.51 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
Webshots Desktop (HKLM-x32\...\Webshots Desktop) (Version: - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dorothy\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
11-04-2015 12:46:04 Windows Update
20-04-2015 03:00:56 Windows Update
20-04-2015 08:15:51 WD SmartWare Installer
23-04-2015 04:06:08 Windows Update
23-04-2015 12:27:08 AA11
23-04-2015 12:40:27 AA11
23-04-2015 13:21:33 AA11
24-04-2015 08:55:08 Removed Java 8 Update 31
24-04-2015 08:57:57 Removed Java 6 Update 35
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {071F6DD1-4EDE-44FA-8748-6E09DD5E9345} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1AB8C2D6-AC4D-4896-ABF3-4B0311915127} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1F34118D-D241-4814-ABA8-E694D0968D06} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {227B9098-AA08-46CE-90D4-D4B2CA0B5761} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {244F45B5-3D93-4698-A7FC-67F5DDAFF5FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3FBE4538-0868-4FBA-AF73-6BBA96AF945D} - System32\Tasks\Anti Virus Updater Schedualer => C:\Program Files (x86)\Anti Virus Updater\Anti VirusUpdater.exe [2015-04-08] (Secure Updater)
Task: {4E43AC81-4888-4191-BAA7-41EDB2780D60} - System32\Tasks\HPCeeScheduleForDorothy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {506AAA89-B8AF-445B-A06F-F3D91F553BFC} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2012-08-20] ()
Task: {52A340A7-E925-4C1C-940C-F3BE131D820A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {61E2B452-7FB5-489B-8133-5B7C279CF9FD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.)
Task: {636C1F8F-6D38-47EF-A8DB-79E26B579FD1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6A15E9B3-C74A-4692-8F6E-77D87ADEDC02} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6AAF245A-CA3E-47A7-A275-52340F196D02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-20] (Adobe Systems Incorporated)
Task: {72686360-E05A-4F06-82D1-E37A33A2E617} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16] (Google Inc.)
Task: {728F3405-6CA9-4CB6-800F-06CDE812A76C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B} - System32\Tasks\IT Viewer Schedualer => C:\Program Files (x86)\IT Viewer\astask.exe
Task: {76B7F9FB-95A4-4C21-9F23-D1258F3DB3A0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {884141AE-1614-4696-A4B6-AC8100EE10E4} - System32\Tasks\{089D7A13-5913-4685-A216-076935143215} => pcalua.exe -a "C:\Users\Dorothy\zips\Soundbooth CS5\English\Installer\Adobe Soundbooth CS5 x64.exe" -d "C:\Users\Dorothy\zips\Soundbooth CS5\English\Installer"
Task: {95B2E5D3-CACA-480E-B873-97273738E9E6} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION
Task: {9765BC5E-9920-42C5-8E51-237CE828AA29} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9F8373F8-062D-4F3B-94BD-F570DF5C1170} - System32\Tasks\AdobeAAMUpdater-1.0-Dorothy-HP-Dorothy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {9FA72641-E704-42A8-9328-68D1E044DD7C} - System32\Tasks\Western Digital\SmartWare\____Volume_8157bec3_8288_11e1_bf13_806e6f6e6963______Volume_4944edd4_d0b1_11e4_93ef_9cb70d9c1aa2__ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-02-12] (Western Digital Technologies, Inc.)
Task: {A3B3047C-3F49-42C6-97FD-D3177FB067DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {AF561A14-5B47-4C5E-8481-1D60949F8140} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BE711AAA-ACDC-45C3-ACF9-5F799614BE3C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DC6003F1-A5AF-4818-8123-C8E0F36AAEE2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {DF7998FF-AD35-4067-A644-EEF706AEE556} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {EB80503C-2907-4771-A421-F55D87B1FBAF} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2011-08-31] (Hewlett-Packard Co.)
Task: {F0670C58-766D-4211-8A4C-15496306C524} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {F64772EB-2CDA-4987-8BC1-9DC69FB223D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000Core.job => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2253929276-2761414899-1364960208-1000UA.job => C:\Users\Dorothy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDorothy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-04-23 12:41 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-04-23 12:42 - 2015-04-23 12:42 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-04-23 12:42 - 2015-04-23 12:42 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-04-23 12:42 - 2015-04-23 12:42 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-04-23 12:42 - 2015-04-23 12:42 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2013-01-11 16:29 - 2013-01-11 16:29 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2014-01-11 18:40 - 2012-10-09 13:02 - 07591424 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe
2012-09-04 12:44 - 2012-09-04 12:44 - 00987136 _____ () C:\Program Files (x86)\Mimoco\MimoByte Sound Application\mimobyte.exe
2011-09-08 16:53 - 2011-09-08 16:53 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-02 15:41 - 2011-08-02 15:41 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-11 18:40 - 2012-05-22 13:07 - 00176128 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Microsoft:9e5DkIG22H43bOvawKEyABE6Sdt
AlternateDataStreams: C:\ProgramData\Microsoft:j1v4uj4DYBR29ESodEPAsF
AlternateDataStreams: C:\ProgramData\Temp:A907E812
AlternateDataStreams: C:\Users\Dorothy\Local Settings:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\Local Settings:eahIT9zHNBFIX68yejqM6kRQ
AlternateDataStreams: C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe:BDU
AlternateDataStreams: C:\Users\Dorothy\AppData\Local:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\AppData\Local:eahIT9zHNBFIX68yejqM6kRQ
AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:eahIT9zHNBFIX68yejqM6kRQ
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2253929276-2761414899-1364960208-500 - Administrator - Disabled)
Dorothy (S-1-5-21-2253929276-2761414899-1364960208-1000 - Administrator - Enabled) => C:\Users\Dorothy
Guest (S-1-5-21-2253929276-2761414899-1364960208-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2253929276-2761414899-1364960208-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/24/2015 10:53:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_4.202.exe version 4.2.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 101c
Start Time: 01d07e9d844004ce
Termination Time: 0
Application Path: C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe
Report Id: 955c21e6-ea91-11e4-bb30-9cb70d9c1aa2
Error: (04/23/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0x2d6c
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
Error: (04/22/2015 11:03:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883401: Failed to uninstall device with serial number: CN26J3514805PX.
Error: (04/22/2015 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883393: Failed to uninstall device with serial number: CN26J3514805PX.
Error: (04/22/2015 11:03:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Photosmart 7510 series' device to complete the uninstallation.
Error: (04/22/2015 09:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0x2700
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
Error: (04/21/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0x2494
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
Error: (04/20/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0xe3c
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
Error: (04/19/2015 00:55:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (04/19/2015 00:17:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gpup.exe, version: 0.0.0.0, time stamp: 0x5506ba23
Faulting module name: tasks.dll, version: 0.0.0.0, time stamp: 0x54d8c877
Exception code: 0xc0000005
Fault offset: 0x000010ad
Faulting process id: 0x1dec
Faulting application start time: 0xgpup.exe0
Faulting application path: gpup.exe1
Faulting module path: gpup.exe2
Report Id: gpup.exe3
System errors:
=============
Error: (04/24/2015 11:04:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (04/24/2015 11:01:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (04/24/2015 10:59:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (04/24/2015 10:59:03 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (04/24/2015 10:59:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).
Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly. It has done this 2 time(s).
Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (04/24/2015 10:58:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (04/24/2015 10:53:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: adwcleaner_4.202.exe4.2.0.2101c01d07e9d844004ce0C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe955c21e6-ea91-11e4-bb30-9cb70d9c1aa2
Error: (04/23/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad2d6c01d07dc886348ca8C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll0cb71627-e9bc-11e4-8c58-9cb70d9c1aa2
Error: (04/22/2015 11:03:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883401: Failed to uninstall device with serial number: CN26J3514805PX.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/22/2015 11:03:26 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25024. Error -2081883393: Failed to uninstall device with serial number: CN26J3514805PX.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/22/2015 11:03:19 AM) (Source: MsiInstaller) (EventID: 10005) (User: Dorothy-HP)
Description: Product: HP Photosmart 7510 series Basic Device Software -- Error 25000. Please disconnect the USB cable from your 'HP Photosmart 7510 series' device to complete the uninstallation.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/22/2015 09:24:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad270001d07cff5bce08efC:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dlle2ca5816-e8f2-11e4-8c58-9cb70d9c1aa2
Error: (04/21/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad249401d07c36316dc6ddC:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dllb7d092e5-e829-11e4-8c58-9cb70d9c1aa2
Error: (04/20/2015 09:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ade3c01d07b6d06dcf1a8C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll8dc521c8-e760-11e4-8c58-9cb70d9c1aa2
Error: (04/19/2015 00:55:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (04/19/2015 00:17:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: gpup.exe0.0.0.05506ba23tasks.dll0.0.0.054d8c877c0000005000010ad1dec01d07abbc2b2efb1C:\Program Files (x86)\PrivateVPN\gpup.exeC:\Program Files (x86)\PrivateVPN\tasks.dll9a5a5835-e6af-11e4-a5f9-9cb70d9c1aa2
CodeIntegrity Errors:
===================================
Date: 2012-12-19 22:10:10.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-12-19 22:09:28.098
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-12-19 22:01:41.728
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-12-19 22:01:03.699
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
Date: 2012-12-19 22:00:29.888
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD A8-3820 APU with Radeon HD Graphics
Percentage of memory in use: 29%
Total physical RAM: 7666.85 MB
Available physical RAM: 5397.41 MB
Total Pagefile: 15331.89 MB
Available Pagefile: 12744.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1380.36 GB) (Free:916.18 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.8 GB) (Free:2.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1532.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B77F4ACF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1380.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 60D76091)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Finally, I ran ESET. It took a very long time, but finally completed. Here's the list of threats found:
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3287802\plugins\TBVerifier.dll.vir a variant of Win32/Toolbar.Conduit.AM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389810079572.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389810079602.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390827634232.vir Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390827634380.vir Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392194309493.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1392194310305.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1422953266616.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1423558406435.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3287802\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\Conduit\Chrome\CT3287802\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\Conduit\Chrome\CT3287802\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\NativeMessaging\CT3287802\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\Temp\NativeMessaging\CT3287802.crx.vir a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Dorothy\AppData\Local\Temp\NativeMessaging\CT3287802\nativeMessaging\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Program Files (x86)\IT Viewer\gmff.exe a variant of Win32/Techsnab.H potentially unwanted application
C:\Program Files (x86)\IT Viewer\tschromium64.exe Win64/Techsnab.A potentially unwanted application
C:\Program Files (x86)\IT Viewer\tsnet.dll Win32/Techsnab.D potentially unwanted application
C:\Program Files (x86)\IT Viewer\tsnet64.dll Win64/Techsnab.A potentially unwanted application
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftLSPInstaller.exe a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe a variant of Win32/Komodia.A potentially unsafe application
C:\Users\Dorothy\.frostwire5\updates\frostwire-5.7.7.windows.coc.premium.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Dorothy\.frostwire5\updates\frostwire-5.7.7.windows.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx a variant of Win32/Toolbar.Conduit.AA potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\BackupSetup.exe MSIL/MyPCBackup.D potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\BF96.tmp.exe a variant of Win32/Techsnab.H potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\conduitchecker.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\mconduitinstaller.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\MyBabylonTB.exe Win32/Toolbar.Babylon potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\SPSetup.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\SPStub.exe Win32/Conduit.SearchProtect.J potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\tbVisu.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\utt29DD.tmp a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Dorothy\AppData\Local\Temp\Vid-Saver-rs.exe a variant of Win32/Toolbar.CrossRider.E potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\AU\SPSetup.exe Win32/Conduit.SearchProtect.Q potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\AU\SPUpdater.exe Win32/Conduit.SearchProtect.G potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\ct3287802\chLogic.exe a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\ct3287802\ctbe.exe Win32/Toolbar.Conduit.AF potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\ct3287802\ieLogic.exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\ct3287802\sl.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\ct3287802\spch.exe Win32/Conduit.SearchProtect.J potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\ct3287802\statisticsStub.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\ct3287802\stub.exe Win32/Toolbar.Conduit.S potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\ct3287802\plugins\TBVerifier.dll a variant of Win32/Toolbar.Conduit.AM potentially unwanted application
C:\Users\Dorothy\AppData\Local\Temp\TestIfExeExist\CT3287802\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Users\Dorothy\Downloads\SoftonicDownloader_for_celtx.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application
C:\Users\Dorothy\zips\codecs.for.windows.7.pack.v4.0.5.setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Dorothy\zips\frostwire-5.3.8.windows.exe Win32/OpenCandy potentially unsafe application
C:\Users\Dorothy\zips\htchome_setup (1).exe a variant of Win32/Somoto.A potentially unwanted application
C:\Users\Dorothy\zips\htchome_setup.exe a variant of Win32/Somoto.A potentially unwanted application
C:\Windows\Installer\143edf6.msi a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application

Share this post


Link to post
Share on other sites

Sorry that you ran into issues, but very good that you could solve them.

1. From which web site did you download Ad-Aware?

2.

C:\Program Files (x86)\FrostWire 5\frostwire-installer.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Dorothy\Downloads\SoftonicDownloader_for_celtx.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application
C:\Users\Dorothy\zips\codecs.for.windows.7.pack.v4.0.5.setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Dorothy\zips\frostwire-5.3.8.windows.exe Win32/OpenCandy potentially unsafe application
C:\Users\Dorothy\zips\htchome_setup (1).exe a variant of Win32/Somoto.A potentially unwanted application
C:\Users\Dorothy\zips\htchome_setup.exe a variant of Win32/Somoto.A potentially unwanted application

Above means that FrostWire 5 and the other installation files wants to install unnecessary programs and/or add-ons, usually adware.


3. The following instruction will, among a lot of other things, empty the recycle bin and all folders for temporary files. Be sure that you don't have anything you want to keep in those locations.

Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM -> {134839E3-4408-4006-9B48-AA528D1EABF6} URL = 
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428153861
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428153861
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21]
2015-04-08 09:24 - 2015-04-08 09:24 - 00003638 _____ () C:\Windows\System32\Tasks\Anti Virus Updater Schedualer
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Anti Virus Updater
2015-04-23 17:10 - 2015-03-17 09:22 - 00000000 ____D () C:\Program Files (x86)\IT Viewer
2015-04-23 12:18 - 2015-03-17 09:22 - 00003266 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {3FBE4538-0868-4FBA-AF73-6BBA96AF945D} - System32\Tasks\Anti Virus Updater Schedualer => C:\Program Files (x86)\Anti Virus Updater\Anti VirusUpdater.exe [2015-04-08] (Secure Updater)
Task: {7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B} - System32\Tasks\IT Viewer Schedualer => C:\Program Files (x86)\IT Viewer\astask.exe
Task: {95B2E5D3-CACA-480E-B873-97273738E9E6} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:9e5DkIG22H43bOvawKEyABE6Sdt
AlternateDataStreams: C:\ProgramData\Microsoft:j1v4uj4DYBR29ESodEPAsF
AlternateDataStreams: C:\ProgramData\Temp:A907E812
AlternateDataStreams: C:\Users\Dorothy\Local Settings:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\Local Settings:eahIT9zHNBFIX68yejqM6kRQ
AlternateDataStreams: C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe:BDU
AlternateDataStreams: C:\Users\Dorothy\AppData\Local:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\AppData\Local:eahIT9zHNBFIX68yejqM6kRQ
AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:eahIT9zHNBFIX68yejqM6kRQ
C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx
EmptyTemp:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

 

 

4. Have all extra ads disappeared now?

Any more questions before I give the instruction for uninstalling FRST and AdwCleaner?

Share this post


Link to post
Share on other sites

Hi Cecilia,

Sorry for the delay responding - I've been away. To answer your questions:

 

1. I purchased Ad-Aware from Lavasoft.com

2. I rarely use these so I'll uninstall

3. I followed the instructions and below is the contents of the requested log file.

4. The ads have disappeared, thank you! Now the only problem I have is that my PC has suddenly started rebooting every so often (about 30-60 minutes apart) It blue screens and then reboots. Haven't had this issue before. I'm thinking it might be because I completed the first steps of your previous reply but didn't get the "Fix" part done until this morning (Hopefully that's all it is).

 

 

FRST FixLog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015
Ran by Dorothy at 2015-05-06 09:45:41 Run:1
Running from C:\Users\Dorothy\Desktop
Loaded Profiles: Dorothy (Available profiles: Dorothy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\...\Run: [AdobeBridge] => [X]
SearchScopes: HKLM -> {134839E3-4408-4006-9B48-AA528D1EABF6} URL =
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428153861
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://gosearch.me/...inst=1428153861
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin -> C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21]
CHR HKLM-x32\...\Chrome\Extension: [ieiiggnfmhgcolbimglmfjfpkjildjdd] - C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx [2013-11-21]
2015-04-08 09:24 - 2015-04-08 09:24 - 00003638 _____ () C:\Windows\System32\Tasks\Anti Virus Updater Schedualer
2015-04-08 09:24 - 2015-04-08 09:24 - 00000000 ____D () C:\Program Files (x86)\Anti Virus Updater
2015-04-23 17:10 - 2015-03-17 09:22 - 00000000 ____D () C:\Program Files (x86)\IT Viewer
2015-04-23 12:18 - 2015-03-17 09:22 - 00003266 _____ () C:\Windows\System32\Tasks\IT Viewer Schedualer
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dorothy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {3FBE4538-0868-4FBA-AF73-6BBA96AF945D} - System32\Tasks\Anti Virus Updater Schedualer => C:\Program Files (x86)\Anti Virus Updater\Anti VirusUpdater.exe [2015-04-08] (Secure Updater)
Task: {7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B} - System32\Tasks\IT Viewer Schedualer => C:\Program Files (x86)\IT Viewer\astask.exe
Task: {95B2E5D3-CACA-480E-B873-97273738E9E6} - System32\Tasks\Great Performance Ultimate => C:\Program Files (x86)\PrivateVPN\gpup.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:9e5DkIG22H43bOvawKEyABE6Sdt
AlternateDataStreams: C:\ProgramData\Microsoft:j1v4uj4DYBR29ESodEPAsF
AlternateDataStreams: C:\ProgramData\Temp:A907E812
AlternateDataStreams: C:\Users\Dorothy\Local Settings:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\Local Settings:eahIT9zHNBFIX68yejqM6kRQ
AlternateDataStreams: C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe:BDU
AlternateDataStreams: C:\Users\Dorothy\AppData\Local:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\AppData\Local:eahIT9zHNBFIX68yejqM6kRQ
AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:8ArrrLwqF1aHgcG4KRe
AlternateDataStreams: C:\Users\Dorothy\AppData\Local\Application Data:eahIT9zHNBFIX68yejqM6kRQ
C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{134839E3-4408-4006-9B48-AA528D1EABF6}" => Key deleted successfully.
HKCR\CLSID\{134839E3-4408-4006-9B48-AA528D1EABF6} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}" => Key deleted successfully.
HKCR\CLSID\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-2253929276-2761414899-1364960208-1000\SOFTWARE\Google\Chrome\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd" => Key deleted successfully.
C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ieiiggnfmhgcolbimglmfjfpkjildjdd" => Key deleted successfully.
"C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx" => File/Directory not found.
C:\Windows\System32\Tasks\Anti Virus Updater Schedualer => Moved successfully.
C:\Program Files (x86)\Anti Virus Updater => Moved successfully.
C:\Program Files (x86)\IT Viewer => Moved successfully.
C:\Windows\System32\Tasks\IT Viewer Schedualer => Moved successfully.
"HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-2253929276-2761414899-1364960208-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FBE4538-0868-4FBA-AF73-6BBA96AF945D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FBE4538-0868-4FBA-AF73-6BBA96AF945D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Anti Virus Updater Schedualer not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Anti Virus Updater Schedualer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7697BBEB-4FA7-403F-A59F-D4FCDCAAF42B}" => Key deleted successfully.
C:\Windows\System32\Tasks\IT Viewer Schedualer not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IT Viewer Schedualer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{95B2E5D3-CACA-480E-B873-97273738E9E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95B2E5D3-CACA-480E-B873-97273738E9E6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Great Performance Ultimate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Great Performance Ultimate" => Key deleted successfully.
C:\ProgramData\Microsoft => ":9e5DkIG22H43bOvawKEyABE6Sdt" ADS removed successfully.
C:\ProgramData\Microsoft => ":j1v4uj4DYBR29ESodEPAsF" ADS removed successfully.
C:\ProgramData\Temp => ":A907E812" ADS removed successfully.
"C:\Users\Dorothy\Local Settings" => ":8ArrrLwqF1aHgcG4KRe" ADS not found.
"C:\Users\Dorothy\Local Settings" => ":eahIT9zHNBFIX68yejqM6kRQ" ADS not found.
C:\Users\Dorothy\Desktop\adwcleaner_4.202.exe => ":BDU" ADS removed successfully.
C:\Users\Dorothy\AppData\Local => ":8ArrrLwqF1aHgcG4KRe" ADS removed successfully.
C:\Users\Dorothy\AppData\Local => ":eahIT9zHNBFIX68yejqM6kRQ" ADS removed successfully.
"C:\Users\Dorothy\AppData\Local\Application Data" => ":8ArrrLwqF1aHgcG4KRe" ADS not found.
"C:\Users\Dorothy\AppData\Local\Application Data" => ":eahIT9zHNBFIX68yejqM6kRQ" ADS not found.
"C:\Users\Dorothy\AppData\Local\CRE\ieiiggnfmhgcolbimglmfjfpkjildjdd.crx" => File/Directory not found.
EmptyTemp: => Removed 7.8 GB temporary data.
The system needed a reboot.
==== End of Fixlog 09:49:32 ====

Share this post


Link to post
Share on other sites

Hi Again - so the good news is, my PC appears to have stopped crashing - no more unexpected reboots.

I guess I'm ready for the instructions for uninstalling FRST and AdwCleaner! (I'm assuming from your comment that they must have some special method for uninstall?)

 

Thanks again!

Dorothy

Share this post


Link to post
Share on other sites

Hi Dorothy,

 

You're welcome :)

I'm glad that ads and crashes have disappeared.

 

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Uninstall button.

2. Download OTC http://oldtimer.geekstogo.com/OTC.exe
Close all programs.
Start OTC program.
Click the CleanUp! button.
Select Yes when asked "Begin cleanup process".
If you are asked to reboot, select Yes.
If any logs remain on the computer you can remove them.

3. Improve the security in the computer
It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this