Sign in to follow this  
zubbs1

Virus Eating All My Hard Drive Space

Recommended Posts

This is on my wife's laptop. She complained to me that windows notified her she had no space left on her hard drive. I determined 99% of the drive usage is in the folder C:\Users\userrname\AppData\Local\Temp. There are 4 or so folders with names such as: {A3B41320-7BC9-4AFC-8105-23F8D94A815D}

 

These folders accumulate thousands of files in short order. I've never seen an infection like this before. She ran a full scan with ad-aware which found 72 infections with some kind of 'trojan' type name. She had ad-aware quarantine/remove them.

 

Below is the two request FRST files:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Kathy (administrator) on QUICKSILVER on 24-05-2015 19:03:27
Running from C:\Users\Kathy\Desktop\FRST Scans
Loaded Profiles: Kathy (Available Profiles: Kathy)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\bin\rubyw.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\bin\rubyw.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\gbRunner.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-03] (Seagate Technology LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-03] (Seagate Technology LLC)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_otbrw1_15_03&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzzzz0C0EtAyDyD0B0B0FtN0D0Tzu0StCtCtDzztN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0BtD0EtAzytB0CtG0F0CyDtAtG0CzztB0EtG0F0D0DtDtGyEzyyEzyyDtAtB0AyD0DyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyB0DyBzz0E0A0FtG0A0CtAzytGyEyDtDtCtG0AyEyBtCtGyBtDtCyDyC0EtBtAyE0ByEtB2Q&cr=47222716&ir=
SearchScopes: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D121514-AB747CC590BEC44CD91F&form=CONBDF&conlogo=CT3330962&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_otbrw1_15_03&cd=2XzuyEtN2Y1L1Qzuzz0C0D0C0DyEzzzz0C0EtAyDyD0B0B0FtN0D0Tzu0StCtCtDzztN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0BtD0EtAzytB0CtG0F0CyDtAtG0CzztB0EtG0F0D0DtDtGyEzyyEzyyDtAtB0AyD0DyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyB0DyBzz0E0A0FtG0A0CtAzytGyEyDtDtCtG0AyEyBtCtGyBtDtCyDyC0EtBtAyE0ByEtB2Q&cr=47222716&ir=
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-08] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default
FF DefaultSearchEngine.US: Google
FF Homepage: google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default\user.js [2015-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-03] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-03] (Seagate Technology LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3401944 2014-04-01] (Realtek Semiconductor Corporation )
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S0 qtbc; System32\drivers\qfqy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 19:03 - 2015-05-24 19:03 - 00000000 ____D () C:\FRST
2015-05-24 19:01 - 2015-05-24 19:03 - 00000000 ____D () C:\Users\Kathy\Desktop\FRST Scans
2015-05-24 13:29 - 2015-05-24 13:29 - 00000000 ____D () C:\ProgramData\BitDefender
2015-05-24 13:20 - 2015-05-24 13:20 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\LavasoftStatistics
2015-05-24 13:20 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-05-24 13:20 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-05-24 13:19 - 2015-05-24 17:57 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-24 13:19 - 2015-05-24 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-24 13:18 - 2015-05-24 13:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-05-24 13:15 - 2015-05-24 13:15 - 00000000 ____D () C:\Program Files\Lavasoft
2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Lavasoft
2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-05-24 13:11 - 2015-05-24 13:11 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-05-24 13:10 - 2015-05-24 13:11 - 02057008 _____ () C:\Users\Kathy\Downloads\Adaware_Installer.exe
2015-05-23 21:15 - 2015-05-23 21:22 - 102388176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 23901.crdownload
2015-05-23 19:52 - 2015-05-23 19:53 - 00437613 _____ () C:\Users\Kathy\Downloads\Unconfirmed 458633.crdownload
2015-05-23 19:51 - 2015-05-23 19:53 - 00646405 _____ () C:\Users\Kathy\Downloads\Unconfirmed 716245.crdownload
2015-05-23 19:47 - 2015-05-23 19:47 - 00837208 _____ () C:\Users\Kathy\Downloads\Unconfirmed 137565.crdownload
2015-05-23 19:46 - 2015-05-23 19:46 - 00837208 _____ () C:\Users\Kathy\Downloads\Unconfirmed 289051.crdownload
2015-05-23 10:59 - 2015-05-23 10:59 - 00001035 _____ () C:\Users\Kathy\Desktop\WinDirStat.lnk
2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2015-05-23 10:58 - 2015-05-23 10:58 - 00645729 _____ (WDS Team) C:\Users\Kathy\Downloads\windirstat1_1_2_setup.exe
2015-05-23 06:18 - 2015-05-23 06:18 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 736422.crdownload
2015-05-23 06:17 - 2015-05-23 06:17 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 983238.crdownload
2015-05-23 06:17 - 2015-05-23 06:17 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 833529.crdownload
2015-05-23 06:17 - 2015-05-23 06:17 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 49507.crdownload
2015-05-23 06:16 - 2015-05-23 06:16 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 919820.crdownload
2015-05-23 06:16 - 2015-05-23 06:16 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 834975.crdownload
2015-05-23 06:15 - 2015-05-23 06:15 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 568954.crdownload
2015-05-23 06:14 - 2015-05-23 06:15 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 140786.crdownload
2015-05-23 06:14 - 2015-05-23 06:14 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 85369.crdownload
2015-05-23 06:13 - 2015-05-23 06:14 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 503.crdownload
2015-05-23 06:13 - 2015-05-23 06:13 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 117691.crdownload
2015-05-23 06:11 - 2015-05-23 06:11 - 00143760 _____ (Rentabiliweb) C:\Users\Kathy\Downloads\Unconfirmed 256381.crdownload
2015-05-22 18:58 - 2015-05-22 18:58 - 00464037 _____ () C:\Users\Kathy\Downloads\Unconfirmed 855396.crdownload
2015-05-22 18:57 - 2015-05-22 18:57 - 00836872 _____ () C:\Users\Kathy\Downloads\Unconfirmed 100744.crdownload
2015-05-22 18:55 - 2015-05-22 18:55 - 00836872 _____ () C:\Users\Kathy\Downloads\Unconfirmed 176972.crdownload
2015-05-22 16:10 - 2015-05-22 16:10 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 843282.crdownload
2015-05-22 16:09 - 2015-05-22 16:10 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 514212.crdownload
2015-05-22 16:09 - 2015-05-22 16:09 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 262951.crdownload
2015-05-22 16:08 - 2015-05-22 16:08 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 21357.crdownload
2015-05-22 16:07 - 2015-05-22 16:08 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 555851.crdownload
2015-05-22 16:07 - 2015-05-22 16:07 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 885045.crdownload
2015-05-22 16:07 - 2015-05-22 16:07 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 46159.crdownload
2015-05-22 16:06 - 2015-05-22 16:06 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 820321.crdownload
2015-05-22 16:06 - 2015-05-22 16:06 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 747033.crdownload
2015-05-22 16:05 - 2015-05-22 16:05 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 549967.crdownload
2015-05-22 16:05 - 2015-05-22 16:05 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 102181.crdownload
2015-05-22 16:04 - 2015-05-22 16:04 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 373157.crdownload
2015-05-22 16:04 - 2015-05-22 16:04 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 254604.crdownload
2015-05-22 16:03 - 2015-05-22 16:03 - 00836592 _____ () C:\Users\Kathy\Downloads\Unconfirmed 448805.crdownload
2015-05-22 12:28 - 2015-05-22 12:28 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 592369.crdownload
2015-05-22 12:27 - 2015-05-22 12:27 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 700460.crdownload
2015-05-22 12:26 - 2015-05-22 12:26 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 874815.crdownload
2015-05-22 12:26 - 2015-05-22 12:26 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 697575.crdownload
2015-05-22 12:25 - 2015-05-22 12:25 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 761215.crdownload
2015-05-22 12:24 - 2015-05-22 12:24 - 00836272 _____ () C:\Users\Kathy\Downloads\Unconfirmed 384925.crdownload
2015-05-22 03:40 - 2015-05-22 03:40 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 507610.crdownload
2015-05-22 03:37 - 2015-05-22 03:37 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 233471.crdownload
2015-05-22 03:36 - 2015-05-22 03:36 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 898184.crdownload
2015-05-22 03:36 - 2015-05-22 03:36 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 892163.crdownload
2015-05-22 03:34 - 2015-05-22 03:34 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 981364.crdownload
2015-05-22 03:32 - 2015-05-22 03:32 - 00421896 _____ () C:\Users\Kathy\Downloads\Unconfirmed 546907.crdownload
2015-05-21 20:06 - 2015-05-21 20:06 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 25359.crdownload
2015-05-21 20:05 - 2015-05-21 20:06 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 415897.crdownload
2015-05-21 20:05 - 2015-05-21 20:05 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 785428.crdownload
2015-05-21 20:04 - 2015-05-21 20:06 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 368213.crdownload
2015-05-21 20:04 - 2015-05-21 20:04 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 908309.crdownload
2015-05-21 20:03 - 2015-05-21 20:03 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 610889.crdownload
2015-05-21 20:03 - 2015-05-21 20:03 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 271516.crdownload
2015-05-21 20:02 - 2015-05-21 20:03 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 681136.crdownload
2015-05-21 20:02 - 2015-05-21 20:02 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 686367.crdownload
2015-05-21 20:01 - 2015-05-21 20:01 - 00836952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 555435.crdownload
2015-05-21 19:59 - 2015-05-21 19:59 - 00001234 _____ () C:\Users\Kathy\Downloads\setup (2).website
2015-05-21 16:46 - 2015-05-21 16:47 - 00284809 _____ () C:\Users\Kathy\Downloads\Unconfirmed 172614.crdownload
2015-05-21 16:45 - 2015-05-21 16:46 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 505718.crdownload
2015-05-21 16:45 - 2015-05-21 16:46 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 299177.crdownload
2015-05-21 16:44 - 2015-05-21 16:45 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 91036.crdownload
2015-05-21 16:44 - 2015-05-21 16:44 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 63746.crdownload
2015-05-21 16:43 - 2015-05-21 16:43 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 940909.crdownload
2015-05-21 16:43 - 2015-05-21 16:43 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 240490.crdownload
2015-05-21 16:42 - 2015-05-21 16:42 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 267501.crdownload
2015-05-21 16:42 - 2015-05-21 16:42 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 150066.crdownload
2015-05-21 16:41 - 2015-05-21 16:41 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 969280 (1).crdownload
2015-05-21 16:41 - 2015-05-21 16:41 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 239507.crdownload
2015-05-21 16:40 - 2015-05-21 16:40 - 00913480 _____ () C:\Users\Kathy\Downloads\Unconfirmed 523097.crdownload
2015-05-21 15:26 - 2015-05-21 15:27 - 01226712 _____ () C:\Users\Kathy\Downloads\inception.1.0.3.zip
2015-05-21 14:55 - 2015-05-21 14:55 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 948107.crdownload
2015-05-21 14:54 - 2015-05-21 14:55 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 690045.crdownload
2015-05-21 14:54 - 2015-05-21 14:54 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 837449.crdownload
2015-05-21 14:53 - 2015-05-21 14:54 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 644900.crdownload
2015-05-21 14:53 - 2015-05-21 14:53 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 978122.crdownload
2015-05-21 14:52 - 2015-05-21 14:52 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 536805.crdownload
2015-05-21 14:51 - 2015-05-21 14:51 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 114546.crdownload
2015-05-21 14:50 - 2015-05-21 14:50 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 773804.crdownload
2015-05-21 14:50 - 2015-05-21 14:50 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 62956.crdownload
2015-05-21 14:50 - 2015-05-21 14:50 - 00852696 _____ () C:\Users\Kathy\Downloads\Unconfirmed 464935.crdownload
2015-05-21 04:38 - 2015-05-21 04:38 - 00035087 _____ () C:\Users\Kathy\Downloads\gpl-3.0 (1).texi
2015-05-21 03:25 - 2015-05-21 03:26 - 02802939 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 978509.crdownload
2015-05-21 03:14 - 2015-05-21 03:14 - 00892688 _____ () C:\Users\Kathy\Downloads\Unconfirmed 118879.crdownload
2015-05-21 03:13 - 2015-05-21 03:14 - 00892688 _____ () C:\Users\Kathy\Downloads\Unconfirmed 998526.crdownload
2015-05-20 14:29 - 2015-05-20 14:29 - 00918128 _____ () C:\Users\Kathy\Downloads\Unconfirmed 688340.crdownload
2015-05-20 01:52 - 2015-05-20 01:52 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 212976.crdownload
2015-05-20 00:41 - 2015-05-20 00:41 - 02903709 _____ () C:\Users\Kathy\Downloads\white-paper.1.7.zip
2015-05-20 00:40 - 2015-05-20 00:41 - 00128038 _____ () C:\Users\Kathy\Downloads\waterside.1.1.2.zip
2015-05-19 15:59 - 2015-05-19 15:59 - 00830608 _____ () C:\Users\Kathy\Downloads\Unconfirmed 676444.crdownload
2015-05-17 12:36 - 2015-05-17 12:36 - 00830640 _____ () C:\Users\Kathy\Downloads\Unconfirmed 41065.crdownload
2015-05-15 21:27 - 2015-05-15 21:27 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 492562.crdownload
2015-05-15 21:27 - 2015-05-15 21:27 - 00177571 _____ () C:\Users\Kathy\Downloads\Unconfirmed 781686.crdownload
2015-05-15 21:26 - 2015-05-15 21:26 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 314577.crdownload
2015-05-15 21:25 - 2015-05-15 21:26 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 39947.crdownload
2015-05-15 21:25 - 2015-05-15 21:25 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 817035.crdownload
2015-05-15 21:24 - 2015-05-15 21:24 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 385343.crdownload
2015-05-15 21:23 - 2015-05-15 21:24 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 273947.crdownload
2015-05-15 21:20 - 2015-05-15 21:20 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 221835.crdownload
2015-05-15 21:19 - 2015-05-15 21:20 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 374972.crdownload
2015-05-15 21:19 - 2015-05-15 21:19 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 414205.crdownload
2015-05-15 21:18 - 2015-05-15 21:18 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 782845.crdownload
2015-05-15 21:18 - 2015-05-15 21:18 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 147866.crdownload
2015-05-15 21:17 - 2015-05-15 21:17 - 00824968 _____ () C:\Users\Kathy\Downloads\Unconfirmed 286793.crdownload
2015-05-15 20:55 - 2015-05-15 20:55 - 00825208 _____ () C:\Users\Kathy\Downloads\Unconfirmed 537143.crdownload
2015-05-15 11:32 - 2015-05-15 11:33 - 00078465 _____ () C:\Users\Kathy\Downloads\3765.tmp
2015-05-15 11:31 - 2015-05-15 11:31 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 370738.crdownload
2015-05-15 11:30 - 2015-05-15 11:30 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 974581.crdownload
2015-05-15 11:30 - 2015-05-15 11:30 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 925178.crdownload
2015-05-15 11:29 - 2015-05-15 11:29 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 579337.crdownload
2015-05-15 11:28 - 2015-05-15 11:28 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 375145.crdownload
2015-05-15 11:27 - 2015-05-15 11:27 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 763134.crdownload
2015-05-15 11:27 - 2015-05-15 11:27 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 2302.crdownload
2015-05-15 11:26 - 2015-05-15 11:27 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 310611.crdownload
2015-05-15 11:26 - 2015-05-15 11:26 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 886807.crdownload
2015-05-15 11:26 - 2015-05-15 11:26 - 00825360 _____ () C:\Users\Kathy\Downloads\Unconfirmed 500215.crdownload
2015-05-15 11:22 - 2015-05-15 11:22 - 00009529 _____ () C:\Users\Kathy\Downloads\Setup (1).website
2015-05-15 11:11 - 2015-05-15 11:11 - 00009529 _____ () C:\Users\Kathy\Downloads\Setup .website
2015-05-15 08:08 - 2015-05-15 08:10 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 434117.crdownload
2015-05-14 14:57 - 2015-05-14 15:00 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 541846.crdownload
2015-05-11 14:29 - 2015-05-20 14:21 - 00045568 ____H () C:\Users\Kathy\Documents\~WRL3588.tmp
2015-05-11 14:29 - 2015-05-19 15:10 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0005.tmp
2015-05-11 14:29 - 2015-05-18 22:12 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0004.tmp
2015-05-11 14:29 - 2015-05-18 22:11 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL2470.tmp
2015-05-11 14:29 - 2015-05-11 14:46 - 00044544 ____H () C:\Users\Kathy\Documents\~WRL3630.tmp
2015-05-11 11:51 - 2015-05-11 11:52 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 43458.crdownload
2015-05-11 11:51 - 2015-05-11 11:51 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 319578.crdownload
2015-05-11 11:50 - 2015-05-11 11:51 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 697664.crdownload
2015-05-11 11:50 - 2015-05-11 11:50 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 457689.crdownload
2015-05-11 11:49 - 2015-05-11 11:49 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 76752.crdownload
2015-05-11 11:49 - 2015-05-11 11:49 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 244546.crdownload
2015-05-11 11:48 - 2015-05-11 11:48 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 383425.crdownload
2015-05-11 01:48 - 2015-05-11 01:48 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 123357.crdownload
2015-05-11 01:47 - 2015-05-11 01:47 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 585489.crdownload
2015-05-11 01:47 - 2015-05-11 01:47 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 333480.crdownload
2015-05-11 01:46 - 2015-05-11 01:46 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 900073.crdownload
2015-05-11 01:45 - 2015-05-11 01:45 - 00829984 _____ () C:\Users\Kathy\Downloads\Unconfirmed 657445.crdownload
2015-05-10 20:54 - 2015-05-10 20:54 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 589693.crdownload
2015-05-10 20:53 - 2015-05-10 20:53 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 520452.crdownload
2015-05-10 20:52 - 2015-05-10 20:53 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 87891.crdownload
2015-05-10 20:52 - 2015-05-10 20:53 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 27758.crdownload
2015-05-10 20:51 - 2015-05-10 20:51 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 931365.crdownload
2015-05-10 20:51 - 2015-05-10 20:51 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 858214.crdownload
2015-05-10 20:51 - 2015-05-10 20:51 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 477338.crdownload
2015-05-10 20:50 - 2015-05-10 20:50 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 31258.crdownload
2015-05-10 20:49 - 2015-05-10 20:49 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 67994.crdownload
2015-05-10 15:48 - 2015-05-10 15:48 - 00003516 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2015-05-10 15:48 - 2015-05-10 15:48 - 00003504 _____ () C:\Windows\System32\Tasks\Kathy DBAgent 2 0
2015-05-10 15:48 - 2015-05-10 15:48 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Nero
2015-05-10 15:47 - 2015-05-10 15:47 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Nero
2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Seagate
2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Leadertech
2015-05-10 15:12 - 2015-05-10 15:12 - 00713216 _____ () C:\Users\Kathy\Downloads\F4EG(1).exe
2015-05-10 14:53 - 2015-05-10 14:55 - 149605432 _____ (Seagate ) C:\Users\Kathy\Downloads\Seagate Dashboard Installer.exe
2015-05-10 12:54 - 2015-05-10 12:55 - 00611377 _____ () C:\Users\Kathy\Downloads\Unconfirmed 924424.crdownload
2015-05-10 12:54 - 2015-05-10 12:54 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 472348.crdownload
2015-05-10 12:53 - 2015-05-10 12:54 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 819967.crdownload
2015-05-10 12:53 - 2015-05-10 12:53 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 544355.crdownload
2015-05-10 12:52 - 2015-05-10 12:52 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 603776.crdownload
2015-05-10 12:52 - 2015-05-10 12:52 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 590363.crdownload
2015-05-10 12:51 - 2015-05-10 12:51 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 715349.crdownload
2015-05-10 12:50 - 2015-05-10 12:51 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 388388.crdownload
2015-05-10 12:49 - 2015-05-10 12:50 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 574387.crdownload
2015-05-10 12:49 - 2015-05-10 12:49 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 569037.crdownload
2015-05-10 12:48 - 2015-05-10 12:48 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 261232.crdownload
2015-05-10 12:48 - 2015-05-10 12:48 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 222044.crdownload
2015-05-10 12:47 - 2015-05-10 12:47 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 925041.crdownload
2015-05-10 12:47 - 2015-05-10 12:47 - 00899376 _____ () C:\Users\Kathy\Downloads\Unconfirmed 366133.crdownload
2015-05-10 11:56 - 2015-05-10 11:57 - 00797168 _____ (Generic Application Software ) C:\Users\Kathy\Downloads\Unconfirmed 512078.crdownload
2015-05-10 11:56 - 2015-05-10 11:56 - 00797168 _____ (Generic Application Software ) C:\Users\Kathy\Downloads\Unconfirmed 844955.crdownload
2015-05-10 11:55 - 2015-05-10 11:55 - 00797168 _____ (Generic Application Software ) C:\Users\Kathy\Downloads\Unconfirmed 955067.crdownload
2015-05-09 14:58 - 2015-05-09 14:58 - 00051305 _____ () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive.htm
2015-05-09 14:58 - 2015-05-09 14:58 - 00045620 _____ () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive.htm
2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive_files
2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive_files
2015-05-09 01:51 - 2015-05-09 01:51 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 670346.crdownload
2015-05-08 16:48 - 2015-05-08 16:48 - 00829992 _____ () C:\Users\Kathy\Downloads\Unconfirmed 529706.crdownload
2015-05-08 14:40 - 2015-05-08 14:40 - 00001234 _____ () C:\Users\Kathy\Downloads\setup (1).website
2015-05-08 14:37 - 2015-05-08 14:37 - 00001234 _____ () C:\Users\Kathy\Downloads\setup.website
2015-05-08 13:40 - 2015-05-08 13:40 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 524481.crdownload
2015-05-08 13:39 - 2015-05-08 13:39 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 893007.crdownload
2015-05-08 13:39 - 2015-05-08 13:39 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 572892.crdownload
2015-05-08 13:38 - 2015-05-08 13:38 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 760871.crdownload
2015-05-08 13:37 - 2015-05-08 13:37 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 621431.crdownload
2015-05-08 13:37 - 2015-05-08 13:37 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 622239.crdownload
2015-05-08 13:37 - 2015-05-08 13:37 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 579709.crdownload
2015-05-08 13:36 - 2015-05-08 13:36 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 372115.crdownload
2015-05-08 13:36 - 2015-05-08 13:36 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 413132.crdownload
2015-05-08 13:35 - 2015-05-08 13:35 - 00838720 _____ () C:\Users\Kathy\Downloads\Unconfirmed 191145.crdownload
2015-05-08 13:34 - 2015-05-08 13:36 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 1297.crdownload
2015-05-08 13:32 - 2015-05-08 13:34 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 789005.crdownload
2015-05-08 08:20 - 2015-05-08 08:21 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 807556.crdownload
2015-05-08 08:20 - 2015-05-08 08:21 - 00813341 _____ () C:\Users\Kathy\Downloads\Unconfirmed 800374.crdownload
2015-05-08 08:20 - 2015-05-08 08:21 - 00594317 _____ () C:\Users\Kathy\Downloads\Unconfirmed 706820.crdownload
2015-05-08 08:19 - 2015-05-08 08:21 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 701982.crdownload
2015-05-08 08:19 - 2015-05-08 08:21 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 345926.crdownload
2015-05-08 08:18 - 2015-05-08 08:20 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 271309.crdownload
2015-05-08 08:18 - 2015-05-08 08:18 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 765814.crdownload
2015-05-08 08:18 - 2015-05-08 08:18 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 574733.crdownload
2015-05-08 08:18 - 2015-05-08 08:18 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 461331.crdownload
2015-05-08 08:17 - 2015-05-08 08:17 - 06512744 _____ (383 Media, Inc.) C:\Users\Kathy\Downloads\Unconfirmed 637121.crdownload
2015-05-08 08:17 - 2015-05-08 08:17 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 736598.crdownload
2015-05-08 08:17 - 2015-05-08 08:17 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 681023.crdownload
2015-05-08 08:16 - 2015-05-08 08:16 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 312251.crdownload
2015-05-08 08:16 - 2015-05-08 08:16 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 25339.crdownload
2015-05-08 08:15 - 2015-05-08 08:16 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 765236.crdownload
2015-05-08 08:15 - 2015-05-08 08:15 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 80062.crdownload
2015-05-08 08:15 - 2015-05-08 08:15 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 489253.crdownload
2015-05-08 08:15 - 2015-05-08 08:15 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 142558.crdownload
2015-05-08 08:15 - 2015-05-08 08:15 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (10).website
2015-05-08 08:14 - 2015-05-08 08:15 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 969426.crdownload
2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 640561.crdownload
2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 563334.crdownload
2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 398976.crdownload
2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 294754.crdownload
2015-05-08 08:14 - 2015-05-08 08:14 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 190009.crdownload
2015-05-08 08:13 - 2015-05-08 08:13 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 76602.crdownload
2015-05-08 08:13 - 2015-05-08 08:13 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 492603.crdownload
2015-05-08 08:12 - 2015-05-08 08:12 - 00830256 _____ () C:\Users\Kathy\Downloads\Unconfirmed 830464.crdownload
2015-05-08 07:30 - 2015-05-08 07:31 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 707737.crdownload
2015-05-08 06:47 - 2015-05-08 06:47 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 251721.crdownload
2015-05-08 06:23 - 2015-05-08 06:23 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 950841.crdownload
2015-05-08 05:53 - 2015-05-08 05:54 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 935422.crdownload
2015-05-08 05:20 - 2015-05-08 05:20 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (9).website
2015-05-08 04:49 - 2015-05-08 04:49 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 64635.crdownload
2015-05-08 04:49 - 2015-05-08 04:49 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 500351.crdownload
2015-05-08 04:49 - 2015-05-08 04:49 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 217228.crdownload
2015-05-08 04:48 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 697307.crdownload
2015-05-08 04:48 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 453978.crdownload
2015-05-08 04:48 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 373085.crdownload
2015-05-08 04:48 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 317936.crdownload
2015-05-08 04:47 - 2015-05-08 04:48 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 792553.crdownload
2015-05-08 04:47 - 2015-05-08 04:47 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 917644.crdownload
2015-05-08 04:47 - 2015-05-08 04:47 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 358462.crdownload
2015-05-08 04:47 - 2015-05-08 04:47 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 144710.crdownload
2015-05-08 04:46 - 2015-05-08 04:46 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 605588.crdownload
2015-05-08 04:46 - 2015-05-08 04:46 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 561522.crdownload
2015-05-08 04:46 - 2015-05-08 04:46 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 330583.crdownload
2015-05-08 04:45 - 2015-05-08 04:45 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 748003.crdownload
2015-05-08 04:45 - 2015-05-08 04:45 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 734362.crdownload
2015-05-08 04:45 - 2015-05-08 04:45 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 590101.crdownload
2015-05-08 04:45 - 2015-05-08 04:45 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 477647.crdownload
2015-05-08 04:44 - 2015-05-08 04:44 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 334451.crdownload
2015-05-08 04:44 - 2015-05-08 04:44 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 313176.crdownload
2015-05-08 04:44 - 2015-05-08 04:44 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 302951.crdownload
2015-05-08 04:44 - 2015-05-08 04:44 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 28181.crdownload
2015-05-08 04:43 - 2015-05-08 04:43 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 841479.crdownload
2015-05-08 04:43 - 2015-05-08 04:43 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 672562.crdownload
2015-05-08 04:43 - 2015-05-08 04:43 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 663360.crdownload
2015-05-08 04:42 - 2015-05-08 04:43 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 272579.crdownload
2015-05-08 04:42 - 2015-05-08 04:42 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 582033.crdownload
2015-05-08 04:42 - 2015-05-08 04:42 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 480227.crdownload
2015-05-08 04:42 - 2015-05-08 04:42 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 299096.crdownload
2015-05-08 04:41 - 2015-05-08 04:41 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 641701.crdownload
2015-05-08 04:41 - 2015-05-08 04:41 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 247275.crdownload
2015-05-08 04:41 - 2015-05-08 04:41 - 00830032 _____ () C:\Users\Kathy\Downloads\Unconfirmed 200807.crdownload
2015-05-08 03:14 - 2015-05-08 03:14 - 00197777 _____ () C:\Users\Kathy\Downloads\7B53.tmp
2015-05-08 03:14 - 2015-05-08 03:14 - 00076793 _____ () C:\Users\Kathy\Downloads\3120.tmp
2015-05-08 03:11 - 2015-05-08 03:11 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 485859.crdownload
2015-05-08 03:11 - 2015-05-08 03:11 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 315311.crdownload
2015-05-08 03:10 - 2015-05-08 03:10 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 913740.crdownload
2015-05-08 03:10 - 2015-05-08 03:10 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 185390.crdownload
2015-05-08 03:09 - 2015-05-08 03:09 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 828839.crdownload
2015-05-08 03:09 - 2015-05-08 03:09 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 764192.crdownload
2015-05-08 03:08 - 2015-05-08 03:08 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 590590.crdownload
2015-05-08 03:07 - 2015-05-08 03:07 - 00829952 _____ () C:\Users\Kathy\Downloads\Unconfirmed 950381.crdownload
2015-05-08 00:39 - 2015-05-08 00:40 - 01564066 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 857448.crdownload
2015-05-08 00:32 - 2015-05-08 00:36 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 577490.crdownload
2015-05-07 23:23 - 2015-05-07 23:23 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 546478.crdownload
2015-05-07 23:22 - 2015-05-07 23:23 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 318684.crdownload
2015-05-07 23:22 - 2015-05-07 23:22 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 813259.crdownload
2015-05-07 23:22 - 2015-05-07 23:22 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 725476.crdownload
2015-05-07 23:20 - 2015-05-07 23:20 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 723845.crdownload
2015-05-07 23:20 - 2015-05-07 23:20 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 379276.crdownload
2015-05-07 23:19 - 2015-05-07 23:19 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 682146.crdownload
2015-05-07 23:18 - 2015-05-07 23:18 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 815696.crdownload
2015-05-07 23:17 - 2015-05-07 23:17 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 229100.crdownload
2015-05-07 23:16 - 2015-05-07 23:17 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 475796.crdownload
2015-05-07 23:16 - 2015-05-07 23:16 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 468554.crdownload
2015-05-07 23:16 - 2015-05-07 23:16 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 366806.crdownload
2015-05-07 23:11 - 2015-05-07 23:12 - 00210265 _____ () C:\Users\Kathy\Downloads\4502.tmp
2015-05-07 23:11 - 2015-05-07 23:11 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 494962.crdownload
2015-05-07 23:10 - 2015-05-07 23:10 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 853130.crdownload
2015-05-07 23:09 - 2015-05-07 23:10 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 29101.crdownload
2015-05-07 23:09 - 2015-05-07 23:09 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 77296.crdownload
2015-05-07 23:08 - 2015-05-07 23:08 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 865766.crdownload
2015-05-07 23:08 - 2015-05-07 23:08 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 656902.crdownload
2015-05-07 23:07 - 2015-05-07 23:07 - 00829680 _____ () C:\Users\Kathy\Downloads\Unconfirmed 626078.crdownload
2015-05-07 20:08 - 2015-05-07 20:09 - 18650456 _____ () C:\Users\Kathy\Downloads\Unconfirmed 253080.crdownload
2015-05-07 18:58 - 2015-05-07 18:58 - 00829656 _____ () C:\Users\Kathy\Downloads\Unconfirmed 119752.crdownload
2015-05-07 16:59 - 2015-05-07 16:59 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (8).website
2015-05-07 16:58 - 2015-05-07 16:58 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (7).website
2015-05-07 16:42 - 2015-05-07 16:42 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 610377.crdownload
2015-05-07 16:42 - 2015-05-07 16:42 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 464591.crdownload
2015-05-07 16:41 - 2015-05-07 16:41 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 876615.crdownload
2015-05-07 16:41 - 2015-05-07 16:41 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 420473.crdownload
2015-05-07 16:40 - 2015-05-07 16:40 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 819992.crdownload
2015-05-07 16:39 - 2015-05-07 16:39 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 984507.crdownload
2015-05-07 16:39 - 2015-05-07 16:39 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 516223.crdownload
2015-05-07 16:38 - 2015-05-07 16:39 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 450710.crdownload
2015-05-07 16:38 - 2015-05-07 16:38 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 964707.crdownload
2015-05-07 16:38 - 2015-05-07 16:38 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 427271.crdownload
2015-05-07 16:37 - 2015-05-07 16:37 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 182192.crdownload
2015-05-07 16:36 - 2015-05-07 16:37 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 34131.crdownload
2015-05-07 16:36 - 2015-05-07 16:36 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 286693.crdownload
2015-05-07 16:35 - 2015-05-07 16:36 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 396230.crdownload
2015-05-07 16:35 - 2015-05-07 16:35 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 914573.crdownload
2015-05-07 16:35 - 2015-05-07 16:35 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 530481.crdownload
2015-05-07 16:34 - 2015-05-07 16:34 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 609661.crdownload
2015-05-07 16:33 - 2015-05-07 16:33 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 911249.crdownload
2015-05-07 16:33 - 2015-05-07 16:33 - 00846328 _____ () C:\Users\Kathy\Downloads\Unconfirmed 501364.crdownload
2015-05-07 16:27 - 2015-05-07 16:31 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 271838.crdownload
2015-05-07 15:44 - 2015-05-07 15:46 - 18650456 _____ () C:\Users\Kathy\Downloads\Unconfirmed 410279.crdownload
2015-05-07 15:33 - 2015-05-07 15:33 - 00025265 _____ () C:\Users\Kathy\Downloads\download
2015-05-07 11:42 - 2015-05-07 11:46 - 16553558 _____ () C:\Users\Kathy\Downloads\Unconfirmed 261977.crdownload
2015-05-07 04:17 - 2015-05-07 04:17 - 07896440 _____ () C:\Users\Kathy\Downloads\Unconfirmed 910661.crdownload
2015-05-06 21:46 - 2015-05-06 21:46 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 745041.crdownload
2015-05-06 17:31 - 2015-05-06 17:31 - 00857648 _____ () C:\Users\Kathy\Downloads\Unconfirmed 499205.crdownload
2015-05-06 17:29 - 2015-05-06 17:31 - 00857648 _____ () C:\Users\Kathy\Downloads\Unconfirmed 625077.crdownload
2015-05-06 17:29 - 2015-05-06 17:30 - 00857648 _____ () C:\Users\Kathy\Downloads\Unconfirmed 559162.crdownload
2015-05-06 17:25 - 2015-05-06 17:25 - 00857648 _____ () C:\Users\Kathy\Downloads\Unconfirmed 392991.crdownload
2015-05-06 17:16 - 2015-05-06 17:17 - 18650456 _____ () C:\Users\Kathy\Downloads\Unconfirmed 526487.crdownload
2015-05-06 16:23 - 2015-05-06 16:23 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 934993.crdownload
2015-05-06 16:22 - 2015-05-06 16:22 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 374272.crdownload
2015-05-06 16:22 - 2015-05-06 16:22 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 178674.crdownload
2015-05-06 16:21 - 2015-05-06 16:21 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 458298.crdownload
2015-05-06 16:21 - 2015-05-06 16:21 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 119589.crdownload
2015-05-06 16:20 - 2015-05-06 16:20 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 109811.crdownload
2015-05-06 16:19 - 2015-05-06 16:19 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 637599.crdownload
2015-05-06 16:19 - 2015-05-06 16:19 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 307157.crdownload
2015-05-06 16:18 - 2015-05-06 16:18 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 342905.crdownload
2015-05-06 16:17 - 2015-05-06 16:17 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 593886.crdownload
2015-05-06 16:17 - 2015-05-06 16:17 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 451054.crdownload
2015-05-06 16:16 - 2015-05-06 16:16 - 00857496 _____ () C:\Users\Kathy\Downloads\Unconfirmed 538280.crdownload
2015-05-06 11:29 - 2015-05-06 11:31 - 00074105 _____ () C:\Users\Kathy\Downloads\4144.tmp
2015-05-06 11:28 - 2015-05-06 11:31 - 00215657 _____ () C:\Users\Kathy\Downloads\8CA0.tmp
2015-05-06 11:20 - 2015-05-06 11:21 - 00768097 _____ () C:\Users\Kathy\Downloads\Unconfirmed 538744.crdownload
2015-05-06 11:19 - 2015-05-06 11:19 - 00857176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 832832.crdownload
2015-05-06 11:17 - 2015-05-06 11:18 - 00857176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 703850.crdownload
2015-05-06 11:17 - 2015-05-06 11:17 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (6).website
2015-05-06 11:16 - 2015-05-06 11:16 - 00857176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 466801.crdownload
2015-05-06 11:16 - 2015-05-06 11:16 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (5).website
2015-05-06 11:15 - 2015-05-06 11:15 - 00857176 _____ () C:\Users\Kathy\Downloads\Unconfirmed 696768.crdownload
2015-05-06 08:40 - 2015-05-06 08:45 - 32167704 _____ (VideoLan ) C:\Users\Kathy\Downloads\Unconfirmed 462644.crdownload
2015-05-06 07:59 - 2015-05-06 07:59 - 00142489 _____ () C:\Users\Kathy\Downloads\mod_fcgid-2.3.9-crlf.zip
2015-05-06 04:13 - 2015-05-06 04:13 - 00796072 _____ (Program ) C:\Users\Kathy\Downloads\Unconfirmed 520060.crdownload
2015-05-05 23:24 - 2015-05-05 23:25 - 05054838 _____ () C:\Users\Kathy\Downloads\httpd-2.4.12.tar.bz2
2015-05-05 22:45 - 2015-05-05 22:46 - 29653493 _____ () C:\Users\Kathy\Downloads\tga-spoilercast-episode-1.mp3.crdownload
2015-05-05 22:32 - 2015-05-05 22:36 - 95549608 _____ () C:\Users\Kathy\Downloads\tga-the-raid-episode-16.mp3.crdownload
2015-05-05 16:34 - 2015-05-05 16:34 - 00805253 _____ () C:\Users\Kathy\Downloads\nginx-1.6.3.tar.gz
2015-05-05 16:33 - 2015-05-05 16:34 - 00769153 _____ () C:\Users\Kathy\Downloads\nginx-1.4.7.tar.gz
2015-05-05 15:24 - 2015-05-05 15:24 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 73985.crdownload
2015-05-04 23:36 - 2015-05-04 23:36 - 00256128 _____ (InstallerTech Corp) C:\Users\Kathy\Downloads\Unconfirmed 919502.crdownload
2015-04-30 19:48 - 2015-04-30 19:48 - 00797248 _____ (Generic ) C:\Users\Kathy\Downloads\Unconfirmed 288937.crdownload
2015-04-30 19:48 - 2015-04-30 19:48 - 00084293 _____ () C:\Users\Kathy\Downloads\CB50.tmp
2015-04-30 19:45 - 2015-04-30 19:45 - 00797248 _____ (Generic ) C:\Users\Kathy\Downloads\Unconfirmed 337898.crdownload
2015-04-30 19:44 - 2015-04-30 19:45 - 00797248 _____ (Generic ) C:\Users\Kathy\Downloads\Unconfirmed 9156.crdownload
2015-04-30 18:46 - 2015-04-30 18:47 - 00373373 _____ () C:\Users\Kathy\Downloads\Unconfirmed 191909.crdownload
2015-04-30 18:46 - 2015-04-30 18:46 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 815207.crdownload
2015-04-30 18:46 - 2015-04-30 18:46 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 21781.crdownload
2015-04-30 18:45 - 2015-04-30 18:46 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 122665.crdownload
2015-04-30 18:44 - 2015-04-30 18:44 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 89237.crdownload
2015-04-30 18:44 - 2015-04-30 18:44 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 291366.crdownload
2015-04-30 18:43 - 2015-04-30 18:43 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 914169.crdownload
2015-04-30 18:43 - 2015-04-30 18:43 - 00887488 _____ () C:\Users\Kathy\Downloads\Unconfirmed 391891.crdownload
2015-04-30 14:19 - 2015-04-30 14:19 - 00795192 _____ (Software Internet ) C:\Users\Kathy\Downloads\Unconfirmed 284494.crdownload
2015-04-30 12:21 - 2015-04-30 12:21 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (5).website.crdownload
2015-04-30 12:19 - 2015-04-30 12:20 - 00000562 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (4).website
2015-04-29 12:52 - 2015-04-29 12:52 - 00000558 _____ () C:\Users\Kathy\Downloads\flashplayerupdate-setup (3).website
2015-04-28 14:40 - 2015-04-28 14:40 - 00795200 _____ (Software Internet ) C:\Users\Kathy\Downloads\Unconfirmed 364104.crdownload
2015-04-27 12:45 - 2015-04-27 12:46 - 26372721 _____ () C:\Users\Kathy\Downloads\349043891 (1).mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 19:01 - 2014-11-08 21:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-24 18:04 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 18:04 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 18:00 - 2014-11-08 18:59 - 02014833 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 17:52 - 2015-03-01 14:56 - 00005743 _____ () C:\Windows\setupact.log
2015-05-24 17:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 13:55 - 2009-07-14 00:13 - 00006170 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 13:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-24 13:47 - 2015-03-29 18:23 - 00053202 _____ () C:\Windows\PFRO.log
2015-05-24 13:02 - 2014-11-09 16:52 - 00000000 ____D () C:\Users\Kathy\Documents\First Steps
2015-05-23 21:35 - 2014-12-15 09:50 - 00000000 ____D () C:\Users\Kathy\Desktop\Windows Loader v2.2.2
2015-05-23 21:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2015-05-23 11:33 - 2014-11-09 16:47 - 00000000 ____D () C:\Users\Kathy\Documents\calendars
2015-05-23 10:29 - 2015-02-28 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 09:08 - 2015-01-12 21:32 - 00012950 ____H () C:\Users\Kathy\Documents\~WRL3697.tmp
2015-05-21 06:46 - 2015-04-21 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-21 06:46 - 2014-11-08 21:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-12 18:35 - 2015-01-13 19:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-10 15:48 - 2014-11-08 17:04 - 00000000 ____D () C:\Users\Kathy
2015-05-10 15:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-08 17:57 - 2009-07-14 00:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-03-01 14:49 - 2015-03-01 14:49 - 0000017 _____ () C:\Users\Kathy\AppData\Local\resmon.resmoncfg
2014-11-12 11:03 - 2014-11-12 11:03 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 17:38

==================== End of log ============================

 

 

 

ADDITION:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Kathy at 2015-05-24 19:05:51
Running from C:\Users\Kathy\Desktop\FRST Scans
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2506747023-1352019474-4072486413-500 - Administrator - Disabled)
Guest (S-1-5-21-2506747023-1352019474-4072486413-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2506747023-1352019474-4072486413-1002 - Limited - Enabled)
Kathy (S-1-5-21-2506747023-1352019474-4072486413-1000 - Administrator - Enabled) => C:\Users\Kathy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
gBot (HKLM-x32\...\407308A3-D7DA-A7A5-C900-000000B100) (Version: 107.0.0.454 - gBot team)
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Inspector Parker (HKLM-x32\...\BFG-Inspector Parker) (Version: - )
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mystery Case Files: Prime Suspects ™ (HKLM-x32\...\BFG-Mystery Case Files - Prime Suspects) (Version: - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.30.0239 - )
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.19.0 - Seagate)
Super Mahjong (HKLM-x32\...\e7ae5e74e555b485845f9811708aa158) (Version: - GameHouse)
Tixati (HKLM-x32\...\tixati) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\WinDirStat) (Version: - )
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

24-05-2015 13:11:36 AA11

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B4DF142-C1DF-426D-A59F-179B3B86F448} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {1473CC2A-B67D-4812-B3E3-FEA809260A97} - System32\Tasks\ScanToPCActivationApp.exe_{B0C2E6BD-C1A6-49E6-A0CC-74081F080AFF} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {227ABE67-3CE1-4D77-A7C5-85899ED5B238} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {31F80569-458F-4A2A-954A-CAFE4FE849AB} - System32\Tasks\{DF5E0E28-42F3-4954-829F-6BB9FF8E6E7E} => pcalua.exe -a C:\Users\Kathy\Downloads\Install-winMd5Sum.exe -d C:\Users\Kathy\Downloads
Task: {4A9CF1BC-EC6A-496C-AA8F-64588807975A} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-03] (Seagate Technology LLC)
Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION
Task: {5D393784-9E8B-4566-8704-01F03A820908} - System32\Tasks\GB Runner => %LOCALAPPDATA%\407308A3-D7DA-A7A5-C900-000000B100\gbRunner.exe
Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {8E728DAD-FCF3-4BCD-B218-CFCD47442B89} - System32\Tasks\{D9065875-F2C5-4397-A201-02682A0A1EE3} => pcalua.exe -a E:\sp48482.exe -d E:\
Task: {8E7CA9EB-8A00-4D97-BE28-48DE710191D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {910840FB-36F9-4ACC-B238-CE9F37633707} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-02-24] ()
Task: {972B388A-3F17-43C3-BF4A-ECB145C54E42} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Kathy) => C:\Users\Kathy\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2015-05-10] (Leader Technologies/Seagate)
Task: {B0379419-4F21-4A1C-AB2B-E949E267A6FB} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop
Task: {F42509DD-F87B-420E-9A08-91350E34F247} - System32\Tasks\Kathy DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-02-03] (Seagate Technology LLC)
Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-10 18:50 - 2015-03-10 18:50 - 02756616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-11-15 04:07 - 2014-11-15 04:07 - 00386624 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\gbRunner.exe
2015-05-24 17:53 - 2015-05-24 17:53 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\src\rgloader\rgloader193.mswin.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\bin\libffi-6.dll
2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr57EE.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-05-24 17:53 - 2015-05-24 17:53 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\src\rgloader\rgloader193.mswin.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00118784 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00069120 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00083968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\bin\zlib1.dll
2015-05-24 17:53 - 2015-05-24 17:53 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00275968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00015360 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00008192 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00023552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00036352 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\bin\libffi-6.dll
2015-05-24 17:53 - 2015-05-24 17:53 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-05-24 17:53 - 2015-05-24 17:53 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr9404.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-02-24 13:11 - 2015-02-24 13:11 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2014-11-15 04:08 - 2014-11-15 04:08 - 00094784 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\ManXec.dll
2014-11-15 04:08 - 2014-11-15 04:08 - 00071232 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmdProc.dll
2014-11-15 04:09 - 2014-11-15 04:09 - 00043072 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\PrfIns.dll
2014-11-15 04:09 - 2014-11-15 04:09 - 00054336 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\WbSes.dll
2014-11-15 04:09 - 2014-11-15 04:09 - 00120384 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\WdcMan.dll
2014-11-15 04:09 - 2014-11-15 04:09 - 00122432 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\WblSupp.dll
2014-11-15 04:08 - 2014-11-15 04:08 - 00101952 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmnUtls.dll
2014-12-15 10:02 - 2014-10-23 03:14 - 01091584 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\libglesv2.dll
2014-12-15 10:02 - 2014-10-23 03:19 - 00167936 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\libEGL.dll
2014-12-15 10:02 - 2014-10-23 03:26 - 08569856 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\pdf.dll
2014-12-15 10:02 - 2014-10-23 03:20 - 00324608 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\ppGoogleNaClPluginChrome.dll
2014-12-15 10:02 - 2014-10-23 03:23 - 00880128 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\ffmpegsumo.dll
2014-12-15 10:02 - 2014-09-22 23:07 - 14891848 _____ () C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Chrome-bin\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
AlternateDataStreams: C:\ProgramData\TEMP:80FE037D

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B85C99DF-9DF1-4912-A476-DBA4D9574C00}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{C780F957-B6C3-4FE6-85BD-4B794F110D33}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6EBF6E00-4899-441C-966A-5799CDE6393E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6D931486-EACD-41E3-B260-7D975C177D89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{113CC051-69BC-4130-AD11-131C8F8B3DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{53440948-0468-4E5F-A280-425637353164}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{A4A4E9F1-EA2C-4AAB-85FF-5B480CDFFE0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{BE4F7C7B-D685-4CC4-A40E-0F33EBE30F24}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [uDP Query User{98255DD5-EB27-4EEE-ADB4-6EEF79ADC795}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{CA2DBDAB-1987-41A9-B259-6947D7B9C251}] => (Allow) LPort=8888
FirewallRules: [{3504F4C9-79D9-480B-B419-5E8796EA1C3A}] => (Allow) LPort=8888

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/23/2015 11:11:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/23/2015 11:11:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/23/2015 09:39:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/23/2015 09:39:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/23/2015 10:43:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 5.3.0.5128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6e8

Start Time: 01d0956b063cb385

Termination Time: 32

Application Path: C:\Program Files\CCleaner\CCleaner64.exe

Report Id: 63fd7f46-0162-11e5-9c92-8cdcd488ce35

Error: (05/22/2015 08:48:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 37.0.2062.124, time stamp: 0x54637c3c
Faulting module name: chrome.dll, version: 37.0.2062.124, time stamp: 0x5463780e
Exception code: 0x80000003
Fault offset: 0x00056cd0
Faulting process id: 0x34a4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (05/22/2015 04:12:32 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (05/24/2015 07:02:18 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC)

Error: (05/24/2015 06:51:08 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC)

Error: (05/24/2015 06:04:31 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC)

Error: (05/24/2015 05:56:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
qtbc

Error: (05/24/2015 05:54:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate MobileBackup Service service to connect.

Error: (05/24/2015 05:53:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (05/24/2015 05:53:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (05/24/2015 05:08:06 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC)

Error: (05/24/2015 04:59:56 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC)

Error: (05/24/2015 04:51:45 PM) (Source: DCOM) (EventID: 10016) (User: Quicksilver)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}QuicksilverKathyS-1-5-21-2506747023-1352019474-4072486413-1000LocalHost (Using LRPC)


Microsoft Office:
=========================
Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/23/2015 11:11:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/23/2015 11:11:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/23/2015 09:39:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/23/2015 09:39:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/23/2015 10:43:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe5.3.0.51286e801d0956b063cb38532C:\Program Files\CCleaner\CCleaner64.exe63fd7f46-0162-11e5-9c92-8cdcd488ce35

Error: (05/22/2015 08:48:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.12454637c3cchrome.dll37.0.2062.1245463780e8000000300056cd034a401d09494b054f135C:\Users\Kathy\AppData\Local\407308~1\CHROME~1\chrome.exeC:\Users\Kathy\AppData\Local\407308~1\CHROME~1\chrome.dll392bf45a-0089-11e5-9c92-8cdcd488ce35

Error: (05/22/2015 04:12:32 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


==================== Memory info ===========================

Processor: Intel® Core i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 36%
Total physical RAM: 8126.3 MB
Available physical RAM: 5150.44 MB
Total Pagefile: 16250.78 MB
Available Pagefile: 13489.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:580.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6484D2A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of log ============================

 

 

I really appreciate your help in dealing with this.

 

 

Cheers.

 

Share this post


Link to post
Share on other sites

Hi zubbs1,

1. There are several old program versions with known vulnerabilities in the computer. A web page can use those vulnerabilities to infect the computer. Use Secunias Software Inspector to the old versions and then uninstall or update them. http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

 

2. Please, uninstall or disable all file sharing programs (torrent programs), e.g. Tixati, while cleaning the computer.

 

3. There are a lot of partially downloaded files in the Downloads folder. They are called Unconfirmed xxx.crdownload, I suggest that you delete them.

 

 

4. The following script will empty the Recycle Bin and the folders for temporary files, please check that there aren't any important files in those locations.

 

Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
CMD: ipconfig /flushdns
EmptyTemp:
and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

 

 

5. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

Secunia gives me an error message 'unable to retrieve PSI user ID from secunia. Please verify that you can connect to https://psi3.secunia.com/ then restart the PSI.

 

I can load the stated webpage, so I don't know what is going on?

 

 

Logfiles:

 

Adw Cleaner:

 

# AdwCleaner v4.205 - Logfile created 24/05/2015 at 20:43:13
# Updated 21/05/2015 by Xplode
# Database : 2015-05-24.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Kathy - QUICKSILVER
# Running from : C:\Users\Kathy\Desktop\FRST Scans\adwcleaner_4.205.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default\user.js
Folder Found : C:\ProgramData\Trymedia

***** [ Scheduled tasks ] *****

Task Found : GB Runner

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49851;hxxps=127.0.0.1:49851;
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\CommunityCrawlingService
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}
Key Found : HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\CommunityCrawlingService
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\CommunityCrawlingService
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [savedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.18715


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Chromium v

[C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4239 bytes] - [24/05/2015 20:43:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4298 bytes] ##########

 

 

FIXLOG:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Kathy at 2015-05-24 20:31:00 Run:1
Running from C:\Users\Kathy\Desktop\FRST Scans
Loaded Profiles: Kathy (Available Profiles: Kathy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
CMD: ipconfig /flushdns
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 904.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 20:37:34 ====

 

 

cheers.

Share this post


Link to post
Share on other sites

1. Try to use Secunia again when the computer is clean.

 

 

2. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Clean button.

Click on OK.
Click on OK on any message that pops up.
The computer will be restarted.

A report will be displayed, copy its content and paste into your reply.
If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt

 

3. Scan the computer with Ad-Aware.

 

 

4. Start FRST.

Select Addition.txt.

Scan with FRST and attach the two new log files.

 

 

5. Run an online scan with Eset (easiest with Internet Explorer) to get a second opinion: http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

Share this post


Link to post
Share on other sites

Holy cow!

I just went to the Secunia site and downloaded their program.

How come I never knew about this before?

I guess I'm not as smart as I thought I was!

BWAHAHAHAHA!

Have a great Memorial Day and a great if short week!

Thanks for the great info.

Share this post


Link to post
Share on other sites

Very good that the internet connection is working better now when the proxy server is gone!

 

Please, don't forget to follow up with the logs to make sure that everything malicious is gone.

 

Thanks, you too :)

Share this post


Link to post
Share on other sites

Secunia produced the same error after following all the steps from your post. Ad Aware found no threats after a full scan after adw cleaner.

ADW CLEANER:

# AdwCleaner v4.205 - Logfile created 25/05/2015 at 10:55:04
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Kathy - QUICKSILVER
# Running from : C:\Users\Kathy\Desktop\FRST Scans\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : GB Runner

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\CommunityCrawlingService
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\CommunityCrawlingService
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49851;hxxps=127.0.0.1:49851;
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.18715


-\\ Mozilla Firefox v38.0.1 (x86 en-US)


-\\ Chromium v

[C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4425 bytes] - [24/05/2015 20:43:13]
AdwCleaner[R1].txt - [4484 bytes] - [25/05/2015 10:53:48]
AdwCleaner[s0].txt - [4005 bytes] - [25/05/2015 10:55:04]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4064 bytes] ##########

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Kathy (administrator) on QUICKSILVER on 25-05-2015 12:24:48
Running from C:\Users\Kathy\Desktop\FRST Scans
Loaded Profiles: Kathy (Available Profiles: Kathy)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\bin\rubyw.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\bin\rubyw.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-03] (Seagate Technology LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-03] (Seagate Technology LLC)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-05-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-08] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default
FF DefaultSearchEngine.US: Google
FF Homepage: google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-03] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-03] (Seagate Technology LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3401944 2014-04-01] (Realtek Semiconductor Corporation )
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S0 qtbc; System32\drivers\qfqy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 20:42 - 2015-05-25 10:55 - 00000000 ____D () C:\AdwCleaner
2015-05-24 20:13 - 2015-05-24 20:13 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-05-24 20:13 - 2015-05-24 20:13 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Secunia PSI
2015-05-24 20:13 - 2015-05-24 20:13 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-05-24 19:03 - 2015-05-25 12:24 - 00000000 ____D () C:\FRST
2015-05-24 19:01 - 2015-05-24 20:37 - 00000000 ____D () C:\Users\Kathy\Desktop\FRST Scans
2015-05-24 13:29 - 2015-05-24 13:29 - 00000000 ____D () C:\ProgramData\BitDefender
2015-05-24 13:20 - 2015-05-24 13:20 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\LavasoftStatistics
2015-05-24 13:20 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
2015-05-24 13:20 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
2015-05-24 13:19 - 2015-05-25 10:59 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-05-24 13:19 - 2015-05-24 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-24 13:18 - 2015-05-24 13:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-05-24 13:15 - 2015-05-24 13:15 - 00000000 ____D () C:\Program Files\Lavasoft
2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Lavasoft
2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-05-24 13:11 - 2015-05-24 13:11 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-05-23 10:59 - 2015-05-23 10:59 - 00001035 _____ () C:\Users\Kathy\Desktop\WinDirStat.lnk
2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2015-05-11 14:29 - 2015-05-20 14:21 - 00045568 ____H () C:\Users\Kathy\Documents\~WRL3588.tmp
2015-05-11 14:29 - 2015-05-19 15:10 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0005.tmp
2015-05-11 14:29 - 2015-05-18 22:12 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0004.tmp
2015-05-11 14:29 - 2015-05-18 22:11 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL2470.tmp
2015-05-11 14:29 - 2015-05-11 14:46 - 00044544 ____H () C:\Users\Kathy\Documents\~WRL3630.tmp
2015-05-10 15:48 - 2015-05-10 15:48 - 00003516 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
2015-05-10 15:48 - 2015-05-10 15:48 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Nero
2015-05-10 15:47 - 2015-05-10 15:47 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Nero
2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Seagate
2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Leadertech
2015-05-09 14:58 - 2015-05-09 14:58 - 00051305 _____ () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive.htm
2015-05-09 14:58 - 2015-05-09 14:58 - 00045620 _____ () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive.htm
2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive_files
2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive_files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 12:01 - 2014-11-08 21:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 11:16 - 2014-11-08 18:59 - 02051719 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 11:12 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 11:12 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 11:02 - 2009-07-14 00:13 - 00006170 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-25 10:56 - 2015-03-01 14:56 - 00005855 _____ () C:\Windows\setupact.log
2015-05-25 10:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 20:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-24 13:47 - 2015-03-29 18:23 - 00053202 _____ () C:\Windows\PFRO.log
2015-05-24 13:02 - 2014-11-09 16:52 - 00000000 ____D () C:\Users\Kathy\Documents\First Steps
2015-05-23 21:35 - 2014-12-15 09:50 - 00000000 ____D () C:\Users\Kathy\Desktop\Windows Loader v2.2.2
2015-05-23 21:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2015-05-23 11:33 - 2014-11-09 16:47 - 00000000 ____D () C:\Users\Kathy\Documents\calendars
2015-05-23 10:29 - 2015-02-28 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 09:08 - 2015-01-12 21:32 - 00012950 ____H () C:\Users\Kathy\Documents\~WRL3697.tmp
2015-05-21 06:46 - 2015-04-21 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-21 06:46 - 2014-11-08 21:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-12 18:35 - 2015-01-13 19:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-10 15:48 - 2014-11-08 17:04 - 00000000 ____D () C:\Users\Kathy
2015-05-10 15:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-08 17:57 - 2009-07-14 00:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-03-01 14:49 - 2015-03-01 14:49 - 0000017 _____ () C:\Users\Kathy\AppData\Local\resmon.resmoncfg
2014-11-12 11:03 - 2014-11-12 11:03 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Kathy\AppData\Local\Temp\Quarantine.exe
C:\Users\Kathy\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 17:38

==================== End of log ============================

FRST Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Kathy at 2015-05-25 12:26:28
Running from C:\Users\Kathy\Desktop\FRST Scans
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2506747023-1352019474-4072486413-500 - Administrator - Disabled)
Guest (S-1-5-21-2506747023-1352019474-4072486413-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2506747023-1352019474-4072486413-1002 - Limited - Enabled)
Kathy (S-1-5-21-2506747023-1352019474-4072486413-1000 - Administrator - Enabled) => C:\Users\Kathy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
gBot (HKLM-x32\...\407308A3-D7DA-A7A5-C900-000000B100) (Version: 107.0.0.454 - gBot team)
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Inspector Parker (HKLM-x32\...\BFG-Inspector Parker) (Version: - )
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Mystery Case Files: Prime Suspects ™ (HKLM-x32\...\BFG-Mystery Case Files - Prime Suspects) (Version: - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.30.0239 - )
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.19.0 - Seagate)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Super Mahjong (HKLM-x32\...\e7ae5e74e555b485845f9811708aa158) (Version: - GameHouse)
Tixati (HKLM-x32\...\tixati) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\WinDirStat) (Version: - )
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

24-05-2015 13:11:36 AA11
24-05-2015 20:31:01 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B4DF142-C1DF-426D-A59F-179B3B86F448} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {1473CC2A-B67D-4812-B3E3-FEA809260A97} - System32\Tasks\ScanToPCActivationApp.exe_{B0C2E6BD-C1A6-49E6-A0CC-74081F080AFF} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {227ABE67-3CE1-4D77-A7C5-85899ED5B238} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {31F80569-458F-4A2A-954A-CAFE4FE849AB} - System32\Tasks\{DF5E0E28-42F3-4954-829F-6BB9FF8E6E7E} => pcalua.exe -a C:\Users\Kathy\Downloads\Install-winMd5Sum.exe -d C:\Users\Kathy\Downloads
Task: {4A9CF1BC-EC6A-496C-AA8F-64588807975A} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-03] (Seagate Technology LLC)
Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION
Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {8E728DAD-FCF3-4BCD-B218-CFCD47442B89} - System32\Tasks\{D9065875-F2C5-4397-A201-02682A0A1EE3} => pcalua.exe -a E:\sp48482.exe -d E:\
Task: {8E7CA9EB-8A00-4D97-BE28-48DE710191D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {910840FB-36F9-4ACC-B238-CE9F37633707} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-02-24] ()
Task: {972B388A-3F17-43C3-BF4A-ECB145C54E42} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Kathy) => C:\Users\Kathy\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2015-05-10] (Leader Technologies/Seagate)
Task: {B0379419-4F21-4A1C-AB2B-E949E267A6FB} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop
Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-24 13:11 - 2015-02-24 13:11 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2015-05-24 13:20 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2015-05-24 13:29 - 2015-05-24 13:29 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2015-05-24 13:29 - 2015-05-24 13:29 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2015-05-24 13:29 - 2015-05-24 13:29 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2015-05-24 13:29 - 2015-05-24 13:29 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-03-10 18:50 - 2015-03-10 18:50 - 17104376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktop.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00456224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_program_options-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 07331856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktopDefaultSkin.dll
2015-05-25 10:56 - 2015-05-25 10:56 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\src\rgloader\rgloader193.mswin.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\bin\libffi-6.dll
2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-05-25 10:56 - 2015-05-25 10:56 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\src\rgloader\rgloader193.mswin.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00118784 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00069120 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00083968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\bin\zlib1.dll
2015-05-25 10:56 - 2015-05-25 10:56 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00275968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00015360 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00008192 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00023552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00036352 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\bin\libffi-6.dll
2015-05-25 10:56 - 2015-05-25 10:56 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-05-25 10:56 - 2015-05-25 10:56 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-02-24 13:11 - 2015-02-24 13:11 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-02-24 13:11 - 2015-02-24 13:11 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
AlternateDataStreams: C:\ProgramData\TEMP:80FE037D

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B85C99DF-9DF1-4912-A476-DBA4D9574C00}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{C780F957-B6C3-4FE6-85BD-4B794F110D33}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{6EBF6E00-4899-441C-966A-5799CDE6393E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6D931486-EACD-41E3-B260-7D975C177D89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{113CC051-69BC-4130-AD11-131C8F8B3DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{53440948-0468-4E5F-A280-425637353164}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{A4A4E9F1-EA2C-4AAB-85FF-5B480CDFFE0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{BE4F7C7B-D685-4CC4-A40E-0F33EBE30F24}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [uDP Query User{98255DD5-EB27-4EEE-ADB4-6EEF79ADC795}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{CA2DBDAB-1987-41A9-B259-6947D7B9C251}] => (Allow) LPort=8888
FirewallRules: [{3504F4C9-79D9-480B-B419-5E8796EA1C3A}] => (Allow) LPort=8888

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/25/2015 00:30:47 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/24/2015 08:31:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e366bbb1-6e5f-404d-bece-9cd1b0648957}

Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (05/25/2015 11:04:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (05/25/2015 10:59:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
qtbc

Error: (05/25/2015 10:56:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (05/25/2015 10:56:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (05/25/2015 10:56:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (05/25/2015 10:56:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/25/2015 10:55:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\Rtlihvs.dll

Error: (05/25/2015 10:55:36 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (05/25/2015 10:55:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/25/2015 10:55:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).


Microsoft Office:
=========================
Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/25/2015 00:30:47 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/24/2015 08:31:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e366bbb1-6e5f-404d-bece-9cd1b0648957}

Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000


==================== Memory info ===========================

Processor: Intel® Core i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 36%
Total physical RAM: 8126.3 MB
Available physical RAM: 5138.71 MB
Total Pagefile: 16250.78 MB
Available Pagefile: 13845.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:582.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6484D2A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of log ============================

ESET:

C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\gbRunner.exe a variant of Win32/GigaClicks.AK potentially unwanted application
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\uninstall.exe a variant of Win32/GigaClicks.AK potentially unwanted application
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmdProc.dll a variant of Win32/GigaClicks.AK potentially unwanted application
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmlProc.dll a variant of Win32/GigaClicks.AJ potentially unwanted application
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmnUtls.dll a variant of Win32/GigaClicks.AK potentially unwanted application
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\InSes.dll a variant of Win32/GigaClicks.AJ potentially unwanted application
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\ManXec.dll a variant of Win32/GigaClicks.AK potentially unwanted application
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\PrfIns.dll a variant of Win32/GigaClicks.AK potentially unwanted application
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\WblSupp.dll a variant of Win32/GigaClicks.AK potentially unwanted application
C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application

Cheers.

Share this post


Link to post
Share on other sites

1. Please, uninstall "gBot" since it's adware
Uninstall or update "Java 8 Update 25" and "Adobe Flash Player 17 NPAPI" since those are old versions with known vulnerabilities. That kind of vulnerabilities can be exploited by a web page to infect the computer. Most people don't need Java at all, but if you need it, it's very important to always have the latest version.

2. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S0 qtbc; System32\drivers\qfqy.sys [X]
Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION
Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop
Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
AlternateDataStreams: C:\ProgramData\TEMP:80FE037D
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

Share this post


Link to post
Share on other sites

Ok, I've updated Adobe and removed gbot and java.

 

Here is the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Kathy at 2015-05-25 19:43:02 Run:2
Running from C:\Users\Kathy\Desktop\FRST Scans
Loaded Profiles: Kathy (Available Profiles: Kathy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S0 qtbc; System32\drivers\qfqy.sys [X]
Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION
Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop
Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
AlternateDataStreams: C:\ProgramData\TEMP:80FE037D
C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
qtbc => Service Removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\GB Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A13D603-C742-4E01-A8EA-2419CD937CC8}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A13D603-C742-4E01-A8EA-2419CD937CC8}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6}" => key Removed successfully
C:\Windows\System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11FA020E-124B-45F1-8829-AB0F8DF38F9B}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF4BF964-9276-44F1-A1F8-FD6679D38853}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF4BF964-9276-44F1-A1F8-FD6679D38853}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key Removed successfully
C:\ProgramData\TEMP => ":2CB9631F" ADS Removed successfully.
C:\ProgramData\TEMP => ":78E0DF72" ADS Removed successfully.
C:\ProgramData\TEMP => ":80FE037D" ADS Removed successfully.
"C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100" => File/Folder not found.


The system needed a reboot.

==== End of Fixlog 19:43:21 ====

 

 

Cheers.

Share this post


Link to post
Share on other sites

How is the computer behaving now?

Any other questions?

 

When you are satisfied I will give you the instruction for how to uninstall FRST and AdwCleaner.

Share this post


Link to post
Share on other sites

Ok all traces seem gone. After 24 hours, no new appdata/temp folders and files have shown up and grown out of control like before. I think I'm ready to wrap this up.

 

cheers.

Share this post


Link to post
Share on other sites

Good!

 

 

1. Please, turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.
Click on the Uninstall button.

2. Download OTC http://oldtimer.geekstogo.com/OTC.exe
Close all programs.
Start OTC program.
Click the CleanUp! button.
Select Yes when asked "Begin cleanup process".
If you are asked to reboot, select Yes.

 

If any logs remain on the computer you can delete them.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this