Safesearch removal help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

KVP

Thread Starter
Joined
Apr 23, 2015
Messages
54
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Phenom(tm) II X4 830 Processor, AMD64 Family 16 Model 4 Stepping 3
Processor Count: 4
RAM: 7927 Mb
Graphics Card: ATI Radeon HD 4200, 256 Mb
Hard Drives: C: Total - 940150 MB, Free - 203822 MB; D: Total - 13420 MB, Free - 1617 MB;
Motherboard: FOXCONN, 2A92
Antivirus: Ad-Aware Antivirus, Updated and Enabled
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
Hi KVP,
Let's get started.
-----------------------------------------------------------
Download and Run the Farbar Scan Tool
  • Download FRST64 and save to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST64 will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
If you lose track of them, they will be saved in the same location as FRST64.exe
Feel free to use separate replies if it's more convenient.

askey127
 

KVP

Thread Starter
Joined
Apr 23, 2015
Messages
54
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by Karen Van Pelt (administrator) on KARENVANPELT-HP on 25-04-2015 09:45:58
Running from C:\Users\Karen Van Pelt\Downloads
Loaded Profiles: Karen Van Pelt & Mom & Reese (Available profiles: Karen Van Pelt & Billy & Mom & Mason & Reese & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
 

KVP

Thread Starter
Joined
Apr 23, 2015
Messages
54
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
Ran by Karen Van Pelt at 2015-04-25 09:46:44
Running from C:\Users\Karen Van Pelt\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2612173390-3033125086-1710602168-500 - Administrator - Disabled)
Billy (S-1-5-21-2612173390-3033125086-1710602168-1003 - Limited - Enabled) => C:\Users\Billy
Guest (S-1-5-21-2612173390-3033125086-1710602168-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2612173390-3033125086-1710602168-1008 - Limited - Enabled)
Karen Van Pelt (S-1-5-21-2612173390-3033125086-1710602168-1001 - Administrator - Enabled) => C:\Users\Karen Van Pelt
Mason (S-1-5-21-2612173390-3033125086-1710602168-1005 - Limited - Enabled) => C:\Users\Mason
Mom (S-1-5-21-2612173390-3033125086-1710602168-1004 - Limited - Enabled) => C:\Users\Mom
Reese (S-1-5-21-2612173390-3033125086-1710602168-1007 - Limited - Enabled) => C:\Users\Reese

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.2 build 4667 (Jan-19-2015) - Carbonite)
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Garmin Lifetime Updater (HKLM-x32\...\{028BB5A9-6385-4CF6-A6FF-D512D5015DBA}) (Version: 2.1.6 - Garmin)
Google Chrome (HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
jZip (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\jZip) (Version: 2.0.0.134601 - Bandoo Media Inc) <==== ATTENTION
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Standard 2007 (HKLM-x32\...\PRJSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
ROBLOX Player for Reese (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Reese (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 4.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC)
SpywareGuard v2.2 (HKLM-x32\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.5b4_50 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VideoCam Suite 3.0 (HKLM-x32\...\{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}) (Version: 3.00.031.1033 - Panasonic Corporation)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Wondershare DVD Slideshow Builder Deluxe(Build 6.2.0.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.2.0.0 - Wondershare Software Co.,Ltd.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Reese\AppData\Local\Roblox\Versions\version-a59a59ef5163481d\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points =========================

18-04-2015 03:00:13 Windows Update
19-04-2015 03:00:29 Windows Update
20-04-2015 03:00:26 Windows Update
21-04-2015 03:00:35 Windows Update
23-04-2015 03:00:28 Windows Update
24-04-2015 03:00:23 Windows Update
25-04-2015 03:00:26 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2011-08-07 22:58 - 00436368 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {177C6043-BEF8-4A67-8B15-FCDD146BE06B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1AD221FE-8B76-45F3-B926-0C3E32ED6059} - System32\Tasks\{DB3BF726-9AE0-4920-BBC0-8446C976BD99} => pcalua.exe -a E:\MS_Visio_2007_Pro\setup.exe -d E:\MS_Visio_2007_Pro
Task: {20E0682E-CAA9-4EFB-9130-9A6B4AF6C4B3} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {28434E9B-7C55-4172-A41D-30BBE7C8610C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {2CFF571A-8B17-4BCB-8D55-FE7F25F5E0C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {30A5F48D-9B81-45B4-87BF-7AE284FEE785} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA1d040ce8898f366 => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {4180BC73-637C-424A-86A8-0AA54CC000F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {53DEFFFE-C27F-4EC9-9D53-2B3F5F767B71} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {67609DFB-384F-4E16-B2D5-1F6703E3B578} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {6C335ADD-9586-4ADE-BBF6-7E1A96BFB9A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {6ECC85A7-F2CF-4259-8FE3-1F8B2F2299A0} - System32\Tasks\HPCeeScheduleForKARENVANPELT-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6F1FD4DB-8295-4CFC-90F3-BB65ED198C4F} - System32\Tasks\{FB8FF16C-AA34-401F-A04D-FB2305846B34} => pcalua.exe -a "C:\Users\Karen Van Pelt\Desktop\OJ4500vG510n-z_Full_13_en.exe" -d "C:\Users\Karen Van Pelt\Desktop"
Task: {724F8FA3-771D-4749-9EE1-AD05ED0CBA1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core1d040ce8762dfdc => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {7FCB8E7C-526E-4007-9C72-33795B8FF216} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A1111F1C-6813-4958-B378-1EB4E5D1F443} - System32\Tasks\{F91CFE12-CD7A-4AE2-8957-DD4D349F2A5D} => pcalua.exe -a "C:\Users\Karen Van Pelt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NS8T5WIN\OJ4500vG510n-z_Full_13_en.exe" -d "C:\Users\Karen Van Pelt\Desktop"
Task: {AB4C9A88-8B3C-432C-8814-BA076560256B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B8A95223-E874-445B-8918-D36314A4124F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {B990A5A8-D125-41A4-8239-7265690FA73E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2CFC3GG8 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {C68104DA-E886-4160-8774-ED3B2A1AEA18} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {CA38EEC4-5FA8-43D3-8619-D683FE7D1C59} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {CC45B152-D1B6-47C7-812F-26AFF4CD4E18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D681848B-F52E-4DC8-9CCE-0A3476C46755} - System32\Tasks\{A4C8546F-95A5-492B-AB07-4DCBAC56968B} => pcalua.exe -a "C:\Users\Karen Van Pelt\Downloads\vPsetup.exe" -d "C:\Users\Karen Van Pelt\Downloads"
Task: {D963498A-4606-4123-8E8B-4855337302E2} - System32\Tasks\Component System\Component => C:\Users\Karen Van Pelt\AppData\Local\Component\com.exe [2015-01-17] ()
Task: {DDD923B4-3561-4596-8357-5CD3D25D7901} - System32\Tasks\GoogleUpdateTaskMachineCore1d0412938254e0a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
Task: {DFB44CEB-42D3-4816-8C40-A2B18211E944} - System32\Tasks\GoogleUpdateTaskMachineUA1d04129390e2ad2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
Task: {E61EB031-9410-4301-95F2-D289F45D7820} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
Task: {E735E043-9451-435A-A2AF-70D8C58C27F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
Task: {F9B2018B-AB7E-466C-850A-9D11B2ADACE3} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink)
Task: {FBA164D9-9ABC-4DA9-A3FE-EB3F3CFD0B33} - System32\Tasks\{053F7FEF-A75E-4308-89D0-777A8EA8C96F} => pcalua.exe -a "C:\Users\Karen Van Pelt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVLORWO\Adaware_Installer.exe" -d "C:\Users\Karen Van Pelt\Desktop"
Task: {FCA197C1-475A-4D97-A4F2-D01C6C70D0BB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {FE937886-972C-4251-A291-857C0267CB5B} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0412938254e0a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04129390e2ad2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core.job => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core1d040ce8762dfdc.job => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA.job => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA1d040ce8898f366.job => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKARENVANPELT-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-24 17:09 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2009-12-15 20:40 - 2009-12-15 20:40 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2014-12-18 16:09 - 2014-12-18 16:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 16:22 - 2014-12-18 16:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 16:22 - 2014-12-18 16:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2013-12-30 21:59 - 2013-07-17 18:09 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
2014-07-10 14:09 - 2015-04-20 10:00 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
2014-07-10 14:09 - 2015-04-20 10:00 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
2014-07-10 14:09 - 2015-04-20 10:00 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
2014-07-10 14:09 - 2015-04-20 10:00 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
2009-12-15 20:40 - 2009-12-15 20:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-12-15 20:41 - 2009-12-15 20:41 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2010-09-15 13:31 - 2010-09-15 13:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-12-18 16:21 - 2014-12-18 16:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 16:22 - 2014-12-18 16:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 16:21 - 2014-12-18 16:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-04 18:09 - 2011-01-04 18:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-01-04 18:20 - 2009-02-27 22:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2003-08-29 19:05 - 2003-08-29 19:05 - 00360448 _____ () C:\Program Files (x86)\SpywareGuard\sgmain.exe
2003-08-29 11:14 - 2003-08-29 11:14 - 00233472 _____ () C:\Program Files (x86)\SpywareGuard\sgbhp.exe
2009-12-16 02:44 - 2009-12-16 02:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-13 15:53 - 2010-09-28 14:59 - 12286008 _____ () C:\Users\Reese\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2011-03-13 15:53 - 2010-09-28 15:10 - 01699384 _____ () C:\Users\Reese\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2011-01-04 18:20 - 2009-02-19 20:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2011-03-13 09:13 - 2010-09-28 14:59 - 12286008 _____ () C:\Users\Mom\AppData\Roaming\PictureMover\Bin\Core.dll
2011-03-13 09:13 - 2010-09-28 15:10 - 01699384 _____ () C:\Users\Mom\AppData\Roaming\PictureMover\EN-US\Presentation.dll
2015-04-18 12:27 - 2015-04-13 16:55 - 01252680 _____ () C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-18 12:27 - 2015-04-13 16:55 - 00080712 _____ () C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\42.0.2311.90\libegl.dll
2015-04-25 09:44 - 2015-04-25 09:44 - 00098816 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32api.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00110080 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\pywintypes27.dll
2015-04-25 09:44 - 2015-04-25 09:44 - 00364544 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\pythoncom27.dll
2015-04-25 09:44 - 2015-04-25 09:44 - 00045568 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_socket.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 01161216 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_ssl.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00320512 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32com.shell.shell.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00713216 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_hashlib.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 01175040 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._core_.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00805888 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._gdi_.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00811008 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._windows_.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 01062400 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._controls_.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00735232 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._misc_.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00682496 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\pysqlite2._sqlite.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00128512 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_elementtree.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00127488 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\pyexpat.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00087552 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_ctypes.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00119808 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32file.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00108544 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32security.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00007168 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\hashobjs_ext.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00167936 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32gui.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00018432 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32event.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00038912 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32inet.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00011264 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32crypt.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00070656 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._html2.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00027136 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_multiprocessing.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00020480 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_yappi.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00035840 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32process.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00686080 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\unicodedata.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00122368 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._wizard.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00024064 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32pipe.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00010240 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\select.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00025600 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32pdh.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00525640 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\windows._lib_cacheinvalidation.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00017408 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32profile.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00022528 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32ts.pyd
2015-04-25 09:44 - 2015-04-25 09:44 - 00078336 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:182786D9
AlternateDataStreams: C:\ProgramData\Temp:E0F561FE
AlternateDataStreams: C:\ProgramData\Temp:182786D9
AlternateDataStreams: C:\ProgramData\Temp:E0F561FE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 11404 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karen Van Pelt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Reese\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2015 09:31:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7503

Error: (04/25/2015 09:31:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7503

Error: (04/25/2015 09:31:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/25/2015 09:31:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5007

Error: (04/25/2015 09:31:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5007

Error: (04/25/2015 09:31:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/25/2015 09:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2496

Error: (04/25/2015 09:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2496

Error: (04/25/2015 09:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/25/2015 03:07:48 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (04/25/2015 03:33:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB3033929).

Error: (04/25/2015 03:25:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:23:55 AM on &#8206;4/&#8206;25/&#8206;2015 was unexpected.

Error: (04/25/2015 03:20:04 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:18:45 AM on &#8206;4/&#8206;25/&#8206;2015 was unexpected.

Error: (04/24/2015 03:32:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB3033929).

Error: (04/24/2015 03:23:41 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:22:23 AM on &#8206;4/&#8206;24/&#8206;2015 was unexpected.

Error: (04/23/2015 08:46:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (04/23/2015 03:57:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (04/23/2015 03:56:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/23/2015 08:00:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069

Error: (04/23/2015 08:00:16 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (05/26/2012 09:55:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176840 seconds with 1140 seconds of active time. This session ended with a crash.

Error: (10/03/2011 11:45:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 682728 seconds with 8460 seconds of active time. This session ended with a crash.

Error: (08/25/2011 06:58:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 77914 seconds with 2400 seconds of active time. This session ended with a crash.

Error: (04/13/2011 11:11:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61402 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 830 Processor
Percentage of memory in use: 36%
Total physical RAM: 7927.89 MB
Available physical RAM: 5014.68 MB
Total Pagefile: 15853.98 MB
Available Pagefile: 11599 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.12 GB) (Free:198.31 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:13.11 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 9A6E06DB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

KVP

Thread Starter
Joined
Apr 23, 2015
Messages
54
Oops it didn't all copy over:


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by Karen Van Pelt (administrator) on KARENVANPELT-HP on 25-04-2015 09:45:58
Running from C:\Users\Karen Van Pelt\Downloads
Loaded Profiles: Karen Van Pelt & Mom & Reese (Available profiles: Karen Van Pelt & Billy & Mom & Mason & Reese & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\SpywareGuard\sgmain.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
() C:\Program Files (x86)\SpywareGuard\sgbhp.exe
(Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1446248 2011-12-15] (Garmin)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1063632 2015-01-19] (Carbonite, Inc.)
HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Run: [Google Update] => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2011-03-25]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-04-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-01-04]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk [2011-08-24]
ShortcutTarget: VideoCam Suite.lnk -> C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2011-03-25]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-04-03]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-01-04]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk [2011-08-24]
ShortcutTarget: VideoCam Suite.lnk -> C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
Startup: C:\Users\Karen Van Pelt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2013-02-23]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Karen Van Pelt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk [2011-07-30]
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1007\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1005\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> {1E3AD377-E562-4CDF-B484-B9FD6CF186A3} URL = http://www.safesear.ch/web/?type=20150127-120-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {1E3AD377-E562-4CDF-B484-B9FD6CF186A3} URL = http://www.safesear.ch/web/?type=20150127-120-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
BHO-x32: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files (x86)\SpywareGuard\dlprotect.dll [2003-08-02] ()
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-03] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File
Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/The%20Mystery%20of%20the%20Crystal%20Portal/Images/stg_drm.ocx
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/The%20Mystery%20of%20the%20Crystal%20Portal/Images/armhelper.ocx
ShellExecuteHooks-x32: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll [126976 2003-08-02] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-03] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-22] (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1001: @hulu.com/Hulu Desktop -> C:\Users\Karen Van Pelt\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1004: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @nsroblox.roblox.com/launcher -> C:\Users\Reese\AppData\Local\Roblox\Versions\version-a59a59ef5163481d\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @nsroblox.roblox.com/launcher64 -> C:\Users\Reese\AppData\Local\Roblox\Versions\version-a59a59ef5163481d\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Reese\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: abcTajpu "a b c type-oo" - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8} [2010-03-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-08-15]
FF Extension: Phoenity Modern - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA} [2009-08-29]
FF Extension: FoxClocks - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2010-03-20]
FF Extension: Aeon Clouds - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} [2010-03-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-02-23]
FF HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Firefox\Extensions: [{1DFBC6DF-94BA-404B-A96D-E796E52F9552}] - C:\Users\Karen Van Pelt\AppData\Local\update_flash_player_11.4.2r402.xpi
FF Extension: Adobe Flash Player - C:\Users\Karen Van Pelt\AppData\Local\update_flash_player_11.4.2r402.xpi [2012-11-06]
FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8} [Not Found]
FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]
FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-02]
CHR Extension: (Bookmark Manager) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-23]
CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KARENV~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\KARENV~1\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]
StartMenuInternet: Google Chrome.MPMXVFZI7HWP6PBPVR55NDOOJE - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-10-21] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-10-21] (BitDefender LLC)
R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-25 09:45 - 2015-04-25 09:46 - 00036947 _____ () C:\Users\Karen Van Pelt\Downloads\FRST.txt
2015-04-25 09:45 - 2015-04-25 09:46 - 00000000 ____D () C:\FRST
2015-04-25 09:45 - 2015-04-25 09:45 - 02099712 _____ (Farbar) C:\Users\Karen Van Pelt\Downloads\FRST64.exe
2015-04-23 08:03 - 2015-04-23 08:03 - 00015645 _____ () C:\Users\Karen Van Pelt\Desktop\AdwCleaner[S0].txt
2015-04-23 07:55 - 2015-04-23 07:59 - 00000000 ____D () C:\AdwCleaner
2015-04-23 07:51 - 2015-04-23 07:52 - 02217984 _____ () C:\Users\Karen Van Pelt\Downloads\adwcleaner_4.201.exe
2015-04-23 07:47 - 2015-04-23 07:47 - 00509440 _____ (Tech Support Guy System) C:\Users\Karen Van Pelt\Downloads\SysInfo.exe
2015-04-22 16:39 - 2015-04-22 16:41 - 00007185 _____ () C:\Users\Karen Van Pelt\Downloads\software_removal_tool.log
2015-04-22 16:24 - 2015-04-22 16:24 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Karen Van Pelt\Downloads\SpyHunter-Installer.exe
2015-04-22 16:00 - 2015-04-22 16:01 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Reese 10th Birthday
2015-04-20 21:18 - 2015-04-20 21:45 - 00000000 ____D () C:\Users\Karen Van Pelt\Desktop\Reese FB
2015-04-15 03:17 - 2015-04-15 03:39 - 00000000 ____D () C:\7c2304d2322946d21af1658883
2015-04-14 20:13 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 20:13 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 20:13 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 20:13 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 20:13 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 20:13 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 20:13 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 20:13 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 20:13 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 20:13 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 20:13 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 20:13 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 20:13 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 20:13 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 20:13 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 20:13 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 20:13 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 20:13 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 20:13 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 20:13 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 20:13 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 20:13 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 20:13 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 20:13 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 20:13 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 20:13 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 20:13 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 20:13 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 20:13 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 20:13 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 20:13 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 20:13 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 20:13 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 20:13 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 20:13 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 20:13 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 20:13 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 20:13 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 20:13 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 20:13 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 20:13 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:13 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 20:13 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 20:13 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 20:13 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 20:13 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 20:13 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 20:13 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 20:13 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 20:13 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 20:13 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 20:13 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 20:13 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 20:13 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 20:13 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 20:13 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 20:13 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 20:13 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 20:13 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 20:13 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 20:13 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 20:13 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 20:13 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 20:13 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 20:13 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 20:13 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 20:13 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 20:13 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 20:13 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 20:13 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 20:13 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 20:13 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 20:13 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 20:13 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 20:13 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 20:13 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 20:13 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 20:13 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 20:13 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 20:13 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 20:13 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 20:13 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 20:13 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 20:13 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 20:13 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 20:13 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 20:13 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 20:13 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 20:13 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 20:13 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 20:13 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 20:13 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 20:13 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 20:13 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 20:13 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 20:13 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 20:13 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 20:13 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 20:13 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 20:13 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 20:13 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 20:13 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 20:13 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 20:13 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 20:13 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 20:13 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 20:13 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 20:13 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 20:13 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 20:13 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 20:13 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 20:13 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 20:13 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 20:13 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 20:13 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 20:13 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 20:13 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 20:13 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 20:13 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 20:13 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 20:13 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 20:13 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 20:13 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 20:13 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 20:13 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 20:13 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 20:13 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 20:13 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 20:12 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 20:12 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 20:12 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-08 10:01 - 2015-04-08 10:01 - 05197824 _____ () C:\Users\Karen Van Pelt\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
2015-04-08 07:24 - 2015-04-08 07:24 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Easter 2015
2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 15:18 - 2015-04-22 15:54 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Mason Spring Baseball 2015
2015-04-04 15:17 - 2015-04-04 15:35 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Mason 13th Birthday Party Paintball
2015-04-04 14:29 - 2015-04-04 14:36 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\DCIM

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-25 09:45 - 2013-05-03 17:37 - 00000000 ___RD () C:\Users\Karen Van Pelt\Google Drive
2015-04-25 09:44 - 2015-02-05 04:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0412938254e0a.job
2015-04-25 09:44 - 2013-12-30 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2015-04-25 09:44 - 2013-12-30 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2015-04-25 09:44 - 2013-05-03 17:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-25 09:07 - 2012-04-13 04:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-25 09:06 - 2015-02-04 18:01 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA1d040ce8898f366.job
2015-04-25 09:00 - 2011-06-21 20:38 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA.job
2015-04-25 08:55 - 2015-02-05 04:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04129390e2ad2.job
2015-04-25 08:51 - 2013-05-03 17:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-25 08:37 - 2011-03-13 15:53 - 00155512 _____ () C:\Users\Reese\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-25 08:37 - 2011-01-04 18:09 - 01247738 _____ () C:\Windows\WindowsUpdate.log
2015-04-25 08:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-25 03:34 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-25 03:34 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-25 03:32 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 03:26 - 2013-12-30 21:59 - 00002323 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-25 03:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 03:25 - 2009-07-13 23:51 - 00067790 _____ () C:\Windows\setupact.log
2015-04-25 03:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-04-25 03:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-04-24 17:36 - 2015-02-04 18:01 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core1d040ce8762dfdc.job
2015-04-24 14:00 - 2011-06-21 20:38 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core.job
2015-04-23 07:59 - 2011-03-12 20:08 - 00000000 ____D () C:\Users\Karen Van Pelt
2015-04-23 07:20 - 2011-03-12 21:23 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6CB89EE2-9DA2-4E09-8B31-F5A669ADF57E}
2015-04-23 07:17 - 2015-01-27 08:17 - 00000000 ____D () C:\Users\Karen Van Pelt\AppData\Local\Component
2015-04-20 07:00 - 2011-01-04 18:20 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-20 07:00 - 2011-01-04 18:20 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-19 17:46 - 2011-03-12 23:02 - 00155512 _____ () C:\Users\Mason\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-19 03:25 - 2009-07-14 00:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-18 01:48 - 2011-03-13 09:13 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4A1CE575-FE32-47F6-B427-4DE75D3CF5F7}
2015-04-16 18:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 03:54 - 2014-12-10 04:40 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 03:54 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 03:21 - 2011-03-13 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:21 - 2011-03-13 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:18 - 2014-02-26 04:05 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:07 - 2014-11-17 08:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 03:07 - 2014-11-17 08:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 03:07 - 2012-04-13 04:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 03:06 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:06 - 2011-03-12 21:58 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-12 17:15 - 2011-03-13 15:52 - 00000000 ____D () C:\Users\Reese\AppData\Local\PDFC
2015-04-12 17:11 - 2012-11-18 08:12 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKARENVANPELT-HP$
2015-04-12 17:11 - 2012-11-18 08:12 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForKARENVANPELT-HP$.job
2015-04-10 10:16 - 2011-03-13 09:13 - 00155512 _____ () C:\Users\Mom\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-09 03:20 - 2009-07-13 23:45 - 00514088 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 10:15 - 2011-03-13 11:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-08 10:02 - 2011-03-12 21:13 - 00155512 _____ () C:\Users\Karen Van Pelt\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-08 10:02 - 2011-03-12 20:09 - 00000000 ____D () C:\Users\Karen Van Pelt\AppData\Local\Hewlett-Packard
2015-04-08 10:02 - 2011-01-04 18:06 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-04-04 15:16 - 2015-02-02 07:54 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Reese Winter Alodia 2015 Basketball

==================== Files in the root of some directories =======

2012-03-23 05:05 - 2012-10-24 15:47 - 0038447 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\Comma Separated Values (Windows).ADR
2012-11-06 09:34 - 2012-11-06 09:34 - 0331776 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\mbrsw.dll
2013-07-27 05:56 - 2014-11-17 19:40 - 0000094 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\WB.CFG
2013-12-31 02:09 - 2014-01-03 09:36 - 0000005 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-06-24 18:09 - 2014-01-31 07:29 - 0000005 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\WBPU-TTL.DAT
2011-07-30 22:00 - 2011-07-30 22:00 - 0141451 _____ () C:\Users\Karen Van Pelt\AppData\Local\ars.cache
2011-07-30 22:01 - 2011-07-30 22:01 - 0868823 _____ () C:\Users\Karen Van Pelt\AppData\Local\census.cache
2011-07-30 21:50 - 2011-07-30 21:50 - 0000036 _____ () C:\Users\Karen Van Pelt\AppData\Local\housecall.guid.cache
2012-11-06 09:34 - 2012-11-06 09:34 - 0080411 _____ () C:\Users\Karen Van Pelt\AppData\Local\update_flash_player_11.4.2r402.crx
2012-11-06 09:34 - 2012-11-06 09:34 - 0097313 _____ () C:\Users\Karen Van Pelt\AppData\Local\update_flash_player_11.4.2r402.xpi
2013-02-23 22:01 - 2013-02-23 22:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-04-03 18:41 - 2011-11-04 20:45 - 0004473 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Billy\AppData\Local\Temp\COMAP.EXE
C:\Users\Billy\AppData\Local\Temp\tmp479B.exe
C:\Users\Billy\AppData\Local\Temp\tmpA0DF.exe
C:\Users\Billy\AppData\Local\Temp\tmpA6B8.exe
C:\Users\Billy\AppData\Local\Temp\tmpB3B8.exe
C:\Users\Billy\AppData\Local\Temp\tmpB6A7.exe
C:\Users\Billy\AppData\Local\Temp\tmpC9D.exe
C:\Users\Billy\AppData\Local\Temp\tmpD506.exe
C:\Users\Billy\AppData\Local\Temp\tmpE456.exe
C:\Users\Billy\AppData\Local\Temp\tmpF35.exe
C:\Users\Guest\AppData\Local\Temp\tmp9A8A.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\2volk.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\ceef92c7-3401-48bc-962a-817ae28bccf2.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\COMAP.EXE
C:\Users\Karen Van Pelt\AppData\Local\Temp\contentDATs.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\oi_{B8B41850-0F26-448A-9C11-93BFC3EBDE85}.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\ose00000.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\Quarantine.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\Resource.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\sp58915.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\sp64126.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\sqlite3.dll
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1037.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1764.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1CF5.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1F63.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp218E.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp2867.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp32EB.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp33F6.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3556.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3641.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3D88.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3F4B.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3F93.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp44A9.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp4711.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp4C77.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp4F9C.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp5DBD.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp5F25.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp6418.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp6999.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp6AB4.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp6EE6.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp700F.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp7358.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp73E9.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp7667.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp7816.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp7910.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp989C.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp9D0D.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp9EAC.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpA4E5.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpAC97.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpAE28.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpB231.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpC527.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpCEB3.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpD14B.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpD2B7.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpDCC0.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpE1C7.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpE2BA.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpEDA0.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpF6E4.exe
C:\Users\Karen Van Pelt\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mason\AppData\Local\Temp\contentDATs.exe
C:\Users\Mason\AppData\Local\Temp\tmp13F3.exe
C:\Users\Mason\AppData\Local\Temp\tmp1D57.exe
C:\Users\Mason\AppData\Local\Temp\tmp218A.exe
C:\Users\Mason\AppData\Local\Temp\tmp278B.exe
C:\Users\Mason\AppData\Local\Temp\tmp2BCB.exe
C:\Users\Mason\AppData\Local\Temp\tmp2FF9.exe
C:\Users\Mason\AppData\Local\Temp\tmp34F5.exe
C:\Users\Mason\AppData\Local\Temp\tmp448A.exe
C:\Users\Mason\AppData\Local\Temp\tmp57BA.exe
C:\Users\Mason\AppData\Local\Temp\tmp6370.exe
C:\Users\Mason\AppData\Local\Temp\tmp68D3.exe
C:\Users\Mason\AppData\Local\Temp\tmp6B6D.exe
C:\Users\Mason\AppData\Local\Temp\tmp7948.exe
C:\Users\Mason\AppData\Local\Temp\tmp7C16.exe
C:\Users\Mason\AppData\Local\Temp\tmp8931.exe
C:\Users\Mason\AppData\Local\Temp\tmp8CA0.exe
C:\Users\Mason\AppData\Local\Temp\tmp90D9.exe
C:\Users\Mason\AppData\Local\Temp\tmp9291.exe
C:\Users\Mason\AppData\Local\Temp\tmp943E.exe
C:\Users\Mason\AppData\Local\Temp\tmp9CC5.exe
C:\Users\Mason\AppData\Local\Temp\tmp9EEB.exe
C:\Users\Mason\AppData\Local\Temp\tmpA03C.exe
C:\Users\Mason\AppData\Local\Temp\tmpA753.exe
C:\Users\Mason\AppData\Local\Temp\tmpA75D.exe
C:\Users\Mason\AppData\Local\Temp\tmpAC55.exe
C:\Users\Mason\AppData\Local\Temp\tmpB4D7.exe
C:\Users\Mason\AppData\Local\Temp\tmpD46C.exe
C:\Users\Mason\AppData\Local\Temp\tmpD6B7.exe
C:\Users\Mason\AppData\Local\Temp\tmpD924.exe
C:\Users\Mason\AppData\Local\Temp\tmpDB6.exe
C:\Users\Mason\AppData\Local\Temp\tmpDBB6.exe
C:\Users\Mason\AppData\Local\Temp\tmpF701.exe
C:\Users\Mason\AppData\Local\Temp\tmpFCD8.exe
C:\Users\Mason\AppData\Local\Temp\tmpFDCA.exe
C:\Users\Mason\AppData\Local\Temp\tmpFE32.exe
C:\Users\Mom\AppData\Local\Temp\contentDATs.exe
C:\Users\Mom\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Mom\AppData\Local\Temp\tmp10AF.exe
C:\Users\Mom\AppData\Local\Temp\tmp12D4.exe
C:\Users\Mom\AppData\Local\Temp\tmp194F.exe
C:\Users\Mom\AppData\Local\Temp\tmp1ADA.exe
C:\Users\Mom\AppData\Local\Temp\tmp1CBD.exe
C:\Users\Mom\AppData\Local\Temp\tmp2361.exe
C:\Users\Mom\AppData\Local\Temp\tmp273D.exe
C:\Users\Mom\AppData\Local\Temp\tmp2899.exe
C:\Users\Mom\AppData\Local\Temp\tmp2CD.exe
C:\Users\Mom\AppData\Local\Temp\tmp2F25.exe
C:\Users\Mom\AppData\Local\Temp\tmp3015.exe
C:\Users\Mom\AppData\Local\Temp\tmp30FF.exe
C:\Users\Mom\AppData\Local\Temp\tmp32AC.exe
C:\Users\Mom\AppData\Local\Temp\tmp47AC.exe
C:\Users\Mom\AppData\Local\Temp\tmp4911.exe
C:\Users\Mom\AppData\Local\Temp\tmp4A6B.exe
C:\Users\Mom\AppData\Local\Temp\tmp4B7A.exe
C:\Users\Mom\AppData\Local\Temp\tmp58C1.exe
C:\Users\Mom\AppData\Local\Temp\tmp59EC.exe
C:\Users\Mom\AppData\Local\Temp\tmp5B62.exe
C:\Users\Mom\AppData\Local\Temp\tmp5DCB.exe
C:\Users\Mom\AppData\Local\Temp\tmp65B5.exe
C:\Users\Mom\AppData\Local\Temp\tmp663B.exe
C:\Users\Mom\AppData\Local\Temp\tmp67E1.exe
C:\Users\Mom\AppData\Local\Temp\tmp735.exe
C:\Users\Mom\AppData\Local\Temp\tmp73AD.exe
C:\Users\Mom\AppData\Local\Temp\tmp7682.exe
C:\Users\Mom\AppData\Local\Temp\tmp7F68.exe
C:\Users\Mom\AppData\Local\Temp\tmp8E33.exe
C:\Users\Mom\AppData\Local\Temp\tmp9537.exe
C:\Users\Mom\AppData\Local\Temp\tmp9CB2.exe
C:\Users\Mom\AppData\Local\Temp\tmpA5E6.exe
C:\Users\Mom\AppData\Local\Temp\tmpAB3E.exe
C:\Users\Mom\AppData\Local\Temp\tmpACF5.exe
C:\Users\Mom\AppData\Local\Temp\tmpB07B.exe
C:\Users\Mom\AppData\Local\Temp\tmpB0FB.exe
C:\Users\Mom\AppData\Local\Temp\tmpB7D2.exe
C:\Users\Mom\AppData\Local\Temp\tmpBBEF.exe
C:\Users\Mom\AppData\Local\Temp\tmpBEB2.exe
C:\Users\Mom\AppData\Local\Temp\tmpBECD.exe
C:\Users\Mom\AppData\Local\Temp\tmpC0D8.exe
C:\Users\Mom\AppData\Local\Temp\tmpCA9.exe
C:\Users\Mom\AppData\Local\Temp\tmpCF28.exe
C:\Users\Mom\AppData\Local\Temp\tmpD11.exe
C:\Users\Mom\AppData\Local\Temp\tmpD1D.exe
C:\Users\Mom\AppData\Local\Temp\tmpD427.exe
C:\Users\Mom\AppData\Local\Temp\tmpD446.exe
C:\Users\Mom\AppData\Local\Temp\tmpD71.exe
C:\Users\Mom\AppData\Local\Temp\tmpD8F0.exe
C:\Users\Mom\AppData\Local\Temp\tmpDE83.exe
C:\Users\Mom\AppData\Local\Temp\tmpE701.exe
C:\Users\Mom\AppData\Local\Temp\tmpEE93.exe
C:\Users\Mom\AppData\Local\Temp\tmpF3B3.exe
C:\Users\Mom\AppData\Local\Temp\tmpF4C2.exe
C:\Users\Mom\AppData\Local\Temp\tmpF764.exe
C:\Users\Reese\AppData\Local\Temp\contentDATs.exe
C:\Users\Reese\AppData\Local\Temp\tmp1253.exe
C:\Users\Reese\AppData\Local\Temp\tmp13BD.exe
C:\Users\Reese\AppData\Local\Temp\tmp2027.exe
C:\Users\Reese\AppData\Local\Temp\tmp2055.exe
C:\Users\Reese\AppData\Local\Temp\tmp3017.exe
C:\Users\Reese\AppData\Local\Temp\tmp3106.exe
C:\Users\Reese\AppData\Local\Temp\tmp3825.exe
C:\Users\Reese\AppData\Local\Temp\tmp3BA8.exe
C:\Users\Reese\AppData\Local\Temp\tmp4034.exe
C:\Users\Reese\AppData\Local\Temp\tmp49BB.exe
C:\Users\Reese\AppData\Local\Temp\tmp4B22.exe
C:\Users\Reese\AppData\Local\Temp\tmp5534.exe
C:\Users\Reese\AppData\Local\Temp\tmp56AD.exe
C:\Users\Reese\AppData\Local\Temp\tmp5919.exe
C:\Users\Reese\AppData\Local\Temp\tmp729.exe
C:\Users\Reese\AppData\Local\Temp\tmp7C67.exe
C:\Users\Reese\AppData\Local\Temp\tmp821.exe
C:\Users\Reese\AppData\Local\Temp\tmp83E9.exe
C:\Users\Reese\AppData\Local\Temp\tmp8494.exe
C:\Users\Reese\AppData\Local\Temp\tmp8BB2.exe
C:\Users\Reese\AppData\Local\Temp\tmp8F2.exe
C:\Users\Reese\AppData\Local\Temp\tmp9907.exe
C:\Users\Reese\AppData\Local\Temp\tmp9EEB.exe
C:\Users\Reese\AppData\Local\Temp\tmpA078.exe
C:\Users\Reese\AppData\Local\Temp\tmpA4A7.exe
C:\Users\Reese\AppData\Local\Temp\tmpA742.exe
C:\Users\Reese\AppData\Local\Temp\tmpAC9D.exe
C:\Users\Reese\AppData\Local\Temp\tmpB182.exe
C:\Users\Reese\AppData\Local\Temp\tmpBC44.exe
C:\Users\Reese\AppData\Local\Temp\tmpC229.exe
C:\Users\Reese\AppData\Local\Temp\tmpCA15.exe
C:\Users\Reese\AppData\Local\Temp\tmpD1C1.exe
C:\Users\Reese\AppData\Local\Temp\tmpDD79.exe
C:\Users\Reese\AppData\Local\Temp\tmpDECD.exe
C:\Users\Reese\AppData\Local\Temp\tmpE1B7.exe
C:\Users\Reese\AppData\Local\Temp\tmpEBD4.exe
C:\Users\Reese\AppData\Local\Temp\tmpF219.exe
C:\Users\Reese\AppData\Local\Temp\tmpFACB.exe
C:\Users\Reese\AppData\Local\Temp\tmpFEB7.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-24 07:31

==================== End Of Log ============================
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
KVP,
I am going to ask you to do some things you may not expect.
Please trust me on this.
If they are things you don't like, you can change them back when we are through cleaning.
-----------------------------------------------------------
Change Settings to View File Extensions and Hidden Files
Go to Start > Control Panel > Folder Options, and click on the View tab.
Under "Files and Folders",
  • Uncheck "Hide Extensions for known File Types"
  • Check "Show Hidden Files Folders and Drives"
Click Apply and OK.
---------------------------------------------------------
Set Firefox as Default and Always Ask Where to Save Downloads
Open Firefox, then hit the Alt key if necessary, so you can see the menu bar at the top.
In the top menu bar, click on Tools, and select Options.
In the new dialog window that pops up:
Click on the General icon in the top bar, and Click the button labeled Make Firefox My Default browser
Click the radiobutton labeled Always ask me where to save files
Click the checkbox labeled Always check to see if Firefox is the Default browser on startup.
Click OK.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Adobe Reader X
Java(TM) 6 Update 24
Java 7 Update 67
jZip
McAfee Security Scan Plus
PDF Complete Special Edition
SpywareBlaster 4.4
SpywareGuard v2.2
Unity Web Player
Wondershare DVD Slideshow Builder Deluxe

Take extra care in answering questions posed by any Uninstaller.
If Spyware Blaster asks if you want to remove all settings, answer yes.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Go to Start > Computer > C drive > Users > Karen Van Pelt > Downloads
Right click on FRST64.exe in your downloads folder and choose Cut
Go back to your desktop, click on an open space, then hit "Ctrl" and "V" simultaneously.
That should paste FRST64.exe onto your desktop.
If it fails to do so, download FRST64.exe again and choose Save to your desktop.

Let me know how it all goes and we will be ready for the FIX to start.
askey127
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
KVP,
-----------------------------------------------------------
Since it is a System protective program, TeaTimer might interfere with the orderly removal of certain system infections.
Temporarily Disable Spybot's TeaTimer Protection
Start Spybot Search & Destroy
In the top menu, click Mode
Check Advanced Mode if it is not already checked. OK the selection if necessary.
In the bottom of the left pane, click on Tools
From the new left pane list, click on Resident
Uncheck the box in the middle labeled "Resident "TeaTimer"(Protection of overall system settings) active.
From the top menu, click on File, Exit.
--------------------------------------------------------
Run A Fix With FRST
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
(Both on the Desktop is OK, or both in the same folder elsewhere)

Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

askey127
 

Attachments

KVP

Thread Starter
Joined
Apr 23, 2015
Messages
54
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2015
Ran by Karen Van Pelt at 2015-04-25 16:18:16 Run:1
Running from C:\Users\Karen Van Pelt\Desktop
Loaded Profiles: Karen Van Pelt (Available profiles: Karen Van Pelt & Billy & Mom & Mason & Reese & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1007\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1005\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM-x32 -> {1E3AD377-E562-4CDF-B484-B9FD6CF186A3} URL = http://www.safesear.ch/web/?type=20150127-120-sshome-ie-df&q={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {1E3AD377-E562-4CDF-B484-B9FD6CF186A3} URL = http://www.safesear.ch/web/?type=20150127-120-sshome-ie-df&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-03] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-03] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
ShellExecuteHooks-x32: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll [126976 2003-08-02] ()
FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-03] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-22] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Reese\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [Not Found]
FF Extension: No Name - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} [Not Found]
CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\KARENV~1\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
C:\Program Files (x86)\PDF Complete
EmptyTemp:
Cmd: ipconfig /flushdns



*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe not found.
C:\Program Files (x86)\SpywareGuard\sgmain.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1007\User => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1005\User => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1E3AD377-E562-4CDF-B484-B9FD6CF186A3}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1E3AD377-E562-4CDF-B484-B9FD6CF186A3} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
"HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E3AD377-E562-4CDF-B484-B9FD6CF186A3}" => Key deleted successfully.
HKCR\CLSID\{1E3AD377-E562-4CDF-B484-B9FD6CF186A3} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => Key deleted successfully.
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found.
HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found.
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{81559C35-8464-49F7-BB0E-07A383BEF910} => Value not found.
HKCR\Wow6432Node\CLSID\{81559C35-8464-49F7-BB0E-07A383BEF910} => Key not found.
Firefox Keyword.URL deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2 => Key not found.
C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2 => Key not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => Key not found.
C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@unity3d.com/UnityPlayer => Key not found.
C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll not found.
HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => Key not found.
C:\Users\Reese\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} not found.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff not found.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} not found.
"HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji" => Key deleted successfully.
"HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb" => Key deleted successfully.
McComponentHostService => Service not found.
"C:\Program Files\McAfee Security Scan" => File/Directory not found.
pdfcDispatcher => Service not found.
"C:\Program Files (x86)\PDF Complete" => File/Directory not found.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 37 GB temporary data.


The system needed a reboot.

==== End of Fixlog 16:27:58 ====
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
KVP,
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files
There are security vulnerabilities in earlier versions of both Reader and Acrobat Pro. All versions numbered lower than 11.0.10 are vulnerable.
Go HERE to download the Installer AdbeRdr11010_en_US.exe .
Save the file to your desktop and run it to install the latest version of Adobe Reader.
Always be careful to UNCHECK any offer for toolbars, helpers or other "partner" Free programs
After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
Click on Edit and select Preferences.

On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.

Click on the Security (Enhanced) category
Uncheck Automatically trust sites from my Win OS security zones, and under Protected View, click on Files from potentially unsafe locations.

Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button

When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
When it finishes, you can remove the Installer from your desktop.
------------------------------------------------------------
I see you downloaded Java JRE 8 update 31 at one time. Is it on there?

Java Issue
You may want to read here before you decide whether to keep Java on your system:
http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

If You Decide to Keep it,
Download and Install the latest versions of Java Runtime Environment
from here :
http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html, and install them to your computer.
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the links for your Platform, both jre-8u45-windows-i586.exe and jre-8u45-windows-x64.exe
Click them one at a time, download each and save them to your desktop.
Then doubleclick each on your desktop, and they will install the newest versions of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer(s) from your desktop.
(I don't have any Java on my system).

---------------------------------------------
I don't know yet whether any of these are unwanted:
Run A Scan With SystemLook
Please download SystemLook from the download mirror and save it to your Desktop.
Download Mirror #1 (64-bit)
  • Double-click SystemLook_x64.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :file
    C:\Users\Billy\AppData\Local\Temp\tmpA0DF.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\ceef92c7-3401-48bc-962a-817ae28bccf2.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1037.exe
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

Let me guess that it's running better.
askey127
 

KVP

Thread Starter
Joined
Apr 23, 2015
Messages
54
Whatever you did, it worked. I can now be the administrator on the google chrome web browser and change my default search engine. I did follow your instructions on your last post, but this is what I get when I try to run the adobe thing. I attached a picture of it.


To be honest, I don't know what the java thing is. What do I need it for?
 

Attachments

KVP

Thread Starter
Joined
Apr 23, 2015
Messages
54
SystemLook 04.09.10 by jpshortstuff
Log created at 10:00 on 26/04/2015 by Karen Van Pelt
Administrator - Elevation successful

========== file ==========

C:\Users\Billy\AppData\Local\Temp\tmpA0DF.exe - Unable to find/read file.

C:\Users\Karen Van Pelt\AppData\Local\Temp\ceef92c7-3401-48bc-962a-817ae28bccf2.exe - Unable to find/read file.

C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1037.exe - Unable to find/read file.

-= EOF =-
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
No prob with that system look log.

Java is used for a few websites, (not many nowadays).
It is also used for a few programs and games.
It is a programming language, but the authors (Oracle) have abused the privilege, and hackers have had a field day with it..

No Reason I know of why Adobe Reader won't install.
After a few more tries, if still unsuccessful, I would delete the installer and see if downloading a new one helps.
Be sure and allow enough time for it to install. It tends to take a while.

Also be sure to right click the installer and choose "run as administrator".
 

KVP

Thread Starter
Joined
Apr 23, 2015
Messages
54
So weird, I deleted it, restarted my computer and it still gives me that error code.. Is there a certain thing I should have on my computer for anti virus, malware and anything else to protect my computer? Should I uninstall adaware?
 

askey127

Malware Specialist
Joined
Dec 22, 2006
Messages
3,722
KVP,
I can't recommend Ad-Aware.
I CAN recommend Microsoft Security Essentials (free)
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.

OR, for a Paid Antivirus, ESET NOD32 (more features, very thorough)
-----------------------------------------------------------
http://www.eset.com/us/home/products/antivirus/

You would need to download the installer you choose and save it to your desktop.
Then Uninstall Ad-Aware, reboot, and run the downloaded installer.

askey127
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top