1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Safesearch removal help

Discussion in 'Virus & Other Malware Removal' started by KVP, Apr 23, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD Phenom(tm) II X4 830 Processor, AMD64 Family 16 Model 4 Stepping 3
    Processor Count: 4
    RAM: 7927 Mb
    Graphics Card: ATI Radeon HD 4200, 256 Mb
    Hard Drives: C: Total - 940150 MB, Free - 203822 MB; D: Total - 13420 MB, Free - 1617 MB;
    Motherboard: FOXCONN, 2A92
    Antivirus: Ad-Aware Antivirus, Updated and Enabled
     
  2. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    Hi KVP,
    Let's get started.
    -----------------------------------------------------------
    Download and Run the Farbar Scan Tool
    • Download FRST64 and save to your Desktop.
    • Double click Frst64.exe to launch it.
    • FRST64 will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning, 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post them in your next reply.
    If you lose track of them, they will be saved in the same location as FRST64.exe
    Feel free to use separate replies if it's more convenient.

    askey127
     
  3. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
    Ran by Karen Van Pelt (administrator) on KARENVANPELT-HP on 25-04-2015 09:45:58
    Running from C:\Users\Karen Van Pelt\Downloads
    Loaded Profiles: Karen Van Pelt & Mom & Reese (Available profiles: Karen Van Pelt & Billy & Mom & Mason & Reese & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    (Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\consent.exe
    (Microsoft Corporation) C:\Windows\System32\LogonUI.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    (Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
     
  4. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
    Ran by Karen Van Pelt at 2015-04-25 09:46:44
    Running from C:\Users\Karen Van Pelt\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2612173390-3033125086-1710602168-500 - Administrator - Disabled)
    Billy (S-1-5-21-2612173390-3033125086-1710602168-1003 - Limited - Enabled) => C:\Users\Billy
    Guest (S-1-5-21-2612173390-3033125086-1710602168-501 - Limited - Disabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-2612173390-3033125086-1710602168-1008 - Limited - Enabled)
    Karen Van Pelt (S-1-5-21-2612173390-3033125086-1710602168-1001 - Administrator - Enabled) => C:\Users\Karen Van Pelt
    Mason (S-1-5-21-2612173390-3033125086-1710602168-1005 - Limited - Enabled) => C:\Users\Mason
    Mom (S-1-5-21-2612173390-3033125086-1710602168-1004 - Limited - Enabled) => C:\Users\Mom
    Reese (S-1-5-21-2612173390-3033125086-1710602168-1007 - Limited - Enabled) => C:\Users\Reese

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
    4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
    4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
    AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
    Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.2 build 4667 (Jan-19-2015) - Carbonite)
    ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
    Feedback Tool (HKLM-x32\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
    Garmin Lifetime Updater (HKLM-x32\...\{028BB5A9-6385-4CF6-A6FF-D512D5015DBA}) (Version: 2.1.6 - Garmin)
    Google Chrome (HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
    Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
    HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
    HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
    Hulu Desktop (HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
    Hulu Desktop (HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
    Hulu Desktop (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
    iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    jZip (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\jZip) (Version: 2.0.0.134601 - Bandoo Media Inc) <==== ATTENTION
    Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
    Microsoft Office Project Standard 2007 (HKLM-x32\...\PRJSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
    Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
    PDF Creator (HKLM\...\PDF Creator) (Version: - )
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
    PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 - NewspaperDirect Inc.)
    QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
    RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.10 - AMD)
    RAIDXpert (x32 Version: 3.2.1540.10 - AMD) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    ROBLOX Player for Reese (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    ROBLOX Studio 2013 for Reese (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
    Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    SpywareBlaster 4.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC)
    SpywareGuard v2.2 (HKLM-x32\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
    Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
    Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.5b4_50 - Unity Technologies ApS)
    Unity Web Player (HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003A-0000-0000-0000000FF1CE}_PRJSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VideoCam Suite 3.0 (HKLM-x32\...\{1D5EB783-25F8-495B-8B01-DE6D1BFBB8B4}) (Version: 3.00.031.1033 - Panasonic Corporation)
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
    WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
    Wondershare DVD Slideshow Builder Deluxe(Build 6.2.0.0) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.2.0.0 - Wondershare Software Co.,Ltd.)
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.3184 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.0.3184 - Zinio LLC) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Reese\AppData\Local\Roblox\Versions\version-a59a59ef5163481d\RobloxProxy64.dll (ROBLOX Corporation)

    ==================== Restore Points =========================

    18-04-2015 03:00:13 Windows Update
    19-04-2015 03:00:29 Windows Update
    20-04-2015 03:00:26 Windows Update
    21-04-2015 03:00:35 Windows Update
    23-04-2015 03:00:28 Windows Update
    24-04-2015 03:00:23 Windows Update
    25-04-2015 03:00:26 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2011-08-07 22:58 - 00436368 ____R C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {177C6043-BEF8-4A67-8B15-FCDD146BE06B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {1AD221FE-8B76-45F3-B926-0C3E32ED6059} - System32\Tasks\{DB3BF726-9AE0-4920-BBC0-8446C976BD99} => pcalua.exe -a E:\MS_Visio_2007_Pro\setup.exe -d E:\MS_Visio_2007_Pro
    Task: {20E0682E-CAA9-4EFB-9130-9A6B4AF6C4B3} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
    Task: {28434E9B-7C55-4172-A41D-30BBE7C8610C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {2CFF571A-8B17-4BCB-8D55-FE7F25F5E0C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {30A5F48D-9B81-45B4-87BF-7AE284FEE785} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA1d040ce8898f366 => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {4180BC73-637C-424A-86A8-0AA54CC000F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {53DEFFFE-C27F-4EC9-9D53-2B3F5F767B71} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
    Task: {67609DFB-384F-4E16-B2D5-1F6703E3B578} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
    Task: {6C335ADD-9586-4ADE-BBF6-7E1A96BFB9A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
    Task: {6ECC85A7-F2CF-4259-8FE3-1F8B2F2299A0} - System32\Tasks\HPCeeScheduleForKARENVANPELT-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {6F1FD4DB-8295-4CFC-90F3-BB65ED198C4F} - System32\Tasks\{FB8FF16C-AA34-401F-A04D-FB2305846B34} => pcalua.exe -a "C:\Users\Karen Van Pelt\Desktop\OJ4500vG510n-z_Full_13_en.exe" -d "C:\Users\Karen Van Pelt\Desktop"
    Task: {724F8FA3-771D-4749-9EE1-AD05ED0CBA1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core1d040ce8762dfdc => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {7FCB8E7C-526E-4007-9C72-33795B8FF216} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {A1111F1C-6813-4958-B378-1EB4E5D1F443} - System32\Tasks\{F91CFE12-CD7A-4AE2-8957-DD4D349F2A5D} => pcalua.exe -a "C:\Users\Karen Van Pelt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NS8T5WIN\OJ4500vG510n-z_Full_13_en.exe" -d "C:\Users\Karen Van Pelt\Desktop"
    Task: {AB4C9A88-8B3C-432C-8814-BA076560256B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
    Task: {B8A95223-E874-445B-8918-D36314A4124F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {B990A5A8-D125-41A4-8239-7265690FA73E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2CFC3GG8 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
    Task: {C68104DA-E886-4160-8774-ED3B2A1AEA18} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {CA38EEC4-5FA8-43D3-8619-D683FE7D1C59} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {CC45B152-D1B6-47C7-812F-26AFF4CD4E18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {D681848B-F52E-4DC8-9CCE-0A3476C46755} - System32\Tasks\{A4C8546F-95A5-492B-AB07-4DCBAC56968B} => pcalua.exe -a "C:\Users\Karen Van Pelt\Downloads\vPsetup.exe" -d "C:\Users\Karen Van Pelt\Downloads"
    Task: {D963498A-4606-4123-8E8B-4855337302E2} - System32\Tasks\Component System\Component => C:\Users\Karen Van Pelt\AppData\Local\Component\com.exe [2015-01-17] ()
    Task: {DDD923B4-3561-4596-8357-5CD3D25D7901} - System32\Tasks\GoogleUpdateTaskMachineCore1d0412938254e0a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
    Task: {DFB44CEB-42D3-4816-8C40-A2B18211E944} - System32\Tasks\GoogleUpdateTaskMachineUA1d04129390e2ad2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
    Task: {E61EB031-9410-4301-95F2-D289F45D7820} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
    Task: {E735E043-9451-435A-A2AF-70D8C58C27F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-03] (Google Inc.)
    Task: {F9B2018B-AB7E-466C-850A-9D11B2ADACE3} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink)
    Task: {FBA164D9-9ABC-4DA9-A3FE-EB3F3CFD0B33} - System32\Tasks\{053F7FEF-A75E-4308-89D0-777A8EA8C96F} => pcalua.exe -a "C:\Users\Karen Van Pelt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBVLORWO\Adaware_Installer.exe" -d "C:\Users\Karen Van Pelt\Desktop"
    Task: {FCA197C1-475A-4D97-A4F2-D01C6C70D0BB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
    Task: {FE937886-972C-4251-A291-857C0267CB5B} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0412938254e0a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04129390e2ad2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core.job => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core1d040ce8762dfdc.job => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA.job => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA1d040ce8898f366.job => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForKARENVANPELT-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-06-24 17:09 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
    2009-12-15 20:40 - 2009-12-15 20:40 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    2014-12-18 16:09 - 2014-12-18 16:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    2014-12-18 16:22 - 2014-12-18 16:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
    2014-12-18 16:22 - 2014-12-18 16:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
    2014-12-18 16:22 - 2014-12-18 16:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
    2014-12-18 16:22 - 2014-12-18 16:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
    2014-12-18 16:22 - 2014-12-18 16:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
    2014-12-18 16:22 - 2014-12-18 16:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
    2014-12-18 16:22 - 2014-12-18 16:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
    2014-12-18 16:22 - 2014-12-18 16:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
    2013-12-30 21:59 - 2013-07-17 18:09 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
    2014-07-10 14:09 - 2015-04-20 10:00 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
    2014-07-10 14:09 - 2015-04-20 10:00 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
    2014-07-10 14:09 - 2015-04-20 10:00 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
    2014-07-10 14:09 - 2015-04-20 10:00 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
    2009-12-15 20:40 - 2009-12-15 20:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    2009-12-15 20:41 - 2009-12-15 20:41 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    2010-09-15 13:31 - 2010-09-15 13:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2014-12-18 16:21 - 2014-12-18 16:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    2014-12-18 16:22 - 2014-12-18 16:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
    2014-12-18 16:21 - 2014-12-18 16:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
    2009-06-08 19:45 - 2009-06-08 19:45 - 00098304 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2011-01-04 18:09 - 2011-01-04 18:09 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-01-04 18:20 - 2009-02-27 22:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    2003-08-29 19:05 - 2003-08-29 19:05 - 00360448 _____ () C:\Program Files (x86)\SpywareGuard\sgmain.exe
    2003-08-29 11:14 - 2003-08-29 11:14 - 00233472 _____ () C:\Program Files (x86)\SpywareGuard\sgbhp.exe
    2009-12-16 02:44 - 2009-12-16 02:44 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
    2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-03-13 15:53 - 2010-09-28 14:59 - 12286008 _____ () C:\Users\Reese\AppData\Roaming\PictureMover\Bin\Core.dll
    2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
    2011-03-13 15:53 - 2010-09-28 15:10 - 01699384 _____ () C:\Users\Reese\AppData\Roaming\PictureMover\EN-US\Presentation.dll
    2011-01-04 18:20 - 2009-02-19 20:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
    2011-03-13 09:13 - 2010-09-28 14:59 - 12286008 _____ () C:\Users\Mom\AppData\Roaming\PictureMover\Bin\Core.dll
    2011-03-13 09:13 - 2010-09-28 15:10 - 01699384 _____ () C:\Users\Mom\AppData\Roaming\PictureMover\EN-US\Presentation.dll
    2015-04-18 12:27 - 2015-04-13 16:55 - 01252680 _____ () C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
    2015-04-18 12:27 - 2015-04-13 16:55 - 00080712 _____ () C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\42.0.2311.90\libegl.dll
    2015-04-25 09:44 - 2015-04-25 09:44 - 00098816 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32api.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00110080 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\pywintypes27.dll
    2015-04-25 09:44 - 2015-04-25 09:44 - 00364544 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\pythoncom27.dll
    2015-04-25 09:44 - 2015-04-25 09:44 - 00045568 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_socket.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 01161216 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_ssl.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00320512 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32com.shell.shell.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00713216 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_hashlib.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 01175040 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._core_.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00805888 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._gdi_.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00811008 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._windows_.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 01062400 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._controls_.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00735232 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._misc_.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00682496 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\pysqlite2._sqlite.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00128512 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_elementtree.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00127488 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\pyexpat.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00087552 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_ctypes.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00119808 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32file.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00108544 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32security.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00007168 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\hashobjs_ext.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00167936 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32gui.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00018432 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32event.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00038912 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32inet.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00011264 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32crypt.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00070656 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._html2.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00027136 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_multiprocessing.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00020480 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\_yappi.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00035840 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32process.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00686080 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\unicodedata.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00122368 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._wizard.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00024064 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32pipe.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00010240 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\select.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00025600 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32pdh.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00525640 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\windows._lib_cacheinvalidation.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00017408 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32profile.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00022528 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\win32ts.pyd
    2015-04-25 09:44 - 2015-04-25 09:44 - 00078336 _____ () C:\Users\Karen Van Pelt\AppData\Local\Temp\_MEI95962\wx._animate.pyd

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:182786D9
    AlternateDataStreams: C:\ProgramData\Temp:E0F561FE
    AlternateDataStreams: C:\ProgramData\Temp:182786D9
    AlternateDataStreams: C:\ProgramData\Temp:E0F561FE

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 11404 more restricted sites.

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karen Van Pelt\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Reese\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============

    Name: Officejet Pro 8600
    Description: Officejet Pro 8600
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/25/2015 09:31:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 7503

    Error: (04/25/2015 09:31:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 7503

    Error: (04/25/2015 09:31:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/25/2015 09:31:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 5007

    Error: (04/25/2015 09:31:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 5007

    Error: (04/25/2015 09:31:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/25/2015 09:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2496

    Error: (04/25/2015 09:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2496

    Error: (04/25/2015 09:31:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/25/2015 03:07:48 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


    System errors:
    =============
    Error: (04/25/2015 03:33:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB3033929).

    Error: (04/25/2015 03:25:15 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:23:55 AM on &#8206;4/&#8206;25/&#8206;2015 was unexpected.

    Error: (04/25/2015 03:20:04 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:18:45 AM on &#8206;4/&#8206;25/&#8206;2015 was unexpected.

    Error: (04/24/2015 03:32:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80004005: Security Update for Windows 7 for x64-based Systems (KB3033929).

    Error: (04/24/2015 03:23:41 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 3:22:23 AM on &#8206;4/&#8206;24/&#8206;2015 was unexpected.

    Error: (04/23/2015 08:46:28 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

    Error: (04/23/2015 03:57:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
    %%1056

    Error: (04/23/2015 03:56:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (04/23/2015 08:00:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
    %%1069

    Error: (04/23/2015 08:00:16 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
    %%50

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


    Microsoft Office Sessions:
    =========================
    Error: (05/26/2012 09:55:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176840 seconds with 1140 seconds of active time. This session ended with a crash.

    Error: (10/03/2011 11:45:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 682728 seconds with 8460 seconds of active time. This session ended with a crash.

    Error: (08/25/2011 06:58:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 77914 seconds with 2400 seconds of active time. This session ended with a crash.

    Error: (04/13/2011 11:11:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61402 seconds with 0 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Processor: AMD Phenom(tm) II X4 830 Processor
    Percentage of memory in use: 36%
    Total physical RAM: 7927.89 MB
    Available physical RAM: 5014.68 MB
    Total Pagefile: 15853.98 MB
    Available Pagefile: 11599 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:918.12 GB) (Free:198.31 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:13.11 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.3 GB) (Disk ID: 9A6E06DB)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=918.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  5. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Oops it didn't all copy over:


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
    Ran by Karen Van Pelt (administrator) on KARENVANPELT-HP on 25-04-2015 09:45:58
    Running from C:\Users\Karen Van Pelt\Downloads
    Loaded Profiles: Karen Van Pelt & Mom & Reese (Available profiles: Karen Van Pelt & Billy & Mom & Mason & Reese & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    (Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\consent.exe
    (Microsoft Corporation) C:\Windows\System32\LogonUI.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    (Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\consent.exe
    (Microsoft Corporation) C:\Windows\System32\LogonUI.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
    (Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    (Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Garmin) C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    () C:\Program Files (x86)\SpywareGuard\sgmain.exe
    (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
    (Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    () C:\Program Files (x86)\SpywareGuard\sgbhp.exe
    (Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    (Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Garmin Lifetime Updater] => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1446248 2011-12-15] (Garmin)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
    HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1063632 2015-01-19] (Carbonite, Inc.)
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Run: [Google Update] => C:\Users\Karen Van Pelt\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\Policies\system: [LogonHoursAction] 2
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2011-03-25]
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-04-03]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-17]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-01-04]
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk [2011-08-24]
    ShortcutTarget: VideoCam Suite.lnk -> C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2011-03-25]
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-04-03]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-17]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-01-04]
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk [2011-08-24]
    ShortcutTarget: VideoCam Suite.lnk -> C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
    Startup: C:\Users\Karen Van Pelt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2013-02-23]
    ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Karen Van Pelt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk [2011-07-30]
    ShortcutTarget: SpywareGuard.lnk -> C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
    ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
    ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-01-19] (Carbonite, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1007\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1005\User: Group Policy restriction detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    SearchScopes: HKLM-x32 -> {1E3AD377-E562-4CDF-B484-B9FD6CF186A3} URL = http://www.safesear.ch/web/?type=20150127-120-sshome-ie-df&q={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {1E3AD377-E562-4CDF-B484-B9FD6CF186A3} URL = http://www.safesear.ch/web/?type=20150127-120-sshome-ie-df&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
    BHO-x32: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files (x86)\SpywareGuard\dlprotect.dll [2003-08-02] ()
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-03] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-03] (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
    Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File
    Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/The%20Mystery%20of%20the%20Crystal%20Portal/Images/stg_drm.ocx
    DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/The%20Mystery%20of%20the%20Crystal%20Portal/Images/armhelper.ocx
    ShellExecuteHooks-x32: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll [126976 2003-08-02] ()
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default
    FF NetworkProxy: "no_proxies_on", "*.local"
    FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-03] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-03] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
    FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-22] (Unity Technologies ApS)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1001: @hulu.com/Hulu Desktop -> C:\Users\Karen Van Pelt\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
    FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Karen Van Pelt\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1004: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
    FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
    FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @nsroblox.roblox.com/launcher -> C:\Users\Reese\AppData\Local\Roblox\Versions\version-a59a59ef5163481d\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @nsroblox.roblox.com/launcher64 -> C:\Users\Reese\AppData\Local\Roblox\Versions\version-a59a59ef5163481d\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Reese\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
    FF Extension: abcTajpu "a b c type-oo" - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8} [2010-03-20]
    FF Extension: Microsoft .NET Framework Assistant - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009-08-15]
    FF Extension: Phoenity Modern - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA} [2009-08-29]
    FF Extension: FoxClocks - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2010-03-20]
    FF Extension: Aeon Clouds - C:\Users\Karen Van Pelt\AppData\Roaming\Mozilla\Firefox\Profiles\rc9in13f.default\Extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} [2010-03-20]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-03]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
    FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-02-23]
    FF HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\...\Firefox\Extensions: [{1DFBC6DF-94BA-404B-A96D-E796E52F9552}] - C:\Users\Karen Van Pelt\AppData\Local\update_flash_player_11.4.2r402.xpi
    FF Extension: Adobe Flash Player - C:\Users\Karen Van Pelt\AppData\Local\update_flash_player_11.4.2r402.xpi [2012-11-06]
    FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8} [Not Found]
    FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [Not Found]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [Not Found]
    FF Extension: No Name - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]
    FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [Not Found]
    FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} [Not Found]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR Profile: C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Drive) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-02]
    CHR Extension: (Bookmark Manager) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
    CHR Extension: (Google Wallet) - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-23]
    CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\KARENV~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
    CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\KARENV~1\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]
    StartMenuInternet: Google Chrome.MPMXVFZI7HWP6PBPVR55NDOOJE - C:\Users\Karen Van Pelt\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-12-15] (AMD) [File not signed]
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2013-10-21] (BitDefender LLC)
    R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2013-10-21] (BitDefender LLC)
    R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [39208 2006-08-25] (B.H.A Corporation)
    R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
    S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-25 09:45 - 2015-04-25 09:46 - 00036947 _____ () C:\Users\Karen Van Pelt\Downloads\FRST.txt
    2015-04-25 09:45 - 2015-04-25 09:46 - 00000000 ____D () C:\FRST
    2015-04-25 09:45 - 2015-04-25 09:45 - 02099712 _____ (Farbar) C:\Users\Karen Van Pelt\Downloads\FRST64.exe
    2015-04-23 08:03 - 2015-04-23 08:03 - 00015645 _____ () C:\Users\Karen Van Pelt\Desktop\AdwCleaner[S0].txt
    2015-04-23 07:55 - 2015-04-23 07:59 - 00000000 ____D () C:\AdwCleaner
    2015-04-23 07:51 - 2015-04-23 07:52 - 02217984 _____ () C:\Users\Karen Van Pelt\Downloads\adwcleaner_4.201.exe
    2015-04-23 07:47 - 2015-04-23 07:47 - 00509440 _____ (Tech Support Guy System) C:\Users\Karen Van Pelt\Downloads\SysInfo.exe
    2015-04-22 16:39 - 2015-04-22 16:41 - 00007185 _____ () C:\Users\Karen Van Pelt\Downloads\software_removal_tool.log
    2015-04-22 16:24 - 2015-04-22 16:24 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Karen Van Pelt\Downloads\SpyHunter-Installer.exe
    2015-04-22 16:00 - 2015-04-22 16:01 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Reese 10th Birthday
    2015-04-20 21:18 - 2015-04-20 21:45 - 00000000 ____D () C:\Users\Karen Van Pelt\Desktop\Reese FB
    2015-04-15 03:17 - 2015-04-15 03:39 - 00000000 ____D () C:\7c2304d2322946d21af1658883
    2015-04-14 20:13 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-04-14 20:13 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-04-14 20:13 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-14 20:13 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-14 20:13 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-14 20:13 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-04-14 20:13 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-14 20:13 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-14 20:13 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-14 20:13 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-14 20:13 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-14 20:13 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-14 20:13 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-14 20:13 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-04-14 20:13 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-04-14 20:13 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-04-14 20:13 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-04-14 20:13 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-04-14 20:13 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-04-14 20:13 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-04-14 20:13 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-04-14 20:13 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-04-14 20:13 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-04-14 20:13 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-04-14 20:13 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-04-14 20:13 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-04-14 20:13 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-14 20:13 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-04-14 20:13 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-04-14 20:13 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-14 20:13 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-04-14 20:13 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-04-14 20:13 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-04-14 20:13 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-04-14 20:13 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-04-14 20:13 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-04-14 20:13 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-04-14 20:13 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-04-14 20:13 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-04-14 20:13 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-04-14 20:13 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-04-14 20:13 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-04-14 20:13 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-04-14 20:13 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-04-14 20:13 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-04-14 20:13 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-04-14 20:13 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-04-14 20:13 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-04-14 20:13 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-04-14 20:13 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-04-14 20:13 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-04-14 20:13 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-04-14 20:13 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-04-14 20:13 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-04-14 20:13 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-04-14 20:13 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-04-14 20:13 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-04-14 20:13 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-04-14 20:13 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-04-14 20:13 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-04-14 20:13 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-04-14 20:13 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-04-14 20:13 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-04-14 20:13 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-14 20:13 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-04-14 20:13 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-04-14 20:13 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-04-14 20:13 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-14 20:13 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-04-14 20:13 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-04-14 20:13 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-14 20:13 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-04-14 20:13 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-14 20:13 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-04-14 20:13 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-14 20:13 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-14 20:13 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-04-14 20:13 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-04-14 20:13 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-14 20:13 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-04-14 20:13 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-04-14 20:13 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-04-14 20:13 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-14 20:13 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-04-14 20:13 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-04-14 20:13 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-04-14 20:13 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-04-14 20:13 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-04-14 20:13 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-04-14 20:13 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-14 20:13 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-04-14 20:13 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-14 20:13 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-04-14 20:13 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-04-14 20:13 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-04-14 20:13 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-04-14 20:13 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-04-14 20:13 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-04-14 20:13 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-04-14 20:13 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-14 20:13 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-04-14 20:13 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-14 20:13 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-04-14 20:13 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-04-14 20:13 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-14 20:13 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-04-14 20:13 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-04-14 20:13 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-04-14 20:13 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-04-14 20:13 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-14 20:13 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-04-14 20:13 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-04-14 20:13 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-04-14 20:13 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-04-14 20:13 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-14 20:13 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-04-14 20:13 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-04-14 20:13 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-04-14 20:13 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-04-14 20:13 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-14 20:13 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-04-14 20:13 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-04-14 20:13 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-04-14 20:13 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-14 20:13 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-04-14 20:13 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-04-14 20:12 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-04-14 20:12 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-14 20:12 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-04-08 10:01 - 2015-04-08 10:01 - 05197824 _____ () C:\Users\Karen Van Pelt\Downloads\HPSupportSolutionsFramework-11.51.0049.msi
    2015-04-08 07:24 - 2015-04-08 07:24 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Easter 2015
    2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-05 03:01 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-04 15:18 - 2015-04-22 15:54 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Mason Spring Baseball 2015
    2015-04-04 15:17 - 2015-04-04 15:35 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Mason 13th Birthday Party Paintball
    2015-04-04 14:29 - 2015-04-04 14:36 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\DCIM

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-25 09:45 - 2013-05-03 17:37 - 00000000 ___RD () C:\Users\Karen Van Pelt\Google Drive
    2015-04-25 09:44 - 2015-02-05 04:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0412938254e0a.job
    2015-04-25 09:44 - 2013-12-30 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
    2015-04-25 09:44 - 2013-12-30 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
    2015-04-25 09:44 - 2013-05-03 17:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-25 09:07 - 2012-04-13 04:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-04-25 09:06 - 2015-02-04 18:01 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA1d040ce8898f366.job
    2015-04-25 09:00 - 2011-06-21 20:38 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001UA.job
    2015-04-25 08:55 - 2015-02-05 04:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04129390e2ad2.job
    2015-04-25 08:51 - 2013-05-03 17:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-25 08:37 - 2011-03-13 15:53 - 00155512 _____ () C:\Users\Reese\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-04-25 08:37 - 2011-01-04 18:09 - 01247738 _____ () C:\Windows\WindowsUpdate.log
    2015-04-25 08:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-04-25 03:34 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-04-25 03:34 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-04-25 03:32 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-25 03:26 - 2013-12-30 21:59 - 00002323 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2015-04-25 03:25 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-04-25 03:25 - 2009-07-13 23:51 - 00067790 _____ () C:\Windows\setupact.log
    2015-04-25 03:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-04-25 03:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-04-24 17:36 - 2015-02-04 18:01 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core1d040ce8762dfdc.job
    2015-04-24 14:00 - 2011-06-21 20:38 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612173390-3033125086-1710602168-1001Core.job
    2015-04-23 07:59 - 2011-03-12 20:08 - 00000000 ____D () C:\Users\Karen Van Pelt
    2015-04-23 07:20 - 2011-03-12 21:23 - 00003990 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6CB89EE2-9DA2-4E09-8B31-F5A669ADF57E}
    2015-04-23 07:17 - 2015-01-27 08:17 - 00000000 ____D () C:\Users\Karen Van Pelt\AppData\Local\Component
    2015-04-20 07:00 - 2011-01-04 18:20 - 00000000 ____D () C:\ProgramData\PDFC
    2015-04-20 07:00 - 2011-01-04 18:20 - 00000000 ____D () C:\ProgramData\PDFC
    2015-04-19 17:46 - 2011-03-12 23:02 - 00155512 _____ () C:\Users\Mason\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-04-19 03:25 - 2009-07-14 00:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-04-18 01:48 - 2011-03-13 09:13 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4A1CE575-FE32-47F6-B427-4DE75D3CF5F7}
    2015-04-16 18:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-15 03:54 - 2014-12-10 04:40 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-04-15 03:54 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-04-15 03:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-04-15 03:21 - 2011-03-13 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-04-15 03:21 - 2011-03-13 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-04-15 03:18 - 2014-02-26 04:05 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-04-15 03:07 - 2014-11-17 08:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-04-15 03:07 - 2014-11-17 08:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-15 03:07 - 2012-04-13 04:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-04-15 03:06 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-04-15 03:06 - 2011-03-12 21:58 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-04-12 17:15 - 2011-03-13 15:52 - 00000000 ____D () C:\Users\Reese\AppData\Local\PDFC
    2015-04-12 17:11 - 2012-11-18 08:12 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKARENVANPELT-HP$
    2015-04-12 17:11 - 2012-11-18 08:12 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForKARENVANPELT-HP$.job
    2015-04-10 10:16 - 2011-03-13 09:13 - 00155512 _____ () C:\Users\Mom\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-04-09 03:20 - 2009-07-13 23:45 - 00514088 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-04-08 10:15 - 2011-03-13 11:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-04-08 10:02 - 2011-03-12 21:13 - 00155512 _____ () C:\Users\Karen Van Pelt\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-04-08 10:02 - 2011-03-12 20:09 - 00000000 ____D () C:\Users\Karen Van Pelt\AppData\Local\Hewlett-Packard
    2015-04-08 10:02 - 2011-01-04 18:06 - 00000000 ____D () C:\Program Files\Hewlett-Packard
    2015-04-04 15:16 - 2015-02-02 07:54 - 00000000 ____D () C:\Users\Karen Van Pelt\Documents\Reese Winter Alodia 2015 Basketball

    ==================== Files in the root of some directories =======

    2012-03-23 05:05 - 2012-10-24 15:47 - 0038447 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\Comma Separated Values (Windows).ADR
    2012-11-06 09:34 - 2012-11-06 09:34 - 0331776 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\mbrsw.dll
    2013-07-27 05:56 - 2014-11-17 19:40 - 0000094 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\WB.CFG
    2013-12-31 02:09 - 2014-01-03 09:36 - 0000005 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\WBPU-Q5-TTL.DAT
    2013-06-24 18:09 - 2014-01-31 07:29 - 0000005 _____ () C:\Users\Karen Van Pelt\AppData\Roaming\WBPU-TTL.DAT
    2011-07-30 22:00 - 2011-07-30 22:00 - 0141451 _____ () C:\Users\Karen Van Pelt\AppData\Local\ars.cache
    2011-07-30 22:01 - 2011-07-30 22:01 - 0868823 _____ () C:\Users\Karen Van Pelt\AppData\Local\census.cache
    2011-07-30 21:50 - 2011-07-30 21:50 - 0000036 _____ () C:\Users\Karen Van Pelt\AppData\Local\housecall.guid.cache
    2012-11-06 09:34 - 2012-11-06 09:34 - 0080411 _____ () C:\Users\Karen Van Pelt\AppData\Local\update_flash_player_11.4.2r402.crx
    2012-11-06 09:34 - 2012-11-06 09:34 - 0097313 _____ () C:\Users\Karen Van Pelt\AppData\Local\update_flash_player_11.4.2r402.xpi
    2013-02-23 22:01 - 2013-02-23 22:01 - 0000057 _____ () C:\ProgramData\Ament.ini
    2011-04-03 18:41 - 2011-11-04 20:45 - 0004473 _____ () C:\ProgramData\hpzinstall.log

    Some content of TEMP:
    ====================
    C:\Users\Billy\AppData\Local\Temp\COMAP.EXE
    C:\Users\Billy\AppData\Local\Temp\tmp479B.exe
    C:\Users\Billy\AppData\Local\Temp\tmpA0DF.exe
    C:\Users\Billy\AppData\Local\Temp\tmpA6B8.exe
    C:\Users\Billy\AppData\Local\Temp\tmpB3B8.exe
    C:\Users\Billy\AppData\Local\Temp\tmpB6A7.exe
    C:\Users\Billy\AppData\Local\Temp\tmpC9D.exe
    C:\Users\Billy\AppData\Local\Temp\tmpD506.exe
    C:\Users\Billy\AppData\Local\Temp\tmpE456.exe
    C:\Users\Billy\AppData\Local\Temp\tmpF35.exe
    C:\Users\Guest\AppData\Local\Temp\tmp9A8A.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\2volk.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\ceef92c7-3401-48bc-962a-817ae28bccf2.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\COMAP.EXE
    C:\Users\Karen Van Pelt\AppData\Local\Temp\contentDATs.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\HPHelpUpdater.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\jre-8u31-windows-au.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\oi_{B8B41850-0F26-448A-9C11-93BFC3EBDE85}.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\ose00000.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\Quarantine.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\Resource.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\sp58915.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\sp64126.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\sqlite3.dll
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1037.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1764.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1CF5.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1F63.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp218E.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp2867.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp32EB.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp33F6.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3556.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3641.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3D88.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3F4B.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp3F93.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp44A9.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp4711.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp4C77.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp4F9C.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp5DBD.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp5F25.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp6418.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp6999.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp6AB4.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp6EE6.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp700F.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp7358.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp73E9.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp7667.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp7816.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp7910.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp989C.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp9D0D.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp9EAC.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpA4E5.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpAC97.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpAE28.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpB231.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpC527.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpCEB3.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpD14B.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpD2B7.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpDCC0.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpE1C7.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpE2BA.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpEDA0.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmpF6E4.exe
    C:\Users\Karen Van Pelt\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\Mason\AppData\Local\Temp\contentDATs.exe
    C:\Users\Mason\AppData\Local\Temp\tmp13F3.exe
    C:\Users\Mason\AppData\Local\Temp\tmp1D57.exe
    C:\Users\Mason\AppData\Local\Temp\tmp218A.exe
    C:\Users\Mason\AppData\Local\Temp\tmp278B.exe
    C:\Users\Mason\AppData\Local\Temp\tmp2BCB.exe
    C:\Users\Mason\AppData\Local\Temp\tmp2FF9.exe
    C:\Users\Mason\AppData\Local\Temp\tmp34F5.exe
    C:\Users\Mason\AppData\Local\Temp\tmp448A.exe
    C:\Users\Mason\AppData\Local\Temp\tmp57BA.exe
    C:\Users\Mason\AppData\Local\Temp\tmp6370.exe
    C:\Users\Mason\AppData\Local\Temp\tmp68D3.exe
    C:\Users\Mason\AppData\Local\Temp\tmp6B6D.exe
    C:\Users\Mason\AppData\Local\Temp\tmp7948.exe
    C:\Users\Mason\AppData\Local\Temp\tmp7C16.exe
    C:\Users\Mason\AppData\Local\Temp\tmp8931.exe
    C:\Users\Mason\AppData\Local\Temp\tmp8CA0.exe
    C:\Users\Mason\AppData\Local\Temp\tmp90D9.exe
    C:\Users\Mason\AppData\Local\Temp\tmp9291.exe
    C:\Users\Mason\AppData\Local\Temp\tmp943E.exe
    C:\Users\Mason\AppData\Local\Temp\tmp9CC5.exe
    C:\Users\Mason\AppData\Local\Temp\tmp9EEB.exe
    C:\Users\Mason\AppData\Local\Temp\tmpA03C.exe
    C:\Users\Mason\AppData\Local\Temp\tmpA753.exe
    C:\Users\Mason\AppData\Local\Temp\tmpA75D.exe
    C:\Users\Mason\AppData\Local\Temp\tmpAC55.exe
    C:\Users\Mason\AppData\Local\Temp\tmpB4D7.exe
    C:\Users\Mason\AppData\Local\Temp\tmpD46C.exe
    C:\Users\Mason\AppData\Local\Temp\tmpD6B7.exe
    C:\Users\Mason\AppData\Local\Temp\tmpD924.exe
    C:\Users\Mason\AppData\Local\Temp\tmpDB6.exe
    C:\Users\Mason\AppData\Local\Temp\tmpDBB6.exe
    C:\Users\Mason\AppData\Local\Temp\tmpF701.exe
    C:\Users\Mason\AppData\Local\Temp\tmpFCD8.exe
    C:\Users\Mason\AppData\Local\Temp\tmpFDCA.exe
    C:\Users\Mason\AppData\Local\Temp\tmpFE32.exe
    C:\Users\Mom\AppData\Local\Temp\contentDATs.exe
    C:\Users\Mom\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\Mom\AppData\Local\Temp\tmp10AF.exe
    C:\Users\Mom\AppData\Local\Temp\tmp12D4.exe
    C:\Users\Mom\AppData\Local\Temp\tmp194F.exe
    C:\Users\Mom\AppData\Local\Temp\tmp1ADA.exe
    C:\Users\Mom\AppData\Local\Temp\tmp1CBD.exe
    C:\Users\Mom\AppData\Local\Temp\tmp2361.exe
    C:\Users\Mom\AppData\Local\Temp\tmp273D.exe
    C:\Users\Mom\AppData\Local\Temp\tmp2899.exe
    C:\Users\Mom\AppData\Local\Temp\tmp2CD.exe
    C:\Users\Mom\AppData\Local\Temp\tmp2F25.exe
    C:\Users\Mom\AppData\Local\Temp\tmp3015.exe
    C:\Users\Mom\AppData\Local\Temp\tmp30FF.exe
    C:\Users\Mom\AppData\Local\Temp\tmp32AC.exe
    C:\Users\Mom\AppData\Local\Temp\tmp47AC.exe
    C:\Users\Mom\AppData\Local\Temp\tmp4911.exe
    C:\Users\Mom\AppData\Local\Temp\tmp4A6B.exe
    C:\Users\Mom\AppData\Local\Temp\tmp4B7A.exe
    C:\Users\Mom\AppData\Local\Temp\tmp58C1.exe
    C:\Users\Mom\AppData\Local\Temp\tmp59EC.exe
    C:\Users\Mom\AppData\Local\Temp\tmp5B62.exe
    C:\Users\Mom\AppData\Local\Temp\tmp5DCB.exe
    C:\Users\Mom\AppData\Local\Temp\tmp65B5.exe
    C:\Users\Mom\AppData\Local\Temp\tmp663B.exe
    C:\Users\Mom\AppData\Local\Temp\tmp67E1.exe
    C:\Users\Mom\AppData\Local\Temp\tmp735.exe
    C:\Users\Mom\AppData\Local\Temp\tmp73AD.exe
    C:\Users\Mom\AppData\Local\Temp\tmp7682.exe
    C:\Users\Mom\AppData\Local\Temp\tmp7F68.exe
    C:\Users\Mom\AppData\Local\Temp\tmp8E33.exe
    C:\Users\Mom\AppData\Local\Temp\tmp9537.exe
    C:\Users\Mom\AppData\Local\Temp\tmp9CB2.exe
    C:\Users\Mom\AppData\Local\Temp\tmpA5E6.exe
    C:\Users\Mom\AppData\Local\Temp\tmpAB3E.exe
    C:\Users\Mom\AppData\Local\Temp\tmpACF5.exe
    C:\Users\Mom\AppData\Local\Temp\tmpB07B.exe
    C:\Users\Mom\AppData\Local\Temp\tmpB0FB.exe
    C:\Users\Mom\AppData\Local\Temp\tmpB7D2.exe
    C:\Users\Mom\AppData\Local\Temp\tmpBBEF.exe
    C:\Users\Mom\AppData\Local\Temp\tmpBEB2.exe
    C:\Users\Mom\AppData\Local\Temp\tmpBECD.exe
    C:\Users\Mom\AppData\Local\Temp\tmpC0D8.exe
    C:\Users\Mom\AppData\Local\Temp\tmpCA9.exe
    C:\Users\Mom\AppData\Local\Temp\tmpCF28.exe
    C:\Users\Mom\AppData\Local\Temp\tmpD11.exe
    C:\Users\Mom\AppData\Local\Temp\tmpD1D.exe
    C:\Users\Mom\AppData\Local\Temp\tmpD427.exe
    C:\Users\Mom\AppData\Local\Temp\tmpD446.exe
    C:\Users\Mom\AppData\Local\Temp\tmpD71.exe
    C:\Users\Mom\AppData\Local\Temp\tmpD8F0.exe
    C:\Users\Mom\AppData\Local\Temp\tmpDE83.exe
    C:\Users\Mom\AppData\Local\Temp\tmpE701.exe
    C:\Users\Mom\AppData\Local\Temp\tmpEE93.exe
    C:\Users\Mom\AppData\Local\Temp\tmpF3B3.exe
    C:\Users\Mom\AppData\Local\Temp\tmpF4C2.exe
    C:\Users\Mom\AppData\Local\Temp\tmpF764.exe
    C:\Users\Reese\AppData\Local\Temp\contentDATs.exe
    C:\Users\Reese\AppData\Local\Temp\tmp1253.exe
    C:\Users\Reese\AppData\Local\Temp\tmp13BD.exe
    C:\Users\Reese\AppData\Local\Temp\tmp2027.exe
    C:\Users\Reese\AppData\Local\Temp\tmp2055.exe
    C:\Users\Reese\AppData\Local\Temp\tmp3017.exe
    C:\Users\Reese\AppData\Local\Temp\tmp3106.exe
    C:\Users\Reese\AppData\Local\Temp\tmp3825.exe
    C:\Users\Reese\AppData\Local\Temp\tmp3BA8.exe
    C:\Users\Reese\AppData\Local\Temp\tmp4034.exe
    C:\Users\Reese\AppData\Local\Temp\tmp49BB.exe
    C:\Users\Reese\AppData\Local\Temp\tmp4B22.exe
    C:\Users\Reese\AppData\Local\Temp\tmp5534.exe
    C:\Users\Reese\AppData\Local\Temp\tmp56AD.exe
    C:\Users\Reese\AppData\Local\Temp\tmp5919.exe
    C:\Users\Reese\AppData\Local\Temp\tmp729.exe
    C:\Users\Reese\AppData\Local\Temp\tmp7C67.exe
    C:\Users\Reese\AppData\Local\Temp\tmp821.exe
    C:\Users\Reese\AppData\Local\Temp\tmp83E9.exe
    C:\Users\Reese\AppData\Local\Temp\tmp8494.exe
    C:\Users\Reese\AppData\Local\Temp\tmp8BB2.exe
    C:\Users\Reese\AppData\Local\Temp\tmp8F2.exe
    C:\Users\Reese\AppData\Local\Temp\tmp9907.exe
    C:\Users\Reese\AppData\Local\Temp\tmp9EEB.exe
    C:\Users\Reese\AppData\Local\Temp\tmpA078.exe
    C:\Users\Reese\AppData\Local\Temp\tmpA4A7.exe
    C:\Users\Reese\AppData\Local\Temp\tmpA742.exe
    C:\Users\Reese\AppData\Local\Temp\tmpAC9D.exe
    C:\Users\Reese\AppData\Local\Temp\tmpB182.exe
    C:\Users\Reese\AppData\Local\Temp\tmpBC44.exe
    C:\Users\Reese\AppData\Local\Temp\tmpC229.exe
    C:\Users\Reese\AppData\Local\Temp\tmpCA15.exe
    C:\Users\Reese\AppData\Local\Temp\tmpD1C1.exe
    C:\Users\Reese\AppData\Local\Temp\tmpDD79.exe
    C:\Users\Reese\AppData\Local\Temp\tmpDECD.exe
    C:\Users\Reese\AppData\Local\Temp\tmpE1B7.exe
    C:\Users\Reese\AppData\Local\Temp\tmpEBD4.exe
    C:\Users\Reese\AppData\Local\Temp\tmpF219.exe
    C:\Users\Reese\AppData\Local\Temp\tmpFACB.exe
    C:\Users\Reese\AppData\Local\Temp\tmpFEB7.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-24 07:31

    ==================== End Of Log ============================
     
  6. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    KVP,
    I am going to ask you to do some things you may not expect.
    Please trust me on this.
    If they are things you don't like, you can change them back when we are through cleaning.
    -----------------------------------------------------------
    Change Settings to View File Extensions and Hidden Files
    Go to Start > Control Panel > Folder Options, and click on the View tab.
    Under "Files and Folders",
    • Uncheck "Hide Extensions for known File Types"
    • Check "Show Hidden Files Folders and Drives"
    Click Apply and OK.
    ---------------------------------------------------------
    Set Firefox as Default and Always Ask Where to Save Downloads
    Open Firefox, then hit the Alt key if necessary, so you can see the menu bar at the top.
    In the top menu bar, click on Tools, and select Options.
    In the new dialog window that pops up:
    Click on the General icon in the top bar, and Click the button labeled Make Firefox My Default browser
    Click the radiobutton labeled Always ask me where to save files
    Click the checkbox labeled Always check to see if Firefox is the Default browser on startup.
    Click OK.
    ------------------------------------------------
    Remove Programs Using Control Panel
    From Start, Control Panel, click on Programs and Features
    Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Adobe Reader X
    Java(TM) 6 Update 24
    Java 7 Update 67
    jZip
    McAfee Security Scan Plus
    PDF Complete Special Edition
    SpywareBlaster 4.4
    SpywareGuard v2.2
    Unity Web Player
    Wondershare DVD Slideshow Builder Deluxe

    Take extra care in answering questions posed by any Uninstaller.
    If Spyware Blaster asks if you want to remove all settings, answer yes.
    -----------------------------------------------------------
    REBOOT (RESTART) Your Machine
    -----------------------------------------------------------
    Go to Start > Computer > C drive > Users > Karen Van Pelt > Downloads
    Right click on FRST64.exe in your downloads folder and choose Cut
    Go back to your desktop, click on an open space, then hit "Ctrl" and "V" simultaneously.
    That should paste FRST64.exe onto your desktop.
    If it fails to do so, download FRST64.exe again and choose Save to your desktop.

    Let me know how it all goes and we will be ready for the FIX to start.
    askey127
     
  7. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Ok, I have done everything.
     
  8. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    KVP,
    -----------------------------------------------------------
    Since it is a System protective program, TeaTimer might interfere with the orderly removal of certain system infections.
    Temporarily Disable Spybot's TeaTimer Protection
    Start Spybot Search & Destroy
    In the top menu, click Mode
    Check Advanced Mode if it is not already checked. OK the selection if necessary.
    In the bottom of the left pane, click on Tools
    From the new left pane list, click on Resident
    Uncheck the box in the middle labeled "Resident "TeaTimer"(Protection of overall system settings) active.
    From the top menu, click on File, Exit.
    --------------------------------------------------------
    Run A Fix With FRST
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both the program FRST64.exe and Fixlist.txt be in the same location, or the fix will not work.
    (Both on the Desktop is OK, or both in the same folder elsewhere)

    Run FRST64 and press the FIX button just once, and wait. DO NOT PRESS THE SCAN BUTTON.
    If for some reason the tool needs a restart, please make sure you let the system restart normally.
    The tool may start automatically and complete its work after the system restart. Let the tool complete its run.
    When finished, FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents in your reply.

    askey127
     

    Attached Files:

  9. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2015
    Ran by Karen Van Pelt at 2015-04-25 16:18:16 Run:1
    Running from C:\Users\Karen Van Pelt\Desktop
    Loaded Profiles: Karen Van Pelt (Available profiles: Karen Van Pelt & Billy & Mom & Mason & Reese & Guest)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************

    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-17]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011-03-17]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
    ShortcutTarget: SpywareGuard.lnk -> C:\Program Files (x86)\SpywareGuard\sgmain.exe ()
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1007\User: Group Policy restriction detected <======= ATTENTION
    GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1005\User: Group Policy restriction detected <======= ATTENTION
    SearchScopes: HKLM-x32 -> {1E3AD377-E562-4CDF-B484-B9FD6CF186A3} URL = http://www.safesear.ch/web/?type=20150127-120-sshome-ie-df&q={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {1E3AD377-E562-4CDF-B484-B9FD6CF186A3} URL = http://www.safesear.ch/web/?type=20150127-120-sshome-ie-df&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-03] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-03] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2612173390-3033125086-1710602168-1007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    ShellExecuteHooks-x32: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll [126976 2003-08-02] ()
    FF Keyword.URL: hxxp://www.safesear.ch/web/?type=ss-ff-kw&q=
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-03] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-03] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
    FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2011-06-22] (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-2612173390-3033125086-1710602168-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Reese\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [Not Found]
    FF Extension: No Name - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [Not Found]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    FF Extension: No Name - C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} [Not Found]
    CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\KARENV~1\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx [Not Found]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
    C:\Program Files\McAfee Security Scan
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    C:\Program Files (x86)\PDF Complete
    EmptyTemp:
    Cmd: ipconfig /flushdns



    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe => value deleted successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
    C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe not found.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk not found.
    C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe not found.
    C:\Program Files (x86)\SpywareGuard\sgmain.exe not found.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1007\User => Moved successfully.
    C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2612173390-3033125086-1710602168-1005\User => Moved successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1E3AD377-E562-4CDF-B484-B9FD6CF186A3}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{1E3AD377-E562-4CDF-B484-B9FD6CF186A3} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
    HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
    "HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E3AD377-E562-4CDF-B484-B9FD6CF186A3}" => Key deleted successfully.
    HKCR\CLSID\{1E3AD377-E562-4CDF-B484-B9FD6CF186A3} => Key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => Key deleted successfully.
    HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found.
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
    HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => Key not found.
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found.
    HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
    HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
    HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{81559C35-8464-49F7-BB0E-07A383BEF910} => Value not found.
    HKCR\Wow6432Node\CLSID\{81559C35-8464-49F7-BB0E-07A383BEF910} => Key not found.
    Firefox Keyword.URL deleted successfully.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2 => Key not found.
    C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2 => Key not found.
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin => Key not found.
    C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@unity3d.com/UnityPlayer => Key not found.
    C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll not found.
    HKU\S-1-5-21-2612173390-3033125086-1710602168-1007\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => Key not found.
    C:\Users\Reese\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => Moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} not found.
    C:\Program Files\Java\jre6\lib\deploy\jqs\ff not found.
    C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
    C:\Documents and Settings\Karen\Application Data\Mozilla\Firefox\Profiles\rc9in13f.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01} not found.
    "HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji" => Key deleted successfully.
    "HKU\S-1-5-21-2612173390-3033125086-1710602168-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gdfjhiclilbjdpeejgcgebmmihkkofji" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ghnpfkmgeiojiaheaiefkilmjinpoccb" => Key deleted successfully.
    McComponentHostService => Service not found.
    "C:\Program Files\McAfee Security Scan" => File/Directory not found.
    pdfcDispatcher => Service not found.
    "C:\Program Files (x86)\PDF Complete" => File/Directory not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 37 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 16:27:58 ====
     
  10. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    KVP,
    --------------------------------------------------------
    Download and Install the newest version of Adobe Reader for reading pdf files
    There are security vulnerabilities in earlier versions of both Reader and Acrobat Pro. All versions numbered lower than 11.0.10 are vulnerable.
    Go HERE to download the Installer AdbeRdr11010_en_US.exe .
    Save the file to your desktop and run it to install the latest version of Adobe Reader.
    Always be careful to UNCHECK any offer for toolbars, helpers or other "partner" Free programs
    After the new Reader is installed, Open Adobe Reader XI, as it is called, and OK the license.
    Click on Edit and select Preferences.

    On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.

    Click on the Security (Enhanced) category
    Uncheck Automatically trust sites from my Win OS security zones, and under Protected View, click on Files from potentially unsafe locations.

    Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    Click the OK button

    When it asks if you are sure you want to make changes to Advanced Security Preferences, answer Yes.
    When it finishes, you can remove the Installer from your desktop.
    ------------------------------------------------------------
    I see you downloaded Java JRE 8 update 31 at one time. Is it on there?

    Java Issue
    You may want to read here before you decide whether to keep Java on your system:
    http://www.zdnet.com/a-close-look-a...eptive-software-with-java-updates-7000010038/

    If You Decide to Keep it,
    Download and Install the latest versions of Java Runtime Environment
    from here :
    http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html, and install them to your computer.
    If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
    Check the button to agree to the license.
    Select the links for your Platform, both jre-8u45-windows-i586.exe and jre-8u45-windows-x64.exe
    Click them one at a time, download each and save them to your desktop.
    Then doubleclick each on your desktop, and they will install the newest versions of Java for you to use.

    During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
    When it finishes, you can remove the Installer(s) from your desktop.
    (I don't have any Java on my system).

    ---------------------------------------------
    I don't know yet whether any of these are unwanted:
    Run A Scan With SystemLook
    Please download SystemLook from the download mirror and save it to your Desktop.
    Download Mirror #1 (64-bit)
    • Double-click SystemLook_x64.exe to run it. OK the User Account Control.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :file
      C:\Users\Billy\AppData\Local\Temp\tmpA0DF.exe
      C:\Users\Karen Van Pelt\AppData\Local\Temp\ceef92c7-3401-48bc-962a-817ae28bccf2.exe
      C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1037.exe
      
    • Click the Look button to start the scan.
      Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The results log can also be found on your Desktop, entitled SystemLook.txt

    Let me guess that it's running better.
    askey127
     
  11. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    Whatever you did, it worked. I can now be the administrator on the google chrome web browser and change my default search engine. I did follow your instructions on your last post, but this is what I get when I try to run the adobe thing. I attached a picture of it.


    To be honest, I don't know what the java thing is. What do I need it for?
     

    Attached Files:

  12. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    SystemLook 04.09.10 by jpshortstuff
    Log created at 10:00 on 26/04/2015 by Karen Van Pelt
    Administrator - Elevation successful

    ========== file ==========

    C:\Users\Billy\AppData\Local\Temp\tmpA0DF.exe - Unable to find/read file.

    C:\Users\Karen Van Pelt\AppData\Local\Temp\ceef92c7-3401-48bc-962a-817ae28bccf2.exe - Unable to find/read file.

    C:\Users\Karen Van Pelt\AppData\Local\Temp\tmp1037.exe - Unable to find/read file.

    -= EOF =-
     
  13. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    No prob with that system look log.

    Java is used for a few websites, (not many nowadays).
    It is also used for a few programs and games.
    It is a programming language, but the authors (Oracle) have abused the privilege, and hackers have had a field day with it..

    No Reason I know of why Adobe Reader won't install.
    After a few more tries, if still unsuccessful, I would delete the installer and see if downloading a new one helps.
    Be sure and allow enough time for it to install. It tends to take a while.

    Also be sure to right click the installer and choose "run as administrator".
     
  14. KVP

    KVP Thread Starter

    Joined:
    Apr 23, 2015
    Messages:
    54
    So weird, I deleted it, restarted my computer and it still gives me that error code.. Is there a certain thing I should have on my computer for anti virus, malware and anything else to protect my computer? Should I uninstall adaware?
     
  15. askey127

    askey127 Malware Specialist

    Joined:
    Dec 22, 2006
    Messages:
    3,721
    KVP,
    I can't recommend Ad-Aware.
    I CAN recommend Microsoft Security Essentials (free)
    -----------------------------------------------------------
    Download the Microsoft Security Essentials Installer
    The download is here: http://www.microsoft.com/security_essentials/
    Double Click the icon for the Microsoft Security Essentials installer.
    Let it install, update itself, run a scan and delete anything it finds.

    OR, for a Paid Antivirus, ESET NOD32 (more features, very thorough)
    -----------------------------------------------------------
    http://www.eset.com/us/home/products/antivirus/

    You would need to download the installer you choose and save it to your desktop.
    Then Uninstall Ad-Aware, reboot, and run the downloaded installer.

    askey127
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1147098

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice