Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TrackID.dll (?) and cannot remove -


  • This topic is locked This topic is locked
9 replies to this topic

#1 Dawn M

Dawn M

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 03 December 2014 - 09:44 PM

Hi!  Boopme has been helping me try to figure out what's wrong with my computer.  Here's the original problem:  

 

Today, I began noticing that whenever I search from my browser, it's adding a bunch of gunk at the end of the search.  For example - if I search for "what am I searching?" it turns into this:  https://www.google.de/search?q=what+am+I+searching?trackid=sp-006#q=what am i searching?trackid

 

My laptop is running windows 8.1 and the main browser I use is Chrome.  

 

And here's the link to the original thread:  http://www.bleepingcomputer.com/forums/t/558398/adding-trackid-to-the-end-of-my-search/

 

I was asked to go through the prep guide but was unable to get the DDS to run so instead I've run RSIT and these are the logs it produced:

 

LOG:

 

Logfile of random's system information tool 1.10 (written by random/random)

Run by Dawn at 2014-12-03 21:38:26
Microsoft Windows 8.1 
System drive C: has 294 GB (43%) free of 689 GB
Total RAM: 8084 MB (71% free)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:38:35 PM, on 2014-12-03
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Dawn\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Users\Dawn\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\trend micro\Dawn.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPCON13/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [Codec Settings UAC Manager] "C:\WINDOWS\system32\C2MP\CodecUACManager.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "c:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [Screencast-O-Matic Tray] C:\Users\Dawn\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [FreeScreenSharing] C:\Users\Dawn\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
O4 - Startup: Dropbox.lnk = Dawn\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: eFax 4.4.lnk = C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Send to Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem20.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Bluetooth Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 21081 bytes
 
======Listing Processes======
 
 
 
 
 
wininit.exe
 
winlogon.exe
 
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
"C:\Program Files\Classic Shell\ClassicShellService.exe"
C:\WINDOWS\system32\Hpservice.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe 468789558672
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Classic Shell\ClassicStartMenu.exe" -startup
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
"C:\Program Files\Bonjour\mDNSResponder.exe"
taskhostex.exe 
C:\WINDOWS\Explorer.EXE
"C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
dashost.exe {d7c7f096-1f4a-4708-b69d989603d8f9d4}
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" 
ngservice.exe pipeserver
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" 
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
igfxEM.exe 
igfxHK.exe 
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
igfxTray.exe 
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" 
"C:\Program Files\IDT\WDM\sttray64.exe" 
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" 
"C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Users\Dawn\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe" 
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" 
"C:\Windows\SysWOW64\C2MP\UpdateChecker.exe" 
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" -byrunkey
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" 
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" 
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe" 
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\iTunes\iTunesHelper.exe" 
"C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" 
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe" "-launchedbyvulcan"
"C:\Users\Dawn\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe" 
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe" 
"C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe" 
"C:\Program Files (x86)\Evernote\Evernote\Evernote.exe" /Hide 
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe"
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe" --type=renderer --no-sandbox --lang=en-US --lang=en-US --locales-dir-path="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\locales" --log-severity=disable --channel="5868.0.1460719549\2001238068" /prefetch:3
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\System32\RuntimeBroker.exe -Embedding
 
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe79_ Global\UsGthrCtrlFltPipeMssGthrPipe79 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 580 584 592 65536 588 
"C:\Users\Dawn\Desktop\RSITx64.exe" 
 
======Scheduled tasks folder======
 
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe  
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001Core.job - C:\Users\Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe  /c /nocrashserver 
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001UA.job - C:\Users\Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe  /ua /installsource scheduler 
C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-479020640-2380612206-2516104647-1001.job - C:\Users\Dawn\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe  
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001Core.job - C:\Users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe  /c 
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001UA.job - C:\Users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 
C:\WINDOWS\tasks\HPCeeScheduleForDawn.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe  HPCeeScheduleForDawn (null) 
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe  
 
=========Mozilla firefox=========
 
ProfilePath - C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092
 
prefs.js - "browser.search.suggest.enabled" -  false
prefs.js - "browser.startup.homepage" -  "https://ca.yahoo.com/?fr=hp-avast&type=avastbcl"
prefs.js - "keyword.URL" -  "https://ca.search.yahoo.com/yhs/search"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.239 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.71.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.239 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
 
 
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\extensions\
support@lastpass.com
{E0B8C461-F8FB-49b4-8373-FE32E9252800}
 
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\searchplugins\
bing-avast.xml
yahoo-avast.xml
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-10-14 218776]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2013-11-28 209504]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-26 705448]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-10-14 2334928]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28 176736]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-20 462760]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-26 586968]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-11-19 628288]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-20 171944]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2013-11-28 6126680]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-09-22 349640]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28 4438104]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-08-20 1664000]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 3933496]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2013-03-06 7763256]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-30 3053808]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-11-11 21720]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress8"=C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [2013-01-27 1711680]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2013-11-20 59720]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-11-20 59720]
"Facebook Update"=C:\Users\Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-26 138096]
"Google Update"=C:\Users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-14 116648]
"eFax 4.4"=C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [2012-08-29 95744]
"Screencast-O-Matic Tray"=C:\Users\Dawn\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe [2012-11-01 58480]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01 22065760]
"FreeScreenSharing"=C:\Users\Dawn\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe [2014-06-05 4046328]
 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-09-07 581024]
"HP CoolSense"=C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05 1343904]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-28 91432]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2011-01-30 38840]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-09-22 640440]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-03 43816]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-11-26 5226600]
"CanonQuickMenu"=C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [2013-05-02 1282120]
"IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2013-02-19 453736]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-07-08 152392]
"Carbonite Backup"=C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [2014-06-27 1056976]
"Adobe Creative Cloud"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22 2694040]
"Codec Settings UAC Manager"=C:\WINDOWS\system32\C2MP\CodecUACManager.exe []
"FileZilla Server Interface"=C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2014-09-19 2448896]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744]
"QuickTime Task"=c:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CodecPackUpdateChecker.lnk - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
Install LastPass FF RunOnce.lnk - C:\Program Files (x86)\Common Files\lpuninstall.exe
 
C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Dawn\AppData\Roaming\Dropbox\bin\Dropbox.exe
eFax 4.4.lnk - C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
EvernoteTray.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" acaptuser64.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.ffds"=ff_vfw.dll
 
======File associations======
 
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
 
======List of files/folders created in the last 1 month======
 
2014-12-03 21:38:27 ----D---- C:\Program Files\trend micro
2014-12-03 21:38:26 ----D---- C:\rsit
2014-12-02 19:15:43 ----D---- C:\Program Files (x86)\ESET
2014-12-02 19:03:30 ----D---- C:\WINDOWS\ERUNT
2014-12-02 15:50:19 ----D---- C:\AdwCleaner
2014-12-02 15:45:55 ----A---- C:\TDSSKiller.3.0.0.41_02.12.2014_15.45.55_log.txt
2014-11-27 08:30:23 ----D---- C:\WINDOWS\SYSWOW64\vbox
2014-11-27 08:30:23 ----D---- C:\WINDOWS\system32\vbox
2014-11-26 10:48:14 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-11-26 10:48:09 ----A---- C:\WINDOWS\avastSS.scr
2014-11-24 12:45:50 ----D---- C:\Program Files (x86)\Evernote
2014-11-19 08:30:40 ----A---- C:\WINDOWS\system32\kerberos.dll
2014-11-19 08:30:39 ----A---- C:\WINDOWS\SYSWOW64\pku2u.dll
2014-11-19 08:30:39 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2014-11-19 08:30:38 ----A---- C:\WINDOWS\system32\pku2u.dll
2014-11-12 08:29:12 ----A---- C:\WINDOWS\SYSWOW64\schannel.dll
2014-11-12 08:29:12 ----A---- C:\WINDOWS\system32\schannel.dll
2014-11-12 08:29:11 ----A---- C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 08:29:11 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 08:29:10 ----A---- C:\WINDOWS\SYSWOW64\ncryptsslp.dll
2014-11-12 08:28:43 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 08:28:43 ----A---- C:\WINDOWS\system32\lsasrv.dll
2014-11-12 08:28:42 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2014-11-12 08:28:42 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2014-11-12 08:28:42 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2014-11-12 08:28:42 ----A---- C:\WINDOWS\system32\certcli.dll
2014-11-12 08:28:42 ----A---- C:\WINDOWS\system32\adtschema.dll
2014-11-12 08:28:41 ----A---- C:\WINDOWS\SYSWOW64\adtschema.dll
2014-11-12 08:28:41 ----A---- C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 08:28:41 ----A---- C:\WINDOWS\system32\drivers\rdpvideominiport.sys
2014-11-12 08:28:40 ----A---- C:\WINDOWS\SYSWOW64\msaudite.dll
2014-11-12 08:28:40 ----A---- C:\WINDOWS\system32\msaudite.dll
2014-11-12 08:28:39 ----A---- C:\WINDOWS\system32\rdpudd.dll
2014-11-12 08:27:24 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2014-11-12 08:27:24 ----A---- C:\WINDOWS\system32\oleaut32.dll
2014-11-12 08:27:22 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2014-11-12 08:27:21 ----A---- C:\WINDOWS\system32\msi.dll
2014-11-12 08:27:21 ----A---- C:\WINDOWS\system32\authui.dll
2014-11-12 08:27:20 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2014-11-12 08:27:20 ----A---- C:\WINDOWS\system32\msihnd.dll
2014-11-12 08:27:19 ----A---- C:\WINDOWS\SYSWOW64\msihnd.dll
2014-11-12 08:27:19 ----A---- C:\WINDOWS\system32\consent.exe
2014-11-12 08:27:19 ----A---- C:\WINDOWS\system32\appinfo.dll
2014-11-12 08:27:11 ----A---- C:\WINDOWS\system32\wuaueng.dll
2014-11-12 08:27:10 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2014-11-12 08:27:10 ----A---- C:\WINDOWS\system32\wuapi.dll
2014-11-12 08:27:09 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 08:27:09 ----A---- C:\WINDOWS\system32\wucltux.dll
2014-11-12 08:27:08 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2014-11-12 08:27:08 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2014-11-12 08:27:08 ----A---- C:\WINDOWS\system32\wuwebv.dll
2014-11-12 08:27:08 ----A---- C:\WINDOWS\system32\wudriver.dll
2014-11-12 08:27:07 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2014-11-12 08:27:07 ----A---- C:\WINDOWS\system32\wups2.dll
2014-11-12 08:27:07 ----A---- C:\WINDOWS\system32\wups.dll
2014-11-12 08:27:07 ----A---- C:\WINDOWS\system32\wuauclt.exe
2014-11-12 08:27:06 ----A---- C:\WINDOWS\SYSWOW64\wups.dll
2014-11-12 08:27:06 ----A---- C:\WINDOWS\system32\wuapp.exe
2014-11-12 08:27:06 ----A---- C:\WINDOWS\system32\wuaext.dll
2014-11-12 08:25:15 ----A---- C:\WINDOWS\system32\user32.dll
2014-11-12 08:25:11 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2014-11-12 08:25:11 ----A---- C:\WINDOWS\system32\drivers\WdFilter.sys
2014-11-12 08:25:10 ----A---- C:\WINDOWS\system32\drivers\WdNisDrv.sys
2014-11-12 08:25:08 ----A---- C:\WINDOWS\system32\drivers\WdBoot.sys
2014-11-12 08:25:04 ----A---- C:\WINDOWS\SYSWOW64\winshfhc.dll
2014-11-12 08:25:03 ----A---- C:\WINDOWS\system32\winshfhc.dll
2014-11-12 08:22:45 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-11-12 08:22:28 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2014-11-12 08:21:53 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-11-12 08:21:47 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2014-11-12 08:21:41 ----A---- C:\WINDOWS\system32\jscript9.dll
2014-11-12 08:21:37 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2014-11-12 08:21:35 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2014-11-12 08:21:35 ----A---- C:\WINDOWS\system32\wininet.dll
2014-11-12 08:21:34 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-11-12 08:21:33 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2014-11-12 08:21:32 ----A---- C:\WINDOWS\system32\inetcomm.dll
2014-11-12 08:21:32 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-11-12 08:21:31 ----A---- C:\WINDOWS\system32\actxprxy.dll
2014-11-12 08:21:30 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2014-11-12 08:21:29 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2014-11-12 08:21:28 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2014-11-12 08:21:27 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 08:21:27 ----A---- C:\WINDOWS\system32\jscript.dll
2014-11-12 08:21:27 ----A---- C:\WINDOWS\system32\ieui.dll
2014-11-12 08:21:26 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2014-11-12 08:21:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-11-12 08:21:24 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2014-11-12 08:21:24 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2014-11-12 08:21:24 ----A---- C:\WINDOWS\SYSWOW64\ieui.dll
2014-11-12 08:21:24 ----A---- C:\WINDOWS\system32\vbscript.dll
2014-11-12 08:21:22 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2014-11-12 08:21:22 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 08:21:21 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2014-11-12 08:21:21 ----A---- C:\WINDOWS\system32\dxtrans.dll
2014-11-12 08:21:20 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2014-11-12 08:21:19 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 08:21:18 ----A---- C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 08:21:17 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2014-11-12 08:21:17 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2014-11-12 08:21:17 ----A---- C:\WINDOWS\system32\webcheck.dll
2014-11-12 08:21:16 ----A---- C:\WINDOWS\SYSWOW64\hlink.dll
2014-11-12 08:21:16 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 08:21:16 ----A---- C:\WINDOWS\system32\hlink.dll
2014-11-12 08:21:15 ----A---- C:\WINDOWS\SYSWOW64\msrating.dll
2014-11-12 08:21:15 ----A---- C:\WINDOWS\SYSWOW64\ieUnatt.exe
2014-11-12 08:21:15 ----A---- C:\WINDOWS\SYSWOW64\iesysprep.dll
2014-11-12 08:21:15 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2014-11-12 08:21:15 ----A---- C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 08:21:15 ----A---- C:\WINDOWS\system32\iesysprep.dll
2014-11-12 08:21:15 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-11-12 08:21:15 ----A---- C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 08:21:15 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 08:21:14 ----A---- C:\WINDOWS\SYSWOW64\inseng.dll
2014-11-12 08:21:14 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2014-11-12 08:21:14 ----A---- C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:21:14 ----A---- C:\WINDOWS\system32\inseng.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\SYSWOW64\occache.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\SYSWOW64\msfeedsbs.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\SYSWOW64\jsproxy.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\SYSWOW64\iexpress.exe
2014-11-12 08:21:13 ----A---- C:\WINDOWS\SYSWOW64\IEAdvpack.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\system32\occache.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\system32\msrating.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 08:21:13 ----A---- C:\WINDOWS\system32\jsproxy.dll
2014-11-12 08:21:12 ----A---- C:\WINDOWS\SYSWOW64\imgutil.dll
2014-11-12 08:21:11 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2014-11-12 08:21:10 ----A---- C:\WINDOWS\SYSWOW64\ieetwproxystub.dll
2014-11-12 08:21:10 ----A---- C:\WINDOWS\system32\licmgr10.dll
2014-11-12 08:21:10 ----A---- C:\WINDOWS\system32\imgutil.dll
2014-11-12 08:21:09 ----A---- C:\WINDOWS\SYSWOW64\wextract.exe
2014-11-12 08:21:09 ----A---- C:\WINDOWS\SYSWOW64\url.dll
2014-11-12 08:21:09 ----A---- C:\WINDOWS\SYSWOW64\pngfilt.dll
2014-11-12 08:21:09 ----A---- C:\WINDOWS\SYSWOW64\licmgr10.dll
2014-11-12 08:21:09 ----A---- C:\WINDOWS\SYSWOW64\iesetup.dll
2014-11-12 08:21:09 ----A---- C:\WINDOWS\SYSWOW64\iernonce.dll
2014-11-12 08:21:09 ----A---- C:\WINDOWS\system32\url.dll
2014-11-12 08:21:09 ----A---- C:\WINDOWS\system32\pngfilt.dll
2014-11-12 08:21:09 ----A---- C:\WINDOWS\system32\iernonce.dll
2014-11-12 08:21:08 ----A---- C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 08:21:07 ----A---- C:\WINDOWS\system32\wextract.exe
2014-11-12 08:21:07 ----A---- C:\WINDOWS\system32\iexpress.exe
2014-11-12 08:21:07 ----A---- C:\WINDOWS\system32\iesetup.dll
2014-11-12 08:21:06 ----A---- C:\WINDOWS\SYSWOW64\mshta.exe
2014-11-12 08:21:06 ----A---- C:\WINDOWS\SYSWOW64\msfeedssync.exe
2014-11-12 08:21:05 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 08:21:02 ----A---- C:\WINDOWS\system32\mshta.exe
2014-11-12 08:20:39 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2014-11-12 08:20:38 ----A---- C:\WINDOWS\system32\msxml3.dll
2014-11-12 08:20:36 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2014-11-12 08:20:36 ----A---- C:\WINDOWS\system32\audiosrv.dll
2014-11-12 08:20:36 ----A---- C:\WINDOWS\system32\AudioSes.dll
2014-11-12 08:20:36 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 08:20:35 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2014-11-12 08:20:34 ----A---- C:\WINDOWS\system32\audiodg.exe
2014-11-12 08:20:32 ----A---- C:\WINDOWS\system32\AudioEng.dll
2014-11-12 08:20:30 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 08:20:29 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2014-11-12 08:20:29 ----A---- C:\WINDOWS\system32\win32k.sys
2014-11-12 08:20:29 ----A---- C:\WINDOWS\system32\EncDump.dll
2014-11-12 08:20:28 ----A---- C:\WINDOWS\SYSWOW64\packager.dll
2014-11-12 08:20:28 ----A---- C:\WINDOWS\system32\packager.dll
2014-11-12 08:20:06 ----A---- C:\WINDOWS\system32\shell32.dll
2014-11-12 08:20:03 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2014-11-12 08:20:03 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 08:20:02 ----A---- C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 08:20:01 ----A---- C:\WINDOWS\system32\twinui.dll
2014-11-12 08:20:00 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2014-11-12 08:19:59 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 08:19:59 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 08:19:59 ----A---- C:\WINDOWS\system32\localspl.dll
2014-11-12 08:19:58 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2014-11-12 08:19:58 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2014-11-12 08:19:58 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2014-11-12 08:19:57 ----A---- C:\WINDOWS\system32\win32spl.dll
2014-11-12 08:19:56 ----A---- C:\WINDOWS\SYSWOW64\WsmSvc.dll
2014-11-12 08:19:56 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 08:19:56 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2014-11-12 08:19:55 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2014-11-12 08:19:55 ----A---- C:\WINDOWS\system32\puiobj.dll
2014-11-12 08:19:54 ----AC---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2014-11-12 08:19:52 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2014-11-12 08:19:50 ----A---- C:\WINDOWS\system32\untfs.dll
2014-11-12 08:19:49 ----A---- C:\WINDOWS\SYSWOW64\untfs.dll
2014-11-12 08:19:47 ----A---- C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-12 08:19:45 ----A---- C:\WINDOWS\SYSWOW64\FXSAPI.dll
2014-11-12 08:19:45 ----A---- C:\WINDOWS\system32\FXSAPI.dll
2014-11-05 23:33:12 ----D---- C:\ProgramData\SmartSound Software Inc
2014-11-05 23:33:10 ----D---- C:\ProgramData\eSellerate
2014-11-05 23:33:10 ----D---- C:\Program Files (x86)\SmartSound Software
2014-11-05 23:31:58 ----D---- C:\Program Files (x86)\QuickTime
2014-11-05 23:23:34 ----D---- C:\Program Files\CyberLink
2014-11-04 10:38:21 ----D---- C:\Users\Dawn\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
 
======List of files/folders modified in the last 1 month======
 
2014-12-03 21:38:27 ----D---- C:\Program Files
2014-12-03 21:38:16 ----D---- C:\WINDOWS\Prefetch
2014-12-03 21:05:20 ----D---- C:\Users\Dawn\AppData\Roaming\Skype
2014-12-03 21:00:00 ----D---- C:\WINDOWS\system32\sru
2014-12-03 19:07:23 ----SHD---- C:\System Volume Information
2014-12-03 18:19:01 ----D---- C:\WINDOWS\Temp
2014-12-03 13:59:06 ----D---- C:\WINDOWS\Microsoft.NET
2014-12-03 09:03:37 ----SHD---- C:\WINDOWS\Installer
2014-12-03 09:03:15 ----D---- C:\Users\Dawn\AppData\Roaming\Dropbox
2014-12-03 09:01:14 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2014-12-03 06:35:35 ----D---- C:\WINDOWS\system32\config
2014-12-02 19:15:43 ----RD---- C:\Program Files (x86)
2014-12-02 19:03:30 ----D---- C:\Windows
2014-12-02 15:55:44 ----D---- C:\WINDOWS\system32\Tasks
2014-12-02 15:55:43 ----D---- C:\WINDOWS\Tasks
2014-12-02 15:55:39 ----D---- C:\WINDOWS\SysWOW64
2014-12-02 15:46:00 ----D---- C:\WINDOWS\system32\drivers
2014-12-02 07:57:55 ----D---- C:\WINDOWS\AppReadiness
2014-12-02 07:57:53 ----HD---- C:\Program Files\WindowsApps
2014-11-30 16:12:36 ----RD---- C:\WINDOWS\System32
2014-11-30 16:12:36 ----D---- C:\WINDOWS\Inf
2014-11-30 16:12:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-26 10:48:52 ----D---- C:\WINDOWS\system32\DriverStore
2014-11-26 09:24:37 ----D---- C:\WINDOWS\CbsTemp
2014-11-26 09:24:35 ----D---- C:\WINDOWS\WinSxS
2014-11-24 10:48:39 ----A---- C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-21 12:16:20 ----RSD---- C:\WINDOWS\assembly
2014-11-21 09:59:06 ----D---- C:\Users\Dawn\AppData\Roaming\uTorrent
2014-11-21 09:35:54 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-11-21 09:33:01 ----D---- C:\Program Files\Microsoft Office 15
2014-11-20 15:51:37 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2014-11-14 14:58:28 ----D---- C:\WINDOWS\system32\catroot2
2014-11-14 14:33:26 ----D---- C:\WINDOWS\rescache
2014-11-14 10:14:31 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-14 10:11:34 ----D---- C:\WINDOWS\SYSWOW64\migration
2014-11-14 10:11:34 ----D---- C:\WINDOWS\SYSWOW64\en-US
2014-11-14 10:11:34 ----D---- C:\WINDOWS\system32\migration
2014-11-14 10:11:34 ----D---- C:\WINDOWS\system32\en-US
2014-11-14 10:11:34 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-14 10:11:33 ----RD---- C:\WINDOWS\ToastData
2014-11-14 10:11:33 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2014-11-14 10:11:33 ----D---- C:\Program Files\Internet Explorer
2014-11-14 10:11:32 ----D---- C:\WINDOWS\apppatch
2014-11-14 10:11:32 ----D---- C:\Program Files\Windows Defender
2014-11-14 10:11:32 ----D---- C:\Program Files (x86)\Windows Defender
2014-11-14 10:11:31 ----D---- C:\WINDOWS\system32\wbem
2014-11-14 08:27:46 ----HD---- C:\ProgramData
2014-11-12 08:40:34 ----D---- C:\WINDOWS\system32\MRT
2014-11-12 08:32:23 ----A---- C:\WINDOWS\system32\MRT.exe
2014-11-11 22:03:57 ----D---- C:\ProgramData\CyberLink
2014-11-10 23:02:06 ----D---- C:\Users\Dawn\AppData\Roaming\Mozilla
2014-11-10 08:43:57 ----D---- C:\Users\Dawn\AppData\Roaming\Apple Computer
2014-11-07 08:45:08 ----D---- C:\ProgramData\Skype
2014-11-07 08:44:55 ----RD---- C:\Program Files (x86)\Skype
2014-11-06 08:46:29 ----D---- C:\Users\Dawn\AppData\Roaming\Adobe
2014-11-05 23:37:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-11-05 23:34:24 ----AD---- C:\ProgramData\Temp
2014-11-05 23:28:58 ----RSD---- C:\WINDOWS\Fonts
2014-11-05 23:21:16 ----D---- C:\ProgramData\install_clap
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-11-26 65776]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-11-26 267632]
R0 hpdskflt;@oem20.inf,%service_desc%;HP Filter; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2012-09-24 31040]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-09-28 650808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2014-11-26 93568]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-11-26 1050432]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-11-26 436624]
R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-11-26 29208]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-11-26 83280]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2014-11-26 116728]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-26 271752]
R3 Accelerometer;@oem20.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2012-09-24 43840]
R3 AMPPAL;@oem6.inf,%AMPPAL.SVCDESC%;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter; C:\WINDOWS\System32\drivers\AMPPAL.sys [2012-07-17 162344]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\WINDOWS\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 btmhsf;btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [2013-02-14 1362232]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 iBtFltCoex;iBtFltCoex; C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys [2013-01-15 69240]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-05-20 3791872]
R3 IntcDAud;@oem36.inf,%IntcDAud.SvcDesc%;Intel® Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 iwdbus;@oem14.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2014-05-06 27032]
R3 MEIx64;@oem39.inf,%HECI_SvcDesc%;Intel® Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 NETwNe64;@oem23.inf,%NIC_Service_DispName_WIN8_64%;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\WINDOWS\system32\DRIVERS\Netwew00.sys [2013-10-08 3345376]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2014-03-18 167424]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2012-07-31 690832]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2013-12-30 33008]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [2012-08-20 542208]
R3 SynTP;@oem31.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2013-12-30 495856]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-07-24 1200640]
S3 dg_ssudbus;@oem42.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 intaud_WaveExtensible;@oem13.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2014-05-06 38296]
S3 RSP2STOR;@oem40.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2012-07-04 269968]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2012-08-24 41272]
S3 ssudmdm;@oem43.inf,%ssud.Service.Name%;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-07-17 731688]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-06-12 43336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-26 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-03-06 1124728]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-03-06 1149304]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-05-02 135952]
R2 CarboniteService;CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [2014-06-27 7641296]
R2 ClassicShellService;Classic Shell Service; C:\Program Files\Classic Shell\ClassicShellService.exe [2013-04-12 68608]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-10-30 2443960]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2013-08-28 626416]
R2 FileZilla Server;FileZilla Server FTP server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [2014-09-19 772608]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 hpsrv;@oem20.inf,%hpservice_desc%;HP Service; C:\WINDOWS\system32\Hpservice.exe [2012-09-24 31040]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-09-07 35232]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-07-14 2451456]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service; C:\WINDOWS\system32\igfxCUIService.exe [2014-05-20 314696]
R2 Intel® Bluetooth Radio Management;Intel® Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-03-11 160712]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 Intel® ME Service;Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-07-17 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-07-17 165760]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2012-07-17 276864]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2013-08-28 149744]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-09-11 390672]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-08-20 323072]
R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-17 364416]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-26 4012248]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-02 43696]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-09-07 1001376]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-07-08 641352]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-31 116648]
S2 HPConnectedRemote;HP Connected Remote Service; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-10-12 35744]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-09-28 14904]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-09 50784]
S3 cphs;Intel® Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-05-20 278344]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-04-30 651720]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-31 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-30 114288]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-08-28 273136]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-03-26 150600]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
 
-----------------EOF-----------------
 
 
INFO:
 
info.txt logfile of random's system information tool 1.10 2014-12-03 21:38:40
 
======MBR======
 
0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005F2A5DF3000000000200EEFFFFFF01000000EF66545700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
 
======Uninstall list======
 
-->"C:\Program Files (x86)\HP Games\Web Link - Polar Bowler Strike!\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}\Setup.exe" /z-uninstall
-->"C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\Uninstall.exe"
4 Elements II-->"C:\Program Files (x86)\HP Games\4 Elements II\uninstall\uninstaller.exe"
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat 9 Pro Extended 64-bit Add-On-->MsiExec.exe /I{AC76BA86-1033-0000-0064-0003D0000004}
Adobe Acrobat 9.4.2 - CPSID_83708-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Creative Cloud-->"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Adobe Flash Player 15 Plugin-->C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_239_Plugin.exe -maintain plugin
Adobe Illustrator CC 2014-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{2B4B4082-8043-4646-8334-B0A29E641211}"
Adobe InDesign CC 2014-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}"
Adobe Photoshop CS6-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}"
Adobe Reader XI (11.0.08)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}
Adobe Shockwave Player 12.0-->"C:\Windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe"
Aloha TriPeaks-->"C:\Program Files (x86)\HP Games\Aloha TriPeaks\uninstall\uninstaller.exe"
AoA Audio Extractor Platinum-->"C:\Program Files (x86)\AoA Audio Extractor Platinum\unins000.exe"
Apple Application Support-->MsiExec.exe /I{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}
Apple Mobile Device Support-->MsiExec.exe /I{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall
Bejeweled 3-->"C:\Program Files (x86)\HP Games\Bejeweled 3\uninstall\uninstaller.exe"
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Build-a-lot 4 - Power Source-->"C:\Program Files (x86)\HP Games\Build-a-lot 4 - Power Source\uninstall\uninstaller.exe"
Canon Easy-WebPrint EX-->"C:\Program Files (x86)\Canon\Easy-WebPrint EX\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\Easy-WebPrint EX\uninst.ini
Canon IJ Network Scanner Selector EX-->"C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\MAINT.exe" /UninstallRemove C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\uninst.ini
Canon IJ Network Tool-->C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon IJ Scan Utility-->"C:\Program Files (x86)\Canon\IJ Scan Utility\MAINT.exe" /UninstallRemove C:\Program Files (x86)\Canon\IJ Scan Utility\uninst.ini
Canon MG5500 series MP Drivers-->"C:\Program Files\CanonBJ\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series\DELDRV64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series /L0x0009
Canon MG5500 series On-screen Manual-->C:\Program Files (x86)\Canon\IJ Manual\Canon MG5500 series\uninstall.exe
Canon My Image Garden Design Files-->"C:\Program Files (x86)\Canon\My Image Garden\AddOn\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\My Image Garden\AddOn\uninst.ini
Canon My Image Garden-->"C:\Program Files (x86)\Canon\My Image Garden\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\My Image Garden\uninst.ini
Canon My Printer-->"C:\Program Files\Canon\MyPrinter\uninst.exe" /UninstallRemove C:\Program Files\Canon\MyPrinter\uninst.ini
Canon Quick Menu-->"C:\Program Files (x86)\Canon\Quick Menu\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\Quick Menu\uninst.ini
Carbonite-->C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteSetup.exe /remove
Citrix Online Launcher-->MsiExec.exe /I{AC7E7905-8C59-4806-A96D-30936A2B1FC5}
Classic Shell-->MsiExec.exe /X{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}
Cradle of Rome 2-->"C:\Program Files (x86)\HP Games\Cradle of Rome 2\uninstall\uninstaller.exe"
Crazy Chicken Soccer-->"C:\Program Files (x86)\HP Games\Crazy Chicken Soccer\uninstall\uninstaller.exe"
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
CyberLink Media Suite 10-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink Media Suite 10-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink PhotoDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{4862344A-A39C-4897-ACD4-A1BED5163C5A}\Setup.exe" /z-uninstall
CyberLink PhotoDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{4862344A-A39C-4897-ACD4-A1BED5163C5A}\Setup.exe" /z-uninstall
CyberLink Power2Go 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\setup.exe" /z-uninstall
CyberLink Power2Go 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\setup.exe" /z-uninstall
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
CyberLink PowerDirector 11-->"C:\Program Files (x86)\InstallShield Installation Information\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}\Setup.exe" /z-uninstall
CyberLink PowerDirector 11-->"C:\Program Files (x86)\InstallShield Installation Information\{551F492A-01B0-4DC4-866F-875EC4EDC0A8}\Setup.exe" /z-uninstall
CyberLink PowerDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
CyberLink PowerDVD-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{2433A103-9EC3-49EA-9AD1-58A35F27EE56}" "1033" "0"
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{2433A103-9EC3-49EA-9AD1-58A35F27EE56}" "1033" "0"
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
Energy Star-->MsiExec.exe /I{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}
ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Evernote v. 5.7.2-->MsiExec.exe /X{FB57263E-706F-11E4-A65F-00163E98E7D6}
Facebook Video Calling 3.1.0.521-->MsiExec.exe /X{2091F234-EB58-4B80-8C96-8EB78C808CF7}
Farm Frenzy-->"C:\Program Files (x86)\HP Games\Farm Frenzy\uninstall\uninstaller.exe"
FileZilla Server-->C:\Program Files (x86)\FileZilla Server\uninstall.exe
Final Drive Fury-->"C:\Program Files (x86)\HP Games\Final Drive Fury\uninstall\uninstaller.exe"
Freephoneline-->MsiExec.exe /X{2AED3E0F-66AB-45DD-8D1A-FD75262DB2AE}
Galerie de photos-->MsiExec.exe /X{FE8DFDD0-A543-4A83-B7A9-C411138194D5}
Gardenscapes: Mansion Makeover-->"C:\Program Files (x86)\WildGames\Gardenscapes Mansion Makeover\uninstall\uninstaller.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Talk Plugin-->MsiExec.exe /I{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Governor of Poker 2 Premium Edition-->"C:\Program Files (x86)\HP Games\Governor of Poker 2 Premium Edition\uninstall\uninstaller.exe"
Hewlett-Packard ACLM.NET v1.2.1.1-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
House of 1000 Doors: Family Secrets-->"C:\Program Files (x86)\WildGames\House of 1000 Doors Family Secrets\uninstall\uninstaller.exe"
Hoyle Card Games-->"C:\Program Files (x86)\HP Games\Hoyle Card Games\uninstall\uninstaller.exe"
HP 3D DriveGuard-->MsiExec.exe /X{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}
HP Connected Music (Meridian - installer)-->"C:\Program Files (x86)\HPConnectedMusic\Uninstall.exe"
HP Connected Remote-->MsiExec.exe /X{F243A34B-AB7F-4065-B770-B85B767C247C}
HP CoolSense-->MsiExec.exe /I{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Documentation-->MsiExec.exe /X{23C74C03-680C-455D-933F-5BC8683CAE52}
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP MyRoom-->MsiExec.exe /I{9C35EDE5-4B0F-45E7-A438-314BA889948E}
HP Postscript Converter-->MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
HP Quick Launch-->MsiExec.exe /I{E5823036-6F09-4D0A-B05C-E2BAA129288A}
HP Recovery Manager-->MsiExec.exe /I{528AB81B-D65A-4AB0-A2B6-82B51A087D01}
HP Registration Service-->MsiExec.exe /X{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe" -runfromtemp -l0x0409  -removeonly
HP Utility Center-->MsiExec.exe /I{0C57987A-A03A-4B95-A309-D23F78F406CA}
HP Wireless Button Driver-->MsiExec.exe /X{30B2D1D8-0A07-4B71-9553-0710C5D31E35}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly
Inkscape 0.48.4-->C:\Program Files (x86)\Inkscape\Uninstall.exe
Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall
Intel® PROSet/Wireless for Bluetooth® + High Speed-->MsiExec.exe /X{89478C31-5CE8-461A-9084-9A0AF059F84F}
Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel® SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe -uninstall
Intel® WiDi-->MsiExec.exe /X{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}
Intel® PROSet/Wireless Software-->"C:\ProgramData\Package Cache\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}\Setup.exe"  /uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{D61F48DA-627B-404E-9315-32A651B18B64}
Intel® Trusted Connect Service Client-->MsiExec.exe /I{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}
iTunes-->MsiExec.exe /I{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}
Java 7 Update 71-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F03217071FF}
Jewel Match 3-->"C:\Program Files (x86)\HP Games\Jewel Match 3\uninstall\uninstaller.exe"
Jing-->MsiExec.exe /I{22800204-9E53-45C7-B6F3-5BB0F1C1A147}
John Deere Drive Green-->"C:\Program Files (x86)\HP Games\John Deere Drive Green\uninstall\uninstaller.exe"
LastPass(uninstall only)-->C:\Program Files (x86)\LastPass\lastpass.exe --uninstall
Letters from Nowhere 2-->"C:\Program Files (x86)\HP Games\Letters from Nowhere 2\uninstall\uninstaller.exe"
Luxor Evolved-->"C:\Program Files (x86)\HP Games\Luxor Evolved\uninstall\uninstaller.exe"
Mahjongg Dimensions Deluxe: Tiles in Time-->"C:\Program Files (x86)\HP Games\Mahjongg Dimensions Deluxe Tiles in Time\uninstall\uninstaller.exe"
Media Player Codec Pack 4.3.4-->C:\WINDOWS\SysWOW64\C2MP\Uninst.exe
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)-->MsiExec.exe /I{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}
Microsoft Excel 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"
Microsoft Office 365 - en-us-->"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" scenario=install baseurl="C:\Program Files\Microsoft Office 15" platform=x86 version=15.0.4667.1002 culture=en-us productstoremove=O365HomePremRetail_en-us_x-none 
Microsoft Office Excel 2010-->MsiExec.exe /X{90140000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2010-->MsiExec.exe /X{90140000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"  /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"  /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Word 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Movie Maker-->MsiExec.exe /X{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}
Movie Maker-->MsiExec.exe /X{9846E46F-07E0-4BDF-985A-E3FBA8C15877}
Movie Maker-->MsiExec.exe /X{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}
Mozilla Firefox 33.0.2 (x86 en-US)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110_amd64-->MsiExec.exe /I{F842F8B0-6942-4930-821F-543E976B2C66}
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
Newblue Art Effects for PowerDirector-->"C:\Program Files (x86)\CyberLink\Shared files\Plugin\NewBlue\UninstallArtEffectsBundleForPDR.exe"
Office 15 Click-to-Run Extensibility Component-->MsiExec.exe /X{90150000-008C-0000-0000-0000000FF1CE}
Office 15 Click-to-Run Licensing Component-->MsiExec.exe /I{90150000-008F-0000-1000-0000000FF1CE}
Office 15 Click-to-Run Localization Component-->MsiExec.exe /X{90150000-008C-0409-0000-0000000FF1CE}
PDF Settings CS6-->MsiExec.exe /I{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}
Peggle Nights-->"C:\Program Files (x86)\HP Games\Peggle Nights\uninstall\uninstaller.exe"
Penguins!-->"C:\Program Files (x86)\HP Games\Penguins!\uninstall\uninstaller.exe"
Photo Common-->MsiExec.exe /X{5CC4C963-F772-4766-BFF2-DE551E205EE9}
Photo Common-->MsiExec.exe /X{D531FC91-6F4E-49A7-B912-15289D05B6F8}
Photo Gallery-->MsiExec.exe /X{60A1253C-2D51-4166-95C2-52E9CF4F8D64}
Photo Gallery-->MsiExec.exe /X{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}
Polar Bowler-->"C:\Program Files (x86)\HP Games\Polar Bowler\uninstall\uninstaller.exe"
Polar Golfer-->"C:\Program Files (x86)\HP Games\Polar Golfer\uninstall\uninstaller.exe"
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -l0x0409 -removeonly
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly
Roads of Rome 3-->"C:\Program Files (x86)\HP Games\Roads of Rome 3\uninstall\uninstaller.exe"
Royal Envoy 2 Collector's Edition-->"C:\Program Files (x86)\WildGames\Royal Envoy 2 Collectors Edition\uninstall\uninstaller.exe"
Samsung Easy Wireless Setup-->"C:\Program Files (x86)\Samsung\Samsung Easy Wireless Setup\SEInstall\setup.exe" /R
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{DC8EDDCF-2031-4C8D-916C-64058A3ACA95}" "1033" "0"
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{DC8EDDCF-2031-4C8D-916C-64058A3ACA95}" "1033" "0"
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{89F78B33-4282-4698-844D-E306D4260C02}" "1033" "0"
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{89F78B33-4282-4698-844D-E306D4260C02}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{688AC276-B332-4A76-AEB0-708AAAE669E5}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{688AC276-B332-4A76-AEB0-708AAAE669E5}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{294CFDA0-FFD3-4C74-A26C-F4AE246783D6}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{294CFDA0-FFD3-4C74-A26C-F4AE246783D6}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{4D6FE7B6-559F-4DAC-92CF-A01C24046AEB}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{A5E549EB-FDD3-4CD1-8163-50D429A36516}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{A5E549EB-FDD3-4CD1-8163-50D429A36516}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{EC2CA755-17D8-4392-A91E-FD4D2DD31072}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{EC2CA755-17D8-4392-A91E-FD4D2DD31072}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{0241FB40-015F-42AC-A711-1AE59E346B51}" "1033" "0"
Security Update for Microsoft Word 2010 (KB2760769) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{CD9083D1-380C-4377-811C-6642E0C83AA5}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{D6A2CD7F-C90C-4B90-BBA7-2BADE2E08610}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{09A9DF49-DA06-4093-A2FD-F339211E39EA}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{09A9DF49-DA06-4093-A2FD-F339211E39EA}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{E4D76E88-C65F-4003-9C71-EC4306679D17}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{E4D76E88-C65F-4003-9C71-EC4306679D17}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{945F1D43-451D-4383-9BBE-241F37950B15}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{945F1D43-451D-4383-9BBE-241F37950B15}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}" "1033" "0"
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}" "1033" "0"
Skype™ 6.21-->MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
SmartSound Quicktracks 5-->"C:\Program Files (x86)\InstallShield Installation Information\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}\setup.exe" -runfromtemp -l0x0409  -removeonly
SmartSound Quicktracks 5-->MsiExec.exe /I{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}
StudioTax 2011-->MsiExec.exe /I{61507AA6-FAC3-473C-95BA-7E5EC6025738}
StudioTax 2012-->MsiExec.exe /I{EA61FF47-8FBA-40A3-B10B-648F410285BE}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab for Intel-->MsiExec.exe /I{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}
The Treasures of Mystery Island: The Ghost Ship-->"C:\Program Files (x86)\HP Games\The Treasures of Mystery Island The Ghost Ship\uninstall\uninstaller.exe"
Trinklit Supreme-->"C:\Program Files (x86)\HP Games\Trinklit Supreme\uninstall\uninstaller.exe"
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}" "1033" "0"
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}" "1033" "0"
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}" "1033" "0"
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}" "1033" "0"
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0"
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0"
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0"
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}" "1033" "0"
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}" "1033" "0"
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{287A1E92-9E41-4BC1-8920-B3D0E9220800}" "1033" "0"
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{287A1E92-9E41-4BC1-8920-B3D0E9220800}" "1033" "0"
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}" "1033" "0"
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}" "1033" "0"
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}" "1033" "0"
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}" "1033" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1033" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1033" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1033" "0"
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}" "1033" "0"
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1033" "0"
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1033" "0"
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}" "1033" "0"
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{5AA578BB-759C-40FD-9661-A737C0884541}" "1033" "0"
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{5AA578BB-759C-40FD-9661-A737C0884541}" "1033" "0"
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0000-0000-0000000FF1CE}" "{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}" "1033" "0"
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0000-0000-0000000FF1CE}" "{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}" "1033" "0"
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}" "1033" "0"
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}" "1033" "0"
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{C1954E2B-1672-4E5C-B564-F8CB2D08345B}" "1033" "0"
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{C1954E2B-1672-4E5C-B564-F8CB2D08345B}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{51CCA922-A0CC-47C4-8910-6936D97CAC2E}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{51CCA922-A0CC-47C4-8910-6936D97CAC2E}" "1033" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F9F5A080-AF38-4966-9A6B-C43DCA465035}" "1033" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F9F5A080-AF38-4966-9A6B-C43DCA465035}" "1033" "0"
Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Video Downloader version 2.0-->"C:\Windows\unins000.exe"
WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe"
WildTangent Games-->"C:\Program Files (x86)\WildGames\Uninstall.exe"
Windows Live Communications Platform-->MsiExec.exe /I{BA73469B-D8C7-4FE3-B33C-1340D09F0709}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{46316411-80D8-4F68-8118-696E05FCE199}
Windows Live Installer-->MsiExec.exe /I{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}
Windows Live Photo Common-->MsiExec.exe /X{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}
Windows Live PIMT Platform-->MsiExec.exe /I{1057511B-F8FE-4230-9ED3-AB949A57EE4A}
Windows Live SOXE Definitions-->MsiExec.exe /I{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}
Windows Live SOXE-->MsiExec.exe /I{4F9A382F-4478-4036-905C-F77DF2EA0370}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}
Windows Live UX Platform-->MsiExec.exe /I{29315CEC-E6CE-4394-84DC-6F862E8D9A52}
Windows Live-->MsiExec.exe /I{78F35489-621D-4FFD-BCE7-2C7C3897E47C}
WinRAR 5.01 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe
WinSCP 5.5.5-->"C:\Program Files (x86)\WinSCP\unins000.exe"
Youda Jewel Shop-->"C:\Program Files (x86)\WildGames\Youda Jewel Shop\uninstall\uninstaller.exe"
Zuma's Revenge-->"C:\Program Files (x86)\HP Games\Zumas Revenge\uninstall\uninstaller.exe"
 
======Hosts File======
 
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
======System event log======
 
Computer Name: Business-Laptop
Event Code: 10002
Message: WLAN Extensibility Module has stopped.
 
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
 
Record Number: 313179
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20141203135531.035142-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
 
Computer Name: Business-Laptop
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 313178
Source Name: Microsoft-Windows-Time-Service
Time Written: 20141203135530.472551-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
 
Computer Name: Business-Laptop
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 313174
Source Name: Microsoft-Windows-Time-Service
Time Written: 20141203135528.988081-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
 
Computer Name: Business-Laptop
Event Code: 15301
Message: SSL Certificate Settings created by an admin process for endpoint : 0.0.0.0:52000 .
Record Number: 313168
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20141203135502.533566-000
Event Type: Warning
User: 
 
Computer Name: Business-Laptop
Event Code: 15300
Message: SSL Certificate Settings deleted for endpoint : 0.0.0.0:52000 .
Record Number: 313167
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20141203135502.392935-000
Event Type: Warning
User: 
 
=====Application event log=====
 
Computer Name: Business-Laptop
Event Code: 507
Message: LiveComm (200) C:\Users\Dawn\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\d2f095ed456c9d3d\120712-0049\: A request to read from the file "C:\Users\Dawn\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\d2f095ed456c9d3d\120712-0049\DBStore\livecomm.edb" at offset 20234240 (0x000000000134c000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 86097
Source Name: ESENT
Time Written: 20141203013051.000000-000
Event Type: Warning
User: 
 
Computer Name: Business-Laptop
Event Code: 78
Message: Activation context generation failed for "C:\Users\Dawn\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Record Number: 86096
Source Name: SideBySide
Time Written: 20141203001542.000000-000
Event Type: Error
User: 
 
Computer Name: Business-Laptop
Event Code: 78
Message: Activation context generation failed for "C:\Users\Dawn\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Record Number: 86095
Source Name: SideBySide
Time Written: 20141203001540.000000-000
Event Type: Error
User: 
 
Computer Name: Business-Laptop
Event Code: 78
Message: Activation context generation failed for "C:\Users\Dawn\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Record Number: 86094
Source Name: SideBySide
Time Written: 20141203001538.000000-000
Event Type: Error
User: 
 
Computer Name: Business-Laptop
Event Code: 78
Message: Activation context generation failed for "C:\Users\Dawn\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Record Number: 86093
Source Name: SideBySide
Time Written: 20141203001538.000000-000
Event Type: Error
User: 
 
=====Security event log=====
 
Computer Name: Business-Laptop
Event Code: 4672
Message: Special privileges assigned to new logon.
 
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
 
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1277502
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141203001424.324557-000
Event Type: Audit Success
User: 
 
Computer Name: Business-Laptop
Event Code: 4624
Message: An account was successfully logged on.
 
Subject:
Security ID: S-1-5-18
Account Name: BUSINESS-LAPTOP$
Account Domain: WORKGROUP
Logon ID: 0x3E7
 
Logon Type: 5
 
Impersonation Level: Impersonation
 
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
 
Process Information:
Process ID: 0x32c
Process Name: C:\Windows\System32\services.exe
 
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
 
Detailed Authentication Information:
Logon Process: Advapi  
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
 
This event is generated when a logon session is created. It is generated on the computer that was accessed.
 
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
 
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
 
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
 
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
 
The impersonation level field indicates the extent to which a process in the logon session can impersonate.
 
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 1277501
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141203001424.324557-000
Event Type: Audit Success
User: 
 
Computer Name: Business-Laptop
Event Code: 4672
Message: Special privileges assigned to new logon.
 
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
 
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1277500
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141203001300.882030-000
Event Type: Audit Success
User: 
 
Computer Name: Business-Laptop
Event Code: 4624
Message: An account was successfully logged on.
 
Subject:
Security ID: S-1-5-18
Account Name: BUSINESS-LAPTOP$
Account Domain: WORKGROUP
Logon ID: 0x3E7
 
Logon Type: 5
 
Impersonation Level: Impersonation
 
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
 
Process Information:
Process ID: 0x32c
Process Name: C:\Windows\System32\services.exe
 
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
 
Detailed Authentication Information:
Logon Process: Advapi  
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
 
This event is generated when a logon session is created. It is generated on the computer that was accessed.
 
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
 
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
 
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
 
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
 
The impersonation level field indicates the extent to which a process in the logon session can impersonate.
 
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 1277499
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20141203001300.882030-000
Event Type: Audit Success
User: 
 
Computer Name: Business-Laptop
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-479020640-2380612206-2516104647-1001
Account Name: Dawn
Domain Name: BUSINESS-LAPTOP
Logon ID: 0x13DC312
Record Number: 1277498
Source Name: Microsoft-Windows-Eventlog
Time Written: 20141203000856.261424-000
Event Type: Audit Success
User: 
 
======Environment variables======
 
"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"Path"=C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;c:\Program Files (x86)\QuickTime\QTSystem\
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"asl.log"=Destination=file
"CLASSPATH"=.;c:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip
"QTJAVA"=c:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip
 
-----------------EOF-----------------
 
 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 PM

Posted 08 December 2014 - 09:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Dawn M

Dawn M
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 08 December 2014 - 09:52 PM

Hi Nasdaq,

Thank you for your help.  Here's the report from Rogue Killer:

 

RogueKiller V10.0.9.0 (x64) [Dec  8 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Dawn [Administrator]
Mode : Delete -- Date : 12/08/2014  21:50:55
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] FreeScreenSharing.exe -- C:\Users\Dawn\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 16 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Windows\CurrentVersion\Run | Screencast-O-Matic Tray : C:\Users\Dawn\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe [7] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Windows\CurrentVersion\Run | FreeScreenSharing : C:\Users\Dawn\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe [7] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Windows\CurrentVersion\Run | Screencast-O-Matic Tray : C:\Users\Dawn\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Windows\CurrentVersion\Run | FreeScreenSharing : C:\Users\Dawn\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe  -> ERROR [2]
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01  -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 24.226.1.93 24.226.10.193 24.226.10.194 [CANADA (CA)][CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 24.226.1.93 24.226.10.193 24.226.10.194 [CANADA (CA)][CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2019856C-D0BC-4E8D-B30D-DA4648B30992} | DhcpNameServer : 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94 [CANADA (CA)][CANADA (CA)][CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49907EA0-30B8-4D60-9EA2-5556E35CB03C} | DhcpNameServer : 24.226.1.93 24.226.10.193 24.226.10.194 [CANADA (CA)][CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2019856C-D0BC-4E8D-B30D-DA4648B30992} | DhcpNameServer : 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94 [CANADA (CA)][CANADA (CA)][CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{49907EA0-30B8-4D60-9EA2-5556E35CB03C} | DhcpNameServer : 24.226.1.93 24.226.10.193 24.226.10.194 [CANADA (CA)][CANADA (CA)][CANADA (CA)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> Deleted
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 6 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
¤¤¤ Antirootkit : 30 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012d310|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e480|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e870|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e7e0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e800|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012eab0|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012db70|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012de10|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e960|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e9a0|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012ece0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e150|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012db40|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e1c0|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e1a0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012db80|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012eaa0|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e940|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e2f0|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e250|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e850|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012dbd0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012d430|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012d700|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012de10|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - ZwAlpcSendWaitReceivePort : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e590|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012d160|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012d970|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012e590|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7ff8c8ae010a (jmp 0xffffffff8012dc50|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] k3hnvfbl.default-1384812490092 : user_pref("browser.startup.homepage", "https://ca.yahoo.com/?fr=hp-avast&type=avastbcl"); -> Not selected
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] eac67c7d0e26d1559f851c74d918489b
[BSP] 07af2e55866331c05e3e0209222483ea : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 715404 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_12082014_214739.log


#4 Dawn M

Dawn M
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 08 December 2014 - 10:00 PM

Two reports from FRST.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2014
Ran by Dawn (administrator) on BUSINESS-LAPTOP on 08-12-2014 21:53:26
Running from C:\Users\Dawn\Downloads
Loaded Profile: Dawn (Available profiles: Dawn)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Dawn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Users\Dawn\Downloads\RogueKillerX64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-12-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [38840 2011-01-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640440 2010-09-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-26] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\C2MP\CodecUACManager.exe [58648 2014-09-27] ()
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2448896 2014-09-19] (FileZilla Project)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => c:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\Run: [Facebook Update] => C:\Users\Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-26] (Facebook Inc.)
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\Run: [Google Update] => C:\Users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-14] (Google Inc.)
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
AppInit_DLLs: acaptuser64.dll => C:\WINDOWS\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPCON13/4
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> {DB971C52-5CEE-4638-B117-68A83544D6FD} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=295477&p={searchTerms}
SearchScopes: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> {F0465D3C-2C34-4880-B534-6204F55CCCCA} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194
 
FireFox:
========
FF ProfilePath: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-479020640-2380612206-2516104647-1001: @addlive.com/AddLive,version=2.1.4.1 -> C:\Users\Dawn\AppData\LocalLow\AddLive\2.1.4.1\npAddLive.dll (LiveFoundry Inc.)
FF Plugin HKU\S-1-5-21-479020640-2380612206-2516104647-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Dawn\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-479020640-2380612206-2516104647-1001: @freescreensharing/detector -> C:\Users\Dawn\AppData\Local\FreeScreenSharing\npfreesee.dll (Free Screen Sharing)
FF Plugin HKU\S-1-5-21-479020640-2380612206-2516104647-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dawn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-479020640-2380612206-2516104647-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dawn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-479020640-2380612206-2516104647-1001: @talk.google.com/O1DPlugin -> C:\Users\Dawn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-479020640-2380612206-2516104647-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dawn\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-479020640-2380612206-2516104647-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dawn\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Dawn\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dawn\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\searchplugins\yahoo-avast.xml
FF Extension: LastPass - C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\Extensions\support@lastpass.com [2014-10-09]
FF Extension: Evernote Web Clipper - C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_frg01_14_41_ch&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzzzytCyBtCyC0F0A0EyByDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzyyCtCtC0DtC0CtGyEyD0AtDtG0DyC0F0AtGyD0FyE0EtGyD0E0C0A0DtDtC0A0EtA0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDtD0EtBtD0AtG0F0DtA0DtGyEyDtAzytG0Bzy0CzztG0A0D0F0CtA0D0F0D0EtA0CyE2Q&cr=1735511636&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_frg01_14_41_ch&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzzzytCyBtCyC0F0A0EyByDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzyyCtCtC0DtC0CtGyEyD0AtDtG0DyC0F0AtGyD0FyE0EtGyD0E0C0A0DtDtC0A0EtA0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDtD0EtBtD0AtG0F0DtA0DtGyEyDtAzytG0Bzy0CzztG0A0D0F0CtA0D0F0D0EtA0CyE2Q&cr=1735511636&ir=", "hxxp://mail.mondaymorningva.com/", "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR Profile: C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31]
CHR Extension: (Google Drive) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31]
CHR Extension: (Google Search) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31]
CHR Extension: (Add Email Signature - WiseStamp) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjjniaenghhbffhplhdcipdgidbajdp [2014-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-04-04]
CHR Extension: (Google Wallet) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
CHR Extension: (WiseStamp - Email Signatures for Gmail) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg [2014-04-04]
CHR Extension: (Gmail) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-26] (Avast Software)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-04-12] (IvoSoft) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [772608 2014-09-19] (FileZilla Project) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-04-30] (Macrovision Europe Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-17] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1362232 2013-02-14] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-12-30] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-26] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 21:53 - 2014-12-08 21:53 - 00036724 _____ () C:\Users\Dawn\Downloads\FRST.txt
2014-12-08 21:53 - 2014-12-08 21:53 - 00000000 ____D () C:\FRST
2014-12-08 21:35 - 2014-12-08 21:35 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-08 21:35 - 2014-12-08 21:35 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-08 21:34 - 2014-12-08 21:34 - 18315864 _____ () C:\Users\Dawn\Downloads\RogueKillerX64.exe
2014-12-08 21:34 - 2014-12-08 21:34 - 02119680 _____ (Farbar) C:\Users\Dawn\Downloads\FRST64.exe
2014-12-08 12:47 - 2014-12-08 12:47 - 00486860 _____ () C:\Users\Dawn\Desktop\Error Screen.tiff
2014-12-03 21:38 - 2014-12-03 21:38 - 00000000 ____D () C:\rsit
2014-12-03 21:38 - 2014-12-03 21:38 - 00000000 ____D () C:\Program Files\trend micro
2014-12-03 21:36 - 2014-12-03 21:36 - 01222144 _____ () C:\Users\Dawn\Desktop\RSITx64.exe
2014-12-03 08:49 - 2014-12-03 08:49 - 00001168 _____ () C:\Users\Dawn\Desktop\ESET.txt
2014-12-02 19:15 - 2014-12-02 19:15 - 02347384 _____ (ESET) C:\Users\Dawn\Downloads\esetsmartinstaller_enu.exe
2014-12-02 19:15 - 2014-12-02 19:15 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-02 19:09 - 2014-12-02 19:09 - 00001367 _____ () C:\Users\Dawn\Desktop\JRT.txt
2014-12-02 19:03 - 2014-12-02 19:03 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-02 18:58 - 2014-12-02 18:58 - 01707646 _____ (Thisisu) C:\Users\Dawn\Downloads\JRT.exe
2014-12-02 15:50 - 2014-12-03 08:54 - 00000000 ____D () C:\AdwCleaner
2014-12-02 15:48 - 2014-12-02 15:48 - 02154496 _____ () C:\Users\Dawn\Downloads\AdwCleaner.exe
2014-12-02 15:45 - 2014-12-02 15:45 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Dawn\Downloads\tdsskiller.exe
2014-12-02 15:43 - 2014-12-02 15:44 - 00053452 _____ () C:\Users\Dawn\Downloads\Result.txt
2014-12-02 15:38 - 2014-12-02 15:38 - 00401920 _____ (Farbar) C:\Users\Dawn\Downloads\MiniToolBox.exe
2014-12-02 07:58 - 2014-12-02 07:58 - 00022528 _____ () C:\Users\Dawn\AppData\Local\dsisetup1436513752.exe
2014-12-01 21:21 - 2014-12-03 23:56 - 00000000 ____D () C:\Users\Dawn\Desktop\Vistaprint_Business_Cards-Standard
2014-11-30 19:53 - 2014-11-30 19:53 - 00005070 _____ () C:\Users\Dawn\AppData\Local\recently-used.xbel
2014-11-28 23:09 - 2014-12-02 10:22 - 00000600 _____ () C:\Users\Dawn\AppData\Roaming\winscp.rnd
2014-11-28 22:57 - 2014-11-28 22:57 - 02644450 _____ () C:\Users\Dawn\Desktop\wonderplugin-gallery-commercial-3.6.zip
2014-11-27 09:09 - 2014-11-27 09:09 - 00079366 _____ () C:\WINDOWS\system32\2014-11-27-14-09-54.082-aswFe.exe-4704.log
2014-11-27 09:09 - 2014-11-27 09:09 - 00000197 _____ () C:\WINDOWS\system32\2014-11-27-14-09-53.087-AvastVBoxSVC.exe-2248.log
2014-11-27 09:03 - 2014-11-27 09:05 - 00000197 _____ () C:\WINDOWS\system32\2014-11-27-14-03-33.072-AvastVBoxSVC.exe-5040.log
2014-11-27 09:03 - 2014-11-27 09:03 - 00000330 _____ () C:\WINDOWS\system32\2014-11-27-14-03-38.090-aswFe.exe-4200.log
2014-11-27 08:55 - 2014-11-27 08:55 - 00000330 _____ () C:\WINDOWS\system32\2014-11-27-13-55-19.028-aswFe.exe-6796.log
2014-11-27 08:53 - 2014-11-27 08:57 - 00000197 _____ () C:\WINDOWS\system32\2014-11-27-13-53-42.025-AvastVBoxSVC.exe-2360.log
2014-11-27 08:53 - 2014-11-27 08:53 - 00000330 _____ () C:\WINDOWS\system32\2014-11-27-13-53-46.079-aswFe.exe-4956.log
2014-11-27 08:30 - 2014-11-27 08:30 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-11-27 08:30 - 2014-11-27 08:30 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-11-26 10:48 - 2014-11-26 10:48 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-26 10:48 - 2014-11-26 10:48 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-24 12:46 - 2014-11-24 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-11-24 12:45 - 2014-11-24 12:45 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-11-21 09:58 - 2014-11-21 09:58 - 00022528 _____ () C:\Users\Dawn\AppData\Local\dsisetup6038119212.exe
2014-11-19 15:22 - 2014-11-19 15:23 - 00000000 ____D () C:\Users\Dawn\Documents\Spencer Insurance
2014-11-19 08:30 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 08:30 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 08:30 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 08:30 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-17 09:35 - 2014-11-17 09:35 - 00000000 ____D () C:\Users\Dawn\Documents\Henrys Photography Classes
2014-11-14 19:54 - 2014-11-16 22:17 - 00000000 ____D () C:\Users\Dawn\Desktop\Judo 11.12.2014
2014-11-14 13:08 - 2014-11-14 13:11 - 00000000 ____D () C:\Users\Dawn\Desktop\Torrents
2014-11-12 08:29 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 08:29 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-12 08:29 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-12 08:29 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 08:29 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-12 08:28 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-12 08:28 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-12 08:28 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-12 08:28 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-12 08:28 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-12 08:28 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-12 08:28 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 08:28 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-12 08:28 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-12 08:28 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-12 08:28 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-12 08:28 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-12 08:28 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 08:27 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-12 08:27 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-12 08:27 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-12 08:27 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-12 08:27 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-12 08:27 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-12 08:27 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-12 08:27 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-12 08:27 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 08:27 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-12 08:27 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-12 08:27 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-12 08:27 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-12 08:27 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-12 08:27 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-12 08:27 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-12 08:27 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-12 08:27 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-12 08:27 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-12 08:27 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-12 08:27 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-12 08:27 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-12 08:27 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-12 08:27 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-12 08:27 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-12 08:27 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-12 08:25 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-12 08:25 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 08:25 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 08:25 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 08:25 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-12 08:25 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 08:25 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-12 08:22 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 08:22 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-12 08:21 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 08:21 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 08:21 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 08:21 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 08:21 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 08:21 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 08:21 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 08:21 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 08:21 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 08:21 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 08:21 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 08:21 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 08:21 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 08:21 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 08:21 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 08:21 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 08:21 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 08:21 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 08:21 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 08:21 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 08:21 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 08:21 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 08:21 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 08:21 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 08:21 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:21 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 08:21 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 08:21 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 08:21 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 08:21 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 08:21 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 08:21 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 08:21 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 08:21 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 08:21 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 08:21 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 08:21 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 08:21 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 08:21 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 08:21 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 08:21 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 08:21 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 08:21 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 08:21 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 08:21 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 08:21 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-12 08:21 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-12 08:21 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-12 08:21 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-12 08:21 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-12 08:21 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-12 08:21 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-12 08:21 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-12 08:21 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-12 08:21 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-12 08:21 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-12 08:21 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 08:21 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-12 08:21 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-12 08:21 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-12 08:21 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-12 08:21 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-12 08:21 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-12 08:21 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-12 08:21 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-12 08:21 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-12 08:21 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-12 08:21 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-12 08:21 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:21 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-12 08:21 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-12 08:21 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-12 08:21 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-12 08:21 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-12 08:21 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-12 08:21 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-12 08:21 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-12 08:21 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-12 08:21 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-12 08:21 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-12 08:21 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-12 08:21 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-12 08:21 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-12 08:21 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-12 08:21 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-12 08:21 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-12 08:21 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-12 08:21 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-12 08:21 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-12 08:21 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-12 08:20 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-12 08:20 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-12 08:20 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-12 08:20 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-12 08:20 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 08:20 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-12 08:20 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-12 08:20 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-12 08:20 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-12 08:20 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-12 08:20 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 08:20 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 08:20 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-12 08:20 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-12 08:20 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-12 08:20 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-12 08:20 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 08:20 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-12 08:20 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-12 08:20 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-12 08:20 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 08:19 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-12 08:19 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-12 08:19 - 2014-09-07 17:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-12 08:19 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-12 08:19 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-12 08:19 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 08:19 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-12 08:19 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-12 08:19 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-12 08:19 - 2014-08-30 19:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-12 08:19 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-12 08:19 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-12 08:19 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 08:19 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-12 08:19 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-12 08:19 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 08:19 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-12 08:19 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-12 08:19 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-12 08:19 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 21:49 - 2013-05-01 09:56 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Skype
2014-12-08 21:44 - 2013-04-21 21:25 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-08 21:19 - 2014-03-31 07:20 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 21:12 - 2014-07-08 20:45 - 00000588 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-479020640-2380612206-2516104647-1001.job
2014-12-08 21:09 - 2014-03-14 08:36 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001UA.job
2014-12-08 21:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-08 20:11 - 2013-05-26 19:06 - 00000956 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001UA.job
2014-12-08 20:11 - 2013-05-26 19:06 - 00000934 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001Core.job
2014-12-08 18:59 - 2014-07-17 11:11 - 01189689 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-08 18:19 - 2014-03-31 07:20 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 13:16 - 2013-04-26 21:03 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-12-08 12:47 - 2013-05-02 06:40 - 12733952 ___SH () C:\Users\Dawn\Desktop\Thumbs.db
2014-12-08 10:54 - 2014-08-04 11:08 - 00003172 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForDawn
2014-12-08 10:54 - 2014-08-04 11:08 - 00000360 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForDawn.job
2014-12-08 10:54 - 2013-04-29 09:54 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-12-08 07:56 - 2013-04-30 12:28 - 00000000 ____D () C:\Users\Dawn\AppData\Local\Adobe
2014-12-06 05:09 - 2014-03-14 08:36 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001Core.job
2014-12-05 10:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-04 09:44 - 2014-05-14 10:29 - 00000000 ___RD () C:\Users\Dawn\Dropbox
2014-12-04 09:43 - 2014-07-17 11:25 - 00000000 ___DO () C:\Users\Dawn\OneDrive
2014-12-04 09:42 - 2014-05-14 10:23 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Dropbox
2014-12-04 09:42 - 2013-07-02 07:14 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-04 09:38 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-04 09:37 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-03 08:56 - 2014-03-18 04:54 - 00082896 _____ () C:\WINDOWS\PFRO.log
2014-12-02 21:59 - 2013-04-21 11:07 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-479020640-2380612206-2516104647-1001
2014-12-02 07:58 - 2014-10-12 07:58 - 00000002 _____ () C:\Users\Dawn\AppData\Local\DSI.DAT
2014-12-02 07:58 - 2014-10-10 17:58 - 00000194 _____ () C:\Users\Dawn\AppData\Roaming\WB.CFG
2014-11-30 18:25 - 2014-02-14 23:49 - 00001456 _____ () C:\Users\Dawn\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-11-30 17:55 - 2013-04-28 08:43 - 00116736 ___SH () C:\Users\Dawn\Documents\Thumbs.db
2014-11-30 16:12 - 2014-03-18 05:03 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-28 15:42 - 2014-07-08 20:45 - 00003600 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-479020640-2380612206-2516104647-1001
2014-11-26 10:48 - 2014-04-21 11:46 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-11-26 10:48 - 2014-01-01 10:19 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-11-26 10:48 - 2013-07-02 07:14 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-26 10:48 - 2013-07-02 07:14 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-11-26 10:48 - 2013-07-02 07:14 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-11-26 10:48 - 2013-07-02 07:14 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-11-26 10:48 - 2013-07-02 07:14 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-11-26 10:48 - 2013-07-02 07:14 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-11-26 09:24 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-25 22:11 - 2013-09-23 11:11 - 00000000 ____D () C:\Users\Dawn\Documents\Credit Reports
2014-11-25 14:44 - 2013-04-21 21:25 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-24 10:48 - 2013-04-29 09:54 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-21 09:59 - 2013-04-29 21:53 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\uTorrent
2014-11-21 09:33 - 2013-04-25 12:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-20 15:51 - 2014-09-12 10:01 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-20 15:51 - 2014-09-12 10:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-14 19:32 - 2014-05-14 10:25 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 14:33 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-14 10:15 - 2013-08-22 09:44 - 05137520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-14 10:14 - 2013-04-21 11:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-14 10:11 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-14 10:11 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-14 10:11 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 10:11 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 10:11 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 10:11 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-13 05:04 - 2014-03-14 08:36 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001UA
2014-11-13 05:04 - 2014-03-14 08:36 - 00003500 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001Core
2014-11-12 18:14 - 2014-03-31 07:20 - 00003910 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-12 18:14 - 2014-03-31 07:20 - 00003674 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 08:40 - 2013-08-11 07:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 08:32 - 2013-04-25 08:16 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 22:03 - 2012-12-18 03:48 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-11 00:18 - 2014-05-04 10:44 - 00003584 _____ () C:\Users\Dawn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-10 23:20 - 2014-02-12 18:59 - 00000000 ____D () C:\Users\Dawn\Documents\Torrents
2014-11-10 23:07 - 2014-11-05 23:33 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
2014-11-10 23:02 - 2013-04-21 11:21 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Mozilla
2014-11-10 08:44 - 2013-05-26 15:31 - 00000000 ____D () C:\Users\Dawn\AppData\Local\Apple Computer
2014-11-10 08:43 - 2013-05-26 15:31 - 00000000 ____D () C:\Users\Dawn\AppData\Roaming\Apple Computer
 
Some content of TEMP:
====================
C:\Users\Dawn\AppData\Local\Temp\1ujj4ife.dll
C:\Users\Dawn\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dawn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrwuy2.dll
C:\Users\Dawn\AppData\Local\Temp\Extract.exe
C:\Users\Dawn\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Dawn\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Dawn\AppData\Local\Temp\Quarantine.exe
C:\Users\Dawn\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dawn\AppData\Local\Temp\SP58519.exe
C:\Users\Dawn\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-04 14:51
 
==================== End Of Log ============================

from FRST:

 

ADDITIONAL:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2014
Ran by Dawn at 2014-12-08 21:54:26
Running from C:\Users\Dawn\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
AddLive Browser Plugin (HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\AddLive) (Version: 2.1.4.1 - LiveFoundry Inc.)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.4.2 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.4.2 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_942) (Version:  - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AoA Audio Extractor Platinum (HKLM-x32\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version:  - AoAMedia.com)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Classic Shell (HKLM\...\{7F34ADBE-77C0-47A0-BBC6-B3DA16CE8E68}) (Version: 3.6.7 - IvoSoft)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dropbox (HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.7.2 (HKLM-x32\...\{FB57263E-706F-11E4-A65F-00163E98E7D6}) (Version: 5.7.2.5753 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.47 - FileZilla Project)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Freephoneline (HKLM-x32\...\{2AED3E0F-66AB-45DD-8D1A-FD75262DB2AE}) (Version: 3.2.7 - freephoneline.ca)
FreeScreenSharing (HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\FreeScreenSharing) (Version: 0.58.75.0 - Free Conferencing Corporation)
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{23C74C03-680C-455D-933F-5BC8683CAE52}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1303-148929CC1385}) (Version: 3.0.1303.0326 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Media Player Codec Pack 4.3.4 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.4 - Media Player Codec Pack)
Microsoft Excel 2010 (HKLM-x32\...\Office14.EXCEL) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0016-0000-0000-0000000FF1CE}_Office14.EXCEL_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.6029.1000 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PowerDirector (Version: 11.0 - CyberLink Corp.) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.05 - Samsung Electronics Co., Ltd.)
Screencast-O-Matic (HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
StudioTax 2011 (HKLM\...\{61507AA6-FAC3-473C-95BA-7E5EC6025738}) (Version: 7.0.7.3 - BHOK IT Consulting)
StudioTax 2012 (HKLM-x32\...\{EA61FF47-8FBA-40A3-B10B-648F410285BE}) (Version: 8.0.5.0 - BHOK IT Consulting)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSCP 5.5.5 (HKLM-x32\...\winscp3_is1) (Version: 5.5.5 - Martin Prikryl)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-479020640-2380612206-2516104647-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dawn\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
22-11-2014 16:05:11 Scheduled Checkpoint
24-11-2014 17:43:32 Installed Evernote v. 5.7.2
26-11-2014 15:45:50 avast! antivirus system restore point
03-12-2014 19:49:04 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-04-30 12:12 - 2013-04-30 12:13 - 00001803 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02BFEB40-D422-4445-9A69-BBF349C8997D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {065147A8-A6B2-44CC-BAE0-86ACD457A461} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {1C654411-9D9B-4898-90F7-470FE0A034D0} - System32\Tasks\HPCeeScheduleForDawn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {3AD92CA7-D892-4221-962C-7C62DE8FC292} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {579DF0F0-0640-4534-A463-0A56A5E4CCC5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001Core => C:\Users\Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-26] (Facebook Inc.)
Task: {5B87314D-7D69-40C3-87A9-7F669B4894A8} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {5EF546D1-7D4B-45C5-9F21-AE00FE447026} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)
Task: {6396D92F-F926-4632-AE29-742420E59468} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001Core => C:\Users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {6CD1103E-40B8-4B66-BAC0-CC4D22DACFAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {71F7E1AC-FFAD-4678-AA55-EB5A2154690D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: {791BB40A-E2C7-48D2-8BEE-00EC08CBAAA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)
Task: {8922C5A1-410B-4572-BCC9-3B59D3C53AAD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001UA => C:\Users\Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-26] (Facebook Inc.)
Task: {9244140F-321D-409D-9373-E313049F9E5B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-30] (Synaptics Incorporated)
Task: {A1CB3CAD-2704-4EC9-B64E-3F6E38CD8E06} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {A37A0D5C-DE37-43A2-BAD7-3CBB0D298CDD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {A91E3221-1DC1-49BE-B53E-6B9D84634ACC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {B637E4B8-9681-4227-A159-9E61F1F412C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {CC165CF4-C06F-4C49-B639-4341287FC84C} - System32\Tasks\G2MUpdateTask-S-1-5-21-479020640-2380612206-2516104647-1001 => C:\Users\Dawn\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-11-28] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D347233D-8077-4844-8D6D-12CA2C7A40D0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001UA => C:\Users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {DFB02E61-BE39-46AD-94CD-E99F19572B43} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F83945AD-2640-4273-AC54-D4D1E89AFC99} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-dawn@mondaymorningva.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001Core.job => C:\Users\Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001UA.job => C:\Users\Dawn\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-479020640-2380612206-2516104647-1001.job => C:\Users\Dawn\AppData\Local\Citrix\GoToMeeting\2033\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001Core.job => C:\Users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-479020640-2380612206-2516104647-1001UA.job => C:\Users\Dawn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForDawn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-22 05:48 - 2011-06-22 05:48 - 00034304 _____ () C:\WINDOWS\System32\ssp7ml6.dll
2011-06-22 05:48 - 2011-06-22 05:48 - 00826880 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssp7mdu.dll
2014-03-19 18:23 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-16 10:06 - 2014-07-16 10:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-11-21 09:31 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-05 23:33 - 2012-09-11 23:14 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-11-26 10:47 - 2014-11-26 10:47 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-26 10:47 - 2014-11-26 10:47 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-06-29 17:17 - 2014-06-29 17:17 - 00048712 _____ () C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-07-16 10:05 - 2014-07-16 10:05 - 05558432 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-11-25 08:24 - 2014-11-25 08:24 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-12-08 21:34 - 2014-12-08 21:34 - 18315864 _____ () C:\Users\Dawn\Downloads\RogueKillerX64.exe
2014-12-04 08:22 - 2014-12-04 08:22 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120400\algo.dll
2014-11-26 10:47 - 2014-11-26 10:47 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-08 15:34 - 2014-12-08 15:34 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120801\algo.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-13 16:30 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-11-26 10:48 - 2014-11-26 10:48 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-07-03 05:45 - 2014-07-03 05:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-12-04 09:42 - 2014-12-04 09:42 - 00043008 _____ () c:\users\dawn\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrwuy2.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Dawn\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-17 08:12 - 2014-10-17 08:12 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\952624f5942fdcd80e5cbd9dfdfdf257\PSIClient.ni.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 00438336 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 00320064 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 21120064 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 00097344 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 00987728 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 00137808 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 00194128 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
2012-12-18 03:17 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-11-25 19:20 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 19:20 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-25 19:20 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 19:20 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\ProgramData\Temp:8CE646EE
AlternateDataStreams: C:\Users\Dawn\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\StartupApproved\Run: => "GoToMeeting"
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\...\StartupApproved\Run: => "Screencast-O-Matic Tray"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-479020640-2380612206-2516104647-500 - Administrator - Disabled)
Dawn (S-1-5-21-479020640-2380612206-2516104647-1001 - Administrator - Enabled) => C:\Users\Dawn
Guest (S-1-5-21-479020640-2380612206-2516104647-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-479020640-2380612206-2516104647-1024 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Realtek PCIE CardReader
Description: Realtek PCIE CardReader
Class Guid: {4d36e970-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconduct Corp.
Service: RSP2STOR
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2014 01:09:28 PM) (Source: MsiInstaller) (EventID: 1024) (User: BUSINESS-LAPTOP)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (12/08/2014 10:54:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c
Faulting module name: hpasset.exe, version: 3.0.3.1, time stamp: 0x5202c98c
Exception code: 0xc0000005
Fault offset: 0x00022fff
Faulting process id: 0x1e54
Faulting application start time: 0xhpasset.exe0
Faulting application path: hpasset.exe1
Faulting module path: hpasset.exe2
Report Id: hpasset.exe3
Faulting package full name: hpasset.exe4
Faulting package-relative application ID: hpasset.exe5
 
Error: (12/08/2014 08:35:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
 
Error: (12/08/2014 08:05:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (12/08/2014 08:04:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (12/08/2014 08:04:29 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (12/07/2014 05:58:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (12/07/2014 05:58:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (12/07/2014 05:57:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (12/07/2014 05:56:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
 
System errors:
=============
Error: (12/08/2014 00:20:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (12/08/2014 00:03:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (12/08/2014 00:02:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (12/08/2014 11:53:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (12/07/2014 09:00:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (12/06/2014 10:17:38 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (12/04/2014 10:58:58 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (12/04/2014 09:41:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Connected Remote Service service failed to start due to the following error: 
%%1053
 
Error: (12/04/2014 09:41:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Connected Remote Service service to connect.
 
Error: (12/04/2014 09:37:43 AM) (Source: BTHUSB) (EventID: 30) (User: )
Description: The local adapter does not support an important Low Energy controller state.  The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff.  Low Energy functionality will be disabled.
 
 
Microsoft Office Sessions:
=========================
Error: (12/08/2014 01:09:28 PM) (Source: MsiInstaller) (EventID: 1024) (User: BUSINESS-LAPTOP)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
 
Error: (12/08/2014 10:54:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpasset.exe3.0.3.15202c98chpasset.exe3.0.3.15202c98cc000000500022fff1e5401d012ff20847965C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe6d2eb6f2-7ef2-11e4-beb7-84a6c891716f
 
Error: (12/08/2014 08:35:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
 
Error: (12/08/2014 08:05:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (12/08/2014 08:04:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe
 
Error: (12/08/2014 08:04:29 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe
 
Error: (12/07/2014 05:58:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (12/07/2014 05:58:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe
 
Error: (12/07/2014 05:57:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe
 
Error: (12/07/2014 05:56:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 8084.27 MB
Available physical RAM: 3542.1 MB
Total Pagefile: 12180.27 MB
Available Pagefile: 7906.59 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:672.59 GB) (Free:274.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.84 GB) (Free:2.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: F35D2A5F)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 PM

Posted 09 December 2014 - 09:27 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\C2MP\CodecUACManager.exe [58648 2014-09-27] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF SearchPlugin: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\searchplugins\yahoo-avast.xml
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_frg01_14_41_ch&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzzzytCyBtCyC0F0A0EyByDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzyyCtCtC0DtC0CtGyEyD0AtDtG0DyC0F0AtGyD0FyE0EtGyD0E0C0A0DtDtC0A0EtA0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDtD0EtBtD0AtG0F0DtA0DtGyEyDtAzytG0Bzy0CzztG0A0D0F0CtA0D0F0D0EtA0CyE2Q&cr=1735511636&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_frg01_14_41_ch&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzzzytCyBtCyC0F0A0EyByDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzyyCtCtC0DtC0CtGyEyD0AtDtG0DyC0F0AtGyD0FyE0EtGyD0E0C0A0DtDtC0A0EtA0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDtD0EtBtD0AtG0F0DtA0DtGyEyDtAzytG0Bzy0CzztG0A0D0F0CtA0D0F0D0EtA0CyE2Q&cr=1735511636&ir=", "hxxp://mail.mondaymorningva.com/", "https://www.google.com/?trackid=sp-006"
CHR Extension: (Google Wallet) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
AlternateDataStreams: C:\ProgramData\Temp:8CE646EE
C:\Users\Dawn\AppData\Local\Temp\1ujj4ife.dll
C:\Users\Dawn\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dawn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrwuy2.dll
C:\Users\Dawn\AppData\Local\Temp\Extract.exe
C:\Users\Dawn\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Dawn\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Dawn\AppData\Local\Temp\SP58519.exe
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#6 Dawn M

Dawn M
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 10 December 2014 - 09:11 AM

FixLog.txt report:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2014
Ran by Dawn at 2014-12-10 08:43:02 Run:1
Running from C:\Users\Dawn\Downloads
Loaded Profile: Dawn (Available profiles: Dawn)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\C2MP\CodecUACManager.exe [58648 2014-09-27] ()
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-479020640-2380612206-2516104647-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF DefaultSearchEngine: Yahoo! (Avast)
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF SearchPlugin: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\searchplugins\yahoo-avast.xml
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_frg01_14_41_ch&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzzzytCyBtCyC0F0A0EyByDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzyyCtCtC0DtC0CtGyEyD0AtDtG0DyC0F0AtGyD0FyE0EtGyD0E0C0A0DtDtC0A0EtA0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDtD0EtBtD0AtG0F0DtA0DtGyEyDtAzytG0Bzy0CzztG0A0D0F0CtA0D0F0D0EtA0CyE2Q&cr=1735511636&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_frg01_14_41_ch&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzzzytCyBtCyC0F0A0EyByDtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDzyyCtCtC0DtC0CtGyEyD0AtDtG0DyC0F0AtGyD0FyE0EtGyD0E0C0A0DtDtC0A0EtA0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyDtDtD0EtBtD0AtG0F0DtA0DtGyEyDtAzytG0Bzy0CzztG0A0D0F0CtA0D0F0D0EtA0CyE2Q&cr=1735511636&ir=", "hxxp://mail.mondaymorningva.com/", "https://www.google.com/?trackid=sp-006"
CHR Extension: (Google Wallet) - C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
AlternateDataStreams: C:\ProgramData\Temp:8CE646EE
C:\Users\Dawn\AppData\Local\Temp\1ujj4ife.dll
C:\Users\Dawn\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dawn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrwuy2.dll
C:\Users\Dawn\AppData\Local\Temp\Extract.exe
C:\Users\Dawn\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Dawn\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Dawn\AppData\Local\Temp\SP58519.exe
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Codec Settings UAC Manager => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe => Moved successfully.
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key not found.
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-479020640-2380612206-2516104647-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully.
"HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
HKU\S-1-5-21-479020640-2380612206-2516104647-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\searchplugins\bing-avast.xml => Moved successfully.
C:\Users\Dawn\AppData\Roaming\Mozilla\Firefox\Profiles\k3hnvfbl.default-1384812490092\searchplugins\yahoo-avast.xml => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Dawn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\ProgramData\Temp => ":8CE646EE" ADS removed successfully.
C:\Users\Dawn\AppData\Local\Temp\1ujj4ife.dll => Moved successfully.
C:\Users\Dawn\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Dawn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrwuy2.dll => Moved successfully.
C:\Users\Dawn\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\Dawn\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Dawn\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Dawn\AppData\Local\Temp\SP58519.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#7 Dawn M

Dawn M
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 10 December 2014 - 09:24 AM

And report from Security Check:

 

 Results of screen317's Security Check version 0.99.92  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
 Adobe Flash Player 15.0.0.246  
 Adobe Reader XI  
 Mozilla Firefox 33.0.2 Firefox out of Date!
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

I just tried another search and I'm still getting the trackID tagged on (Chrome)  :(

I'm NOT seeing the same thing when I use Firefox though.  


Edited by Dawn M, 10 December 2014 - 09:23 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 PM

Posted 10 December 2014 - 01:59 PM

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 Dawn M

Dawn M
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 11 December 2014 - 09:01 AM

Hallelujah!  

 

Thank you so much .. the little bugger is gone!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:14 PM

Posted 11 December 2014 - 11:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users