Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with junk (searchprotect and others)


  • This topic is locked This topic is locked
20 replies to this topic

#1 FeedMeInfo

FeedMeInfo

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 25 March 2015 - 09:34 PM

So a friend of mine dropped their laptop off because it's slow.. I opened it and noticed there are loads of junk on the laptop.  I first noticed searchprotect (and I believe I've successfully removed it now), however there were upwards of 30 different junky programs that were downloaded on the laptop within a weeks time.  I deleted all of these (removed via uninstall programs), I was on my way to adwcleaner, malware and otherwise for a full clean, and still had Programs and Features open, I saw at least 10 of these programs re installing themselves one by one as i was running adwcleaner.

 

I'm still trying to get rid of:
Health Alert

Eppink

MyPC Backup

 

and do a general cleanup. Windows 7, 64 bit.  Any help would be appreciated! :)

 

FRST Log:

 

 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Tammy (administrator) on TAMMY-HP on 25-03-2015 22:22:05
Running from C:\Users\Tammy\Desktop
Loaded Profiles: Tammy (Available profiles: Tammy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
() C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth\nmy2yzhxogswbth.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
(Google Inc.) C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.64\OptProSmartScan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC Utilities Software Limited) C:\Program Files (x86)\Optimizer Pro 3.64\OptProReminder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Rational Thought Solutions) C:\ProgramData\owCxlB\qbusXPWDHm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-09-11] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-09-24] (IDT, Inc.)
HKLM\...\Run: [LMADEmon] => C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-09-12] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [Google Update] => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-25] (Google Inc.)
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.64\OptProLauncher.exe [148008 2015-03-17] (PC Utilities Software Limited)
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4081401466-2854415465-36764422-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5354&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4081401466-2854415465-36764422-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5354&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4081401466-2854415465-36764422-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-25] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-12-17] (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-25] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-12-17] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-06-21] (EasyBits Software Corp.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 15 C:\Windows\SysWOW64\VCL.dll [335064] (VC Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-06-21] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-11-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-11-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4081401466-2854415465-36764422-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4081401466-2854415465-36764422-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml [2015-03-25]
FF Extension: 158d7cb370394a758e0b3bd0a464edd2 - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2} [2014-12-10]
FF Extension: cd61737567434ee8bac4fbf10f35729e - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2015-03-25]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-09-17]
FF HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\extensions\NLQUCQ35648598@KRFIE97629948.com [Not Found]
FF Extension: No Name - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [Not Found]
FF Extension: No Name - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\extensions\TTSD90021300@PYDKGV101145942.com [Not Found]
FF Extension: No Name - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\extensions\sonnypenn@aol.com [Not Found]
FF Extension: No Name - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\extensions\taylorralston@hotmail.com [Not Found]
FF Extension: No Name - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,
CHR StartupUrls: Default -> "hxxp://www-searching.com/?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-09-25]
CHR Extension: (Google Cast) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-25]
CHR Extension: (Netflix) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-01-25]
CHR Extension: (Yahoo!) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfkbfjcbkhnmiignagpkiijohkcdkffb [2015-03-25]
CHR Extension: (Pin It Button) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 3a37b93a; c:\Program Files (x86)\Optimizer Pro 3.64\OptProMon.dll [2292264 2015-03-25] ()
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-20] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-09-12] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 qbusXPWDHm; C:\ProgramData\owCxlB\qbusXPWDHm.exe [2733552 2015-03-25] (Rational Thought Solutions)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 MediaDevSrv; "C:\ProgramData\MediaDev\1400194695\mediadev.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 aswSP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 kxtbmjwb; \??\C:\Windows\system32\drivers\kxtbmjwb.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
S2 SPDRIVER_1.39.1.1655; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.39.1.1655\jsdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 22:22 - 2015-03-25 22:22 - 00026461 _____ () C:\Users\Tammy\Desktop\FRST.txt
2015-03-25 22:20 - 2015-03-25 22:22 - 00000000 ____D () C:\FRST
2015-03-25 22:19 - 2015-03-25 22:17 - 05615749 _____ (Swearware) C:\Users\Tammy\Desktop\ComboFix.exe
2015-03-25 22:19 - 2015-03-25 22:17 - 02095616 _____ (Farbar) C:\Users\Tammy\Desktop\FRST64.exe
2015-03-25 22:07 - 2015-03-25 22:07 - 00014557 _____ () C:\Users\Tammy\Desktop\hijackthis.log
2015-03-25 21:50 - 2015-03-25 22:04 - 00000000 ____D () C:\Users\Tammy\Desktop\backups
2015-03-25 21:31 - 2015-03-25 21:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tammy\Desktop\HijackThis.exe
2015-03-25 21:12 - 2015-03-25 21:12 - 00000000 ____D () C:\ProgramData\c07c07600005650
2015-03-25 21:11 - 2015-03-25 21:39 - 00000000 ____D () C:\Users\Tammy\AppData\Local\HealthAlert
2015-03-25 21:07 - 2015-03-25 21:07 - 01020964 _____ () C:\Users\Tammy\Downloads\Unconfirmed 586426.crdownload
2015-03-25 21:07 - 2015-03-25 21:07 - 00000000 ____D () C:\ProgramData\owCxlB
2015-03-25 21:07 - 2015-03-25 21:07 - 00000000 ____D () C:\ProgramData\HealthAlert
2015-03-25 21:02 - 2015-03-25 21:02 - 00004014 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-03-25 21:02 - 2015-03-25 21:02 - 00001969 _____ () C:\Users\Tammy\Desktop\Sync Folder.lnk
2015-03-25 21:01 - 2015-03-25 21:01 - 00003254 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-03-25 21:01 - 2015-03-25 21:01 - 00001099 _____ () C:\Users\Tammy\Desktop\Optimizer Pro.lnk
2015-03-25 21:01 - 2015-03-25 21:01 - 00000000 ____D () C:\Users\Tammy\Documents\Optimizer Pro
2015-03-25 21:01 - 2015-03-25 21:01 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Optimizer Pro
2015-03-25 21:01 - 2015-03-25 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-03-25 21:01 - 2015-03-25 21:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.64
2015-03-25 21:00 - 2015-03-25 21:28 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-03-25 21:00 - 2015-03-25 21:00 - 00001069 _____ () C:\Users\Tammy\Desktop\MyPC Backup.lnk
2015-03-25 21:00 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-03-25 20:57 - 2015-03-25 20:57 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Eppink
2015-03-25 20:57 - 2015-03-25 20:57 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\352D39B5-1427331462-0EA4-0CD7-101F741A5EB4
2015-03-25 20:50 - 2015-03-25 20:52 - 00008672 _____ () C:\Windows\SysWOW64\VCLOff.ini
2015-03-25 20:50 - 2015-03-25 20:52 - 00008672 _____ () C:\Windows\system32\VCLOff.ini
2015-03-25 20:50 - 2015-03-20 09:54 - 00335064 _____ (VC Corporation) C:\Windows\SysWOW64\VCL.dll
2015-03-25 20:44 - 2015-03-25 20:47 - 00000000 ____D () C:\ProgramData\EmailNotifier
2015-03-25 20:36 - 2015-03-25 21:00 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-03-25 20:36 - 2015-03-25 20:36 - 00000000 ____D () C:\Users\Tammy\AppData\Local\globalUpdate
2015-03-25 20:36 - 2015-03-25 20:36 - 00000000 ____D () C:\Program Files (x86)\5c3e877c-03e4-46ff-8b8c-ccd0f16063bd
2015-03-25 20:35 - 2015-03-25 22:12 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTammy
2015-03-25 20:35 - 2015-03-25 22:12 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForTammy.job
2015-03-25 20:16 - 2015-03-25 20:16 - 00000000 _____ () C:\F5C5.tmp
2015-03-25 20:13 - 2015-03-25 20:13 - 02168320 _____ () C:\Users\Tammy\Downloads\adwcleaner_4.113.exe
2015-03-25 20:08 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Tammy\AppData\Local\352D39B5-1427314108-0EA4-0CD7-101F741A5EB4
2015-03-25 19:53 - 2015-03-25 19:53 - 00000000 _____ () C:\Users\Tammy\AppData\Roaming\1.txt
2015-03-25 18:49 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\sEaXjva
2015-03-25 18:49 - 2015-03-25 18:49 - 00003238 _____ () C:\Windows\System32\Tasks\KA3T8ddWS5BclMs
2015-03-25 18:49 - 2015-03-25 18:49 - 00000000 _____ () C:\Users\Tammy\AppData\Local\.a852.db
2015-03-25 18:48 - 2015-03-25 18:48 - 00003282 _____ () C:\Windows\System32\Tasks\wBgZP6WkEJKDRg0
2015-03-25 18:47 - 2015-03-25 21:27 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\uJrqmCT
2015-03-25 18:46 - 2015-03-25 18:46 - 00003240 _____ () C:\Windows\System32\Tasks\zeyvubCcQVGK49w
2015-03-25 18:44 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\YsV1bts
2015-03-25 18:40 - 2015-03-25 22:05 - 00001340 _____ () C:\Windows\Tasks\WCDUDQK.job
2015-03-25 18:40 - 2015-03-25 18:40 - 00004366 _____ () C:\Windows\System32\Tasks\WCDUDQK
2015-03-25 18:39 - 2015-03-25 22:05 - 00001336 _____ () C:\Windows\Tasks\ACHGF.job
2015-03-25 18:39 - 2015-03-25 18:39 - 00004362 _____ () C:\Windows\System32\Tasks\ACHGF
2015-03-25 18:25 - 2015-03-25 19:14 - 00002295 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-25 14:52 - 2015-03-25 14:52 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-03-25 14:52 - 2015-03-25 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-03-25 14:52 - 2015-03-25 14:52 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
2015-03-09 16:06 - 2015-03-09 16:06 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
2015-03-09 09:47 - 2015-03-09 12:31 - 00000000 ____D () C:\ProgramData\{55665be6-7d66-9ea4-5566-65be67d66f99}
2015-03-09 09:44 - 2015-03-09 09:44 - 00003592 _____ () C:\Windows\System32\Tasks\SMWUpd
2015-03-09 09:43 - 2015-03-09 09:43 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashRpt
2015-03-08 14:53 - 2015-03-25 21:00 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-03-08 14:53 - 2015-03-25 14:50 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-03-08 01:18 - 2015-03-08 01:18 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
2015-03-08 01:04 - 2015-03-08 01:04 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
2015-03-08 01:03 - 2015-03-08 14:52 - 00000000 ____D () C:\ProgramData\Optimizer
2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Users\Tammy\Documents\DreamVideoSoft
2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-03-08 00:56 - 2015-03-08 00:56 - 00435720 _____ (InstallerTech Corp) C:\Users\Tammy\Downloads\Setup (2).exe
2015-03-08 00:49 - 2015-03-25 19:19 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-08 00:20 - 2015-03-08 00:20 - 00003262 _____ () C:\Windows\System32\Tasks\GlobalUpdate-nmy2yzhxogswbth
2015-03-08 00:20 - 2015-03-08 00:20 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth
2015-03-08 00:18 - 2015-03-25 21:00 - 00000000 ____D () C:\ProgramData\81d19778c51c4881a7eae8f07044d0be
2015-03-08 00:18 - 2015-03-25 19:23 - 00000000 ____D () C:\ProgramData\0d4294919c9a4941ba7cc97f91f909a5
2015-03-08 00:18 - 2015-03-08 00:18 - 00003558 _____ () C:\Windows\System32\Tasks\DPTDYGCK
2015-03-08 00:16 - 2015-03-08 00:16 - 00637440 _____ () C:\Users\Tammy\Downloads\UH.Hack.v1.18.1__4024_il943.exe
2015-03-08 00:16 - 2015-03-08 00:16 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Geckofx
2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\QsMttiv
2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\nO1cZpN
2015-03-08 00:14 - 2015-03-08 00:14 - 00000000 ____D () C:\ProgramData\atjs
2015-03-08 00:11 - 2015-03-25 19:43 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\OAS
2015-03-08 00:11 - 2015-03-08 00:11 - 00657920 _____ () C:\Users\Tammy\Downloads\Installer11__7934_il13539.exe
2015-03-07 15:42 - 2015-03-07 15:43 - 00435416 _____ (InstallerTech Corp) C:\Users\Tammy\Downloads\Setup (1).exe
2015-03-06 20:31 - 2015-03-25 14:52 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-03-06 20:31 - 2015-03-25 14:52 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-03-06 20:31 - 2015-03-06 20:31 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-03 16:02 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 16:02 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 16:02 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 16:02 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 13:09 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 13:09 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 22:22 - 2009-07-14 01:13 - 00783532 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-25 22:15 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 22:15 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 22:13 - 2014-03-05 21:48 - 01897753 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 22:05 - 2014-12-21 06:06 - 00631498 _____ () C:\Windows\PFRO.log
2015-03-25 22:05 - 2014-12-21 06:06 - 00008539 _____ () C:\Windows\setupact.log
2015-03-25 22:05 - 2013-02-03 16:41 - 00000414 _____ () C:\Windows\Tasks\Quick PC Booster64 startups.job
2015-03-25 22:05 - 2013-02-03 16:40 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2015-03-25 22:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 21:55 - 2012-12-24 03:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 21:31 - 2012-08-07 20:44 - 00000000 ____D () C:\Users\Tammy\AppData\Local\VirtualStore
2015-03-25 21:30 - 2013-10-04 15:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 21:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SchCache
2015-03-25 21:26 - 2012-08-08 11:40 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashDumps
2015-03-25 21:00 - 2014-02-24 00:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-25 20:38 - 2013-09-16 13:50 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Mozilla
2015-03-25 20:36 - 2013-04-02 12:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-25 20:23 - 2014-07-24 16:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 20:23 - 2014-07-24 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 20:23 - 2014-07-24 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-25 20:23 - 2013-10-19 23:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 20:16 - 2013-10-19 21:47 - 00000000 ____D () C:\AdwCleaner
2015-03-25 20:11 - 2013-09-30 11:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-25 20:10 - 2014-05-15 18:52 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-03-25 19:04 - 2013-09-30 17:02 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-25 19:04 - 2012-08-07 20:54 - 00001073 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:43 - 2012-08-07 20:54 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D75D12E0-FDDE-4CAB-898C-0D9BCC45FE94}
2015-03-25 18:25 - 2014-07-23 18:33 - 00001106 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:25 - 2013-10-04 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 06:15 - 2014-07-24 16:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-24 16:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-10-19 23:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 16:43 - 2015-01-25 20:32 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core.job
2015-03-09 16:29 - 2012-08-07 20:43 - 00000000 ____D () C:\Users\Tammy
2015-03-08 00:36 - 2013-01-14 17:47 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\SoftGrid Client
2015-03-06 20:31 - 2012-08-14 15:56 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Adobe
2015-03-06 12:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-03-04 16:03 - 2012-08-09 16:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2015-03-25 19:53 - 2015-03-25 19:53 - 0000000 _____ () C:\Users\Tammy\AppData\Roaming\1.txt
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
2015-01-25 12:12 - 2015-01-25 12:12 - 0001248 _____ () C:\Users\Tammy\AppData\Roaming\AUSAMRFZ
2014-09-16 16:45 - 2014-09-26 00:45 - 0000065 _____ () C:\Users\Tammy\AppData\Roaming\WB.CFG
2015-01-25 12:12 - 2015-01-25 12:12 - 0002086 _____ () C:\Users\Tammy\AppData\Roaming\WCDUDQK
2015-03-25 18:49 - 2015-03-25 18:49 - 0000000 _____ () C:\Users\Tammy\AppData\Local\.a852.db
2015-03-09 16:06 - 2015-03-09 16:06 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
2015-03-08 01:18 - 2015-03-08 01:18 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
2015-03-08 01:04 - 2015-03-08 01:04 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
2013-03-20 22:23 - 2014-12-25 17:54 - 0005312 _____ () C:\ProgramData\LMADEscan.log
 
Some content of TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.dll
C:\Users\Tammy\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.exe
C:\Users\Tammy\AppData\Local\Temp\A39437BA-EF23-7C17-A1D9-1FC617AF6386.exe
C:\Users\Tammy\AppData\Local\Temp\AutoRun.exe
C:\Users\Tammy\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Tammy\AppData\Local\Temp\drm_dyndata_7360010.dll
C:\Users\Tammy\AppData\Local\Temp\jue5DA9.exe
C:\Users\Tammy\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Tammy\AppData\Local\Temp\optsetup.exe
C:\Users\Tammy\AppData\Local\Temp\qEf67B8.exe
C:\Users\Tammy\AppData\Local\Temp\Quarantine.exe
C:\Users\Tammy\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Tammy\AppData\Local\Temp\SpOrder.dll
C:\Users\Tammy\AppData\Local\Temp\sqlite3.dll
C:\Users\Tammy\AppData\Local\Temp\supoptsetup.exe
C:\Users\Tammy\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Tammy\AppData\Local\Temp\TUp5A5F.exe
C:\Users\Tammy\AppData\Local\Temp\TUp7E82.exe
C:\Users\Tammy\AppData\Local\Temp\Uninstall.exe
C:\Users\Tammy\AppData\Local\Temp\uobnyv04ydl6.exe
C:\Users\Tammy\AppData\Local\Temp\wk0l85er.dll
C:\Users\Tammy\AppData\Local\Temp\{9CD7FDB1-A196-451D-B223-676E395BB779}-41.0.2272.89_40.0.2214.115_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-05 15:51
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:45 AM

Posted 26 March 2015 - 03:55 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Health Alert
    Internet Explorer Toolbar 4.7 by SweetPacks 
    MyPC Backup
    Optimizer Pro v3.2
    Strongvault Online Backup
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2
Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 FeedMeInfo

FeedMeInfo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 26 March 2015 - 07:36 PM

Hi,
 
Thanks for the help!
 
Took all the steps you gave me, and here are the logs:
 
 
# AdwCleaner v4.113 - Logfile created 26/03/2015 at 19:25:10
# Updated 22/03/2015 by Xplode
# Database : 2015-03-26.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Tammy - TAMMY-HP
# Running from : C:\Users\Tammy\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : BackupStack
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : qrnfd_1_10_0_9
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\1edfa1290000122f
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Tammy\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Tammy\AppData\Local\HealthAlert
Folder Deleted : C:\Users\Tammy\AppData\LocalLow\mystarttb
Folder Deleted : C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Tammy\Documents\Optimizer Pro
File Deleted : C:\Windows\SysWOW64\VCL.dll
File Deleted : C:\Users\Tammy\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Tammy\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Tammy\Desktop\Sync Folder.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystarttb.xml
 
***** [ Scheduled tasks ] *****
 
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\0e3f303b-a7a2-b70d-f155-b4789d1e9609
Key Deleted : HKLM\SOFTWARE\9a4ccb51-7fa7-49a3-9a08-f16ae543fcb1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{607B689F-7600-45E4-B8E5-887F72DAB15C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{607B689F-7600-45E4-B8E5-887F72DAB15C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0D4A4BC-F7CD-436E-B1FA-25637BA0F5BE}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\winservice86-nv
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\QuickRef_1.10.0.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
 
-\\ Google Chrome v41.0.2272.101
 
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319742&octid=EB_ORIGINAL_CTID&ISID=MFFAA0C0D-A3EB-4998-9EED-8267F8066AC8&SearchSource=58&CUI=&UM=8&UP=SP1E610C06-EAF6-4649-A2B6-1D9C1EDFB570&q={searchTerms}&D=032615&SSPV=
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-searching.com/search.aspx?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,&q={searchTerms}
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-searching.com/search.aspx?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,&q={searchTerms}
[C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www-searching.com/search.aspx?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [61838 bytes] - [19/10/2013 21:47:40]
AdwCleaner[R10].txt - [1941 bytes] - [21/12/2014 08:48:33]
AdwCleaner[R11].txt - [19924 bytes] - [25/03/2015 20:14:21]
AdwCleaner[R12].txt - [11416 bytes] - [26/03/2015 19:23:11]
AdwCleaner[R1].txt - [28185 bytes] - [23/07/2014 19:52:48]
AdwCleaner[R2].txt - [1235 bytes] - [23/07/2014 23:44:50]
AdwCleaner[R3].txt - [1263 bytes] - [23/07/2014 23:52:02]
AdwCleaner[R4].txt - [1324 bytes] - [24/07/2014 00:01:07]
AdwCleaner[R5].txt - [1444 bytes] - [24/07/2014 17:22:58]
AdwCleaner[R6].txt - [4170 bytes] - [30/07/2014 17:35:44]
AdwCleaner[R7].txt - [11021 bytes] - [26/09/2014 00:49:23]
AdwCleaner[R8].txt - [3437 bytes] - [21/12/2014 07:52:05]
AdwCleaner[R9].txt - [2157 bytes] - [21/12/2014 08:13:42]
AdwCleaner[S0].txt - [57975 bytes] - [19/10/2013 21:49:43]
AdwCleaner[S10].txt - [19941 bytes] - [25/03/2015 20:16:01]
AdwCleaner[S11].txt - [10582 bytes] - [26/03/2015 19:25:10]
AdwCleaner[S1].txt - [27619 bytes] - [23/07/2014 20:00:01]
AdwCleaner[S2].txt - [1301 bytes] - [23/07/2014 23:48:15]
AdwCleaner[S3].txt - [1385 bytes] - [24/07/2014 00:13:54]
AdwCleaner[S4].txt - [1505 bytes] - [24/07/2014 18:07:15]
AdwCleaner[S5].txt - [4303 bytes] - [30/07/2014 17:42:01]
AdwCleaner[S6].txt - [11119 bytes] - [26/09/2014 00:50:37]
AdwCleaner[S7].txt - [3299 bytes] - [21/12/2014 07:57:56]
AdwCleaner[S8].txt - [2230 bytes] - [21/12/2014 08:15:37]
AdwCleaner[S9].txt - [2002 bytes] - [21/12/2014 08:50:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [11176  bytes] ##########
 
 
 
====Malware=====
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/26/2015
Scan Time: 7:36:09 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.03.26.07
Rootkit Database: v2015.03.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tammy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 465414
Time Elapsed: 40 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.HealthAlert.A, C:\ProgramData\owCxlB\qbusXPWDHm.exe, 4168, Delete-on-Reboot, [dc43d57511796bcb69bcfa0871917987]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.HealthAlert.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qbusXPWDHm, Quarantined, [dc43d57511796bcb69bcfa0871917987], 
PUP.Optional.WinService.A, HKU\S-1-5-21-4081401466-2854415465-36764422-1001\SOFTWARE\winservice86-nv-ie, Quarantined, [63bc9ab01d6d0333a513a41649baa759], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 2
PUP.Optional.HealthAlert.A, C:\Users\Tammy\AppData\Local\HealthAlert, Quarantined, [66b98bbffa903bfba1d0339b05fee11f], 
PUP.Optional.MultiPlug.A, C:\Users\Tammy\AppData\Roaming\352D39B5-1427331462-0EA4-0CD7-101F741A5EB4, Quarantined, [c75873d7e1a91b1b8153d97322e35aa6], 
 
Files: 18
PUP.Optional.HealthAlert.A, C:\ProgramData\owCxlB\qbusXPWDHm.exe, Delete-on-Reboot, [dc43d57511796bcb69bcfa0871917987], 
PUP.Optional.HealthAlert.A, C:\ProgramData\owCxlB\dat\DMVnCOFvI.exe, Delete-on-Reboot, [a9764bff0f7b44f242e33fc38d75d52b], 
PUP.Optional.HealthAlert.A, C:\ProgramData\owCxlB\dat\FXzLcBArd.exe, Delete-on-Reboot, [120d0a4031590531071e18ea18ea748c], 
PUP.Optional.ZombieInvasion.A, C:\ProgramData\owCxlB\dat\MoehEM.dll, Delete-on-Reboot, [ae71f2587713d5613c64d511e42120e0], 
PUP.Optional.Nova.A, C:\Program Files (x86)\5c3e877c-03e4-46ff-8b8c-ccd0f16063bd\79bdfb5a-23a7-48ae-a012-fa52cd7396c5.dll, Quarantined, [cb54a8a2167460d69f341eeeee14ba46], 
PUP.Optional.Nova.A, C:\Program Files (x86)\Adobe\1b554ee5-952e-422e-bf7b-6c346722317d.dll, Quarantined, [cd524109deac072f8152db3109f932ce], 
PUP.Optional.OptimizerPro, C:\$Recycle.Bin\S-1-5-21-4081401466-2854415465-36764422-1001\$RDYYA93.64\OptProSmartScan.exe, Quarantined, [67b89ab0c7c3af87d3d31b3929d8966a], 
Trojan.Downloader, C:\Users\Tammy\AppData\Local\Temp\nsz5B11.tmp, Quarantined, [7fa0e862008a74c22495b171b94ab44c], 
PUP.Optional.Bundle, C:\Users\Tammy\AppData\Local\Temp\nsz5B12.tmp, Quarantined, [2ff0f852078362d49090a149fe07619f], 
PUP.Optional.VCL.A, C:\Windows\Temp\VCL.log, Quarantined, [71ae54f61e6cd3634cd7fdb7f013c838], 
PUP.Optional.VCL.A, C:\Users\Tammy\AppData\Local\Temp\VCLR.ini.log, Quarantined, [4dd2b2982565e35331f30da73dc69e62], 
PUP.Optional.VCL.A, C:\Users\Tammy\AppData\Local\Temp\VCLr.log, Quarantined, [1c03cf7b6c1ee45279accce837cc1ae6], 
PUP.Optional.VCL.A, C:\Windows\Temp\VCLr.log, Quarantined, [b66958f25a3068ce53d2e5cfae55b54b], 
PUP.Optional.VCL.A, C:\Windows\System32\VCLOff.ini, Quarantined, [3ae5ee5c6c1ee353a5810fa504ff3fc1], 
PUP.Optional.VCL.A, C:\Windows\SysWOW64\VCLOff.ini, Quarantined, [829dfb4f0f7b43f3a680f0c4669db947], 
PUP.Optional.HealthAlert.A, C:\Users\Tammy\AppData\Local\HealthAlert\data2.dat, Quarantined, [66b98bbffa903bfba1d0339b05fee11f], 
PUP.Optional.MultiPlug.A, C:\Users\Tammy\AppData\Roaming\352D39B5-1427331462-0EA4-0CD7-101F741A5EB4\vnsp8BA3.tmp, Quarantined, [c75873d7e1a91b1b8153d97322e35aa6], 
PUP.Optional.MultiPlug.A, C:\Users\Tammy\AppData\Roaming\352D39B5-1427331462-0EA4-0CD7-101F741A5EB4\Uninstall.exe, Quarantined, [c75873d7e1a91b1b8153d97322e35aa6], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
====FRST===
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Tammy (administrator) on TAMMY-HP on 26-03-2015 20:32:36
Running from C:\Users\Tammy\Desktop
Loaded Profiles: Tammy (Available profiles: Tammy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
() C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth\nmy2yzhxogswbth.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
(Google Inc.) C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-09-11] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-09-24] (IDT, Inc.)
HKLM\...\Run: [LMADEmon] => C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-09-12] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [Google Update] => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-25] (Google Inc.)
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4081401466-2854415465-36764422-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-25] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-12-17] (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-25] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-12-17] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-06-21] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-06-21] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-11-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-11-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4081401466-2854415465-36764422-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4081401466-2854415465-36764422-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF Extension: 158d7cb370394a758e0b3bd0a464edd2 - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2} [2014-12-10]
FF Extension: cd61737567434ee8bac4fbf10f35729e - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2015-03-25]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-09-17]
FF HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,
CHR StartupUrls: Default -> "hxxp://www-searching.com/?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-09-25]
CHR Extension: (Google Cast) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-25]
CHR Extension: (Netflix) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-01-25]
CHR Extension: (Yahoo!) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfkbfjcbkhnmiignagpkiijohkcdkffb [2015-03-25]
CHR Extension: (Pin It Button) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-20] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-09-12] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
S2 MediaDevSrv; "C:\ProgramData\MediaDev\1400194695\mediadev.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 aswSP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 kxtbmjwb; \??\C:\Windows\system32\drivers\kxtbmjwb.sys [X]
S2 SPDRIVER_1.39.1.1655; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.39.1.1655\jsdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 19:25 - 2015-03-26 19:25 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-03-26 19:22 - 2015-03-26 19:21 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-26 19:22 - 2015-03-23 14:28 - 02168320 _____ () C:\Users\Tammy\Desktop\AdwCleaner.exe
2015-03-26 19:09 - 2015-03-26 19:09 - 00000000 __SHD () C:\AI_RecycleBin
2015-03-26 18:19 - 2015-03-26 19:32 - 00001264 _____ () C:\Users\Tammy\Desktop\Revo Uninstaller.lnk
2015-03-26 18:19 - 2015-03-26 19:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-26 18:19 - 2015-03-26 18:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tammy\Desktop\revosetup.exe
2015-03-25 22:22 - 2015-03-26 20:33 - 00024085 _____ () C:\Users\Tammy\Desktop\FRST.txt
2015-03-25 22:22 - 2015-03-25 22:23 - 00048075 _____ () C:\Users\Tammy\Desktop\Addition.txt
2015-03-25 22:20 - 2015-03-26 20:32 - 00000000 ____D () C:\FRST
2015-03-25 22:19 - 2015-03-25 22:17 - 05615749 _____ (Swearware) C:\Users\Tammy\Desktop\ComboFix.exe
2015-03-25 22:19 - 2015-03-25 22:17 - 02095616 _____ (Farbar) C:\Users\Tammy\Desktop\FRST64.exe
2015-03-25 22:07 - 2015-03-25 22:07 - 00014557 _____ () C:\Users\Tammy\Desktop\hijackthis.log
2015-03-25 21:50 - 2015-03-25 22:04 - 00000000 ____D () C:\Users\Tammy\Desktop\backups
2015-03-25 21:31 - 2015-03-25 21:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tammy\Desktop\HijackThis.exe
2015-03-25 21:12 - 2015-03-25 21:12 - 00000000 ____D () C:\ProgramData\c07c07600005650
2015-03-25 21:07 - 2015-03-26 20:18 - 00000000 ____D () C:\ProgramData\owCxlB
2015-03-25 21:07 - 2015-03-25 21:07 - 01020964 _____ () C:\Users\Tammy\Downloads\Unconfirmed 586426.crdownload
2015-03-25 20:44 - 2015-03-25 20:47 - 00000000 ____D () C:\ProgramData\EmailNotifier
2015-03-25 20:36 - 2015-03-25 20:36 - 00000000 ____D () C:\Program Files (x86)\5c3e877c-03e4-46ff-8b8c-ccd0f16063bd
2015-03-25 20:35 - 2015-03-26 19:26 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForTammy.job
2015-03-25 20:35 - 2015-03-26 18:24 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTammy
2015-03-25 20:16 - 2015-03-25 20:16 - 00000000 _____ () C:\F5C5.tmp
2015-03-25 20:13 - 2015-03-25 20:13 - 02168320 _____ () C:\Users\Tammy\Downloads\adwcleaner_4.113.exe
2015-03-25 20:08 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Tammy\AppData\Local\352D39B5-1427314108-0EA4-0CD7-101F741A5EB4
2015-03-25 19:53 - 2015-03-25 19:53 - 00000000 _____ () C:\Users\Tammy\AppData\Roaming\1.txt
2015-03-25 18:49 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\sEaXjva
2015-03-25 18:49 - 2015-03-25 18:49 - 00003238 _____ () C:\Windows\System32\Tasks\KA3T8ddWS5BclMs
2015-03-25 18:49 - 2015-03-25 18:49 - 00000000 _____ () C:\Users\Tammy\AppData\Local\.a852.db
2015-03-25 18:48 - 2015-03-25 18:48 - 00003282 _____ () C:\Windows\System32\Tasks\wBgZP6WkEJKDRg0
2015-03-25 18:47 - 2015-03-25 21:27 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\uJrqmCT
2015-03-25 18:46 - 2015-03-25 18:46 - 00003240 _____ () C:\Windows\System32\Tasks\zeyvubCcQVGK49w
2015-03-25 18:44 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\YsV1bts
2015-03-25 18:40 - 2015-03-26 20:19 - 00001340 _____ () C:\Windows\Tasks\WCDUDQK.job
2015-03-25 18:40 - 2015-03-25 18:40 - 00004366 _____ () C:\Windows\System32\Tasks\WCDUDQK
2015-03-25 18:40 - 2015-01-28 23:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-25 18:40 - 2015-01-28 23:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-25 18:40 - 2015-01-28 23:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-25 18:40 - 2015-01-28 23:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-25 18:40 - 2015-01-28 23:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-25 18:40 - 2015-01-28 23:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-25 18:40 - 2015-01-28 23:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-25 18:40 - 2015-01-28 23:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-25 18:40 - 2015-01-28 23:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-25 18:40 - 2015-01-28 23:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-25 18:40 - 2015-01-28 22:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-25 18:39 - 2015-03-26 20:19 - 00001336 _____ () C:\Windows\Tasks\ACHGF.job
2015-03-25 18:39 - 2015-03-25 18:39 - 00004362 _____ () C:\Windows\System32\Tasks\ACHGF
2015-03-25 18:39 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-25 18:39 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-25 18:39 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-25 18:39 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-25 18:38 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-25 18:38 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-25 18:38 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-25 18:38 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-25 18:38 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-25 18:38 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-25 18:38 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-25 18:38 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-25 18:38 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-25 18:38 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-25 18:38 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-25 18:38 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-25 18:38 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-25 18:38 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-25 18:37 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-25 18:37 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-25 18:37 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-25 18:37 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-25 18:37 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-25 18:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-25 18:37 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-25 18:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-25 18:37 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-25 18:37 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-25 18:37 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-25 18:37 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-25 18:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-25 18:37 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-25 18:37 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-25 18:37 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-25 18:37 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-25 18:37 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-25 18:37 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-25 18:37 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-25 18:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-25 18:37 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-25 18:37 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-25 18:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-25 18:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-25 18:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-25 18:37 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-25 18:37 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-25 18:37 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-25 18:37 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-25 18:37 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-25 18:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-25 18:37 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-25 18:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-25 18:37 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-25 18:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-25 18:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-25 18:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-25 18:37 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-25 18:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-25 18:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-25 18:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-25 18:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-25 18:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-25 18:37 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-25 18:37 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-25 18:37 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-25 18:37 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-25 18:37 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-25 18:37 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-25 18:36 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-25 18:36 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-25 18:36 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-25 18:36 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-25 18:36 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-25 18:36 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-25 18:36 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-25 18:36 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-25 18:36 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-25 18:36 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-25 18:36 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-25 18:36 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-25 18:36 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-25 18:25 - 2015-03-25 19:14 - 00002295 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-25 14:52 - 2015-03-25 14:52 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-03-25 14:52 - 2015-03-25 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-03-25 14:52 - 2015-03-25 14:52 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
2015-03-09 16:06 - 2015-03-09 16:06 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
2015-03-09 09:47 - 2015-03-09 12:31 - 00000000 ____D () C:\ProgramData\{55665be6-7d66-9ea4-5566-65be67d66f99}
2015-03-09 09:44 - 2015-03-09 09:44 - 00003592 _____ () C:\Windows\System32\Tasks\SMWUpd
2015-03-09 09:43 - 2015-03-09 09:43 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashRpt
2015-03-08 14:53 - 2015-03-25 21:00 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-03-08 14:53 - 2015-03-25 14:50 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-03-08 01:18 - 2015-03-08 01:18 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
2015-03-08 01:04 - 2015-03-08 01:04 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
2015-03-08 01:03 - 2015-03-08 14:52 - 00000000 ____D () C:\ProgramData\Optimizer
2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Users\Tammy\Documents\DreamVideoSoft
2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-03-08 00:56 - 2015-03-08 00:56 - 00435720 _____ (InstallerTech Corp) C:\Users\Tammy\Downloads\Setup (2).exe
2015-03-08 00:49 - 2015-03-25 19:19 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-08 00:20 - 2015-03-08 00:20 - 00003262 _____ () C:\Windows\System32\Tasks\GlobalUpdate-nmy2yzhxogswbth
2015-03-08 00:20 - 2015-03-08 00:20 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth
2015-03-08 00:18 - 2015-03-25 21:00 - 00000000 ____D () C:\ProgramData\81d19778c51c4881a7eae8f07044d0be
2015-03-08 00:18 - 2015-03-25 19:23 - 00000000 ____D () C:\ProgramData\0d4294919c9a4941ba7cc97f91f909a5
2015-03-08 00:18 - 2015-03-08 00:18 - 00003558 _____ () C:\Windows\System32\Tasks\DPTDYGCK
2015-03-08 00:16 - 2015-03-08 00:16 - 00637440 _____ () C:\Users\Tammy\Downloads\UH.Hack.v1.18.1__4024_il943.exe
2015-03-08 00:16 - 2015-03-08 00:16 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Geckofx
2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\QsMttiv
2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\nO1cZpN
2015-03-08 00:14 - 2015-03-08 00:14 - 00000000 ____D () C:\ProgramData\atjs
2015-03-08 00:11 - 2015-03-25 19:43 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\OAS
2015-03-08 00:11 - 2015-03-08 00:11 - 00657920 _____ () C:\Users\Tammy\Downloads\Installer11__7934_il13539.exe
2015-03-07 15:42 - 2015-03-07 15:43 - 00435416 _____ (InstallerTech Corp) C:\Users\Tammy\Downloads\Setup (1).exe
2015-03-06 20:31 - 2015-03-25 14:52 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-03-06 20:31 - 2015-03-25 14:52 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-03-06 20:31 - 2015-03-06 20:31 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-03 16:02 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 16:02 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 16:02 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 16:02 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 13:09 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 13:09 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 20:30 - 2013-10-04 15:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 20:27 - 2009-07-14 01:13 - 00783532 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 20:27 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 20:27 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 20:25 - 2014-03-05 21:48 - 01200721 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 20:20 - 2014-07-24 16:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 20:19 - 2014-12-21 06:06 - 00637572 _____ () C:\Windows\PFRO.log
2015-03-26 20:19 - 2014-12-21 06:06 - 00008707 _____ () C:\Windows\setupact.log
2015-03-26 20:19 - 2013-02-03 16:41 - 00000414 _____ () C:\Windows\Tasks\Quick PC Booster64 startups.job
2015-03-26 20:19 - 2013-02-03 16:40 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2015-03-26 20:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 20:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-03-26 20:17 - 2013-04-02 12:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-26 19:55 - 2012-12-24 03:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 19:34 - 2014-07-24 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-26 19:34 - 2014-07-24 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-26 19:34 - 2013-10-19 23:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-26 19:26 - 2014-05-15 18:52 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-03-26 19:25 - 2013-10-19 21:47 - 00000000 ____D () C:\AdwCleaner
2015-03-26 19:24 - 2012-08-07 20:54 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D75D12E0-FDDE-4CAB-898C-0D9BCC45FE94}
2015-03-26 18:17 - 2009-07-14 00:45 - 00302136 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-25 23:55 - 2013-01-14 17:47 - 00776146 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-25 23:49 - 2013-07-24 16:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-25 23:45 - 2012-08-30 14:10 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-25 22:24 - 2012-12-04 14:42 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTAMMY-HP$
2015-03-25 22:24 - 2012-12-04 14:42 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTAMMY-HP$.job
2015-03-25 21:31 - 2012-08-07 20:44 - 00000000 ____D () C:\Users\Tammy\AppData\Local\VirtualStore
2015-03-25 21:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SchCache
2015-03-25 21:26 - 2012-08-08 11:40 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashDumps
2015-03-25 21:00 - 2014-02-24 00:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-25 20:38 - 2013-09-16 13:50 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Mozilla
2015-03-25 20:11 - 2013-09-30 11:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-25 19:04 - 2013-09-30 17:02 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-25 19:04 - 2012-08-07 20:54 - 00001073 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:25 - 2014-07-23 18:33 - 00001106 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:25 - 2013-10-04 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 06:15 - 2014-07-24 16:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-24 16:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-10-19 23:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 16:43 - 2015-01-25 20:32 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core.job
2015-03-09 16:29 - 2012-08-07 20:43 - 00000000 ____D () C:\Users\Tammy
2015-03-08 00:36 - 2013-01-14 17:47 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\SoftGrid Client
2015-03-06 20:31 - 2012-08-14 15:56 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Adobe
2015-03-04 16:03 - 2012-08-09 16:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-24 04:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2015-03-25 19:53 - 2015-03-25 19:53 - 0000000 _____ () C:\Users\Tammy\AppData\Roaming\1.txt
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
2015-01-25 12:12 - 2015-01-25 12:12 - 0001248 _____ () C:\Users\Tammy\AppData\Roaming\AUSAMRFZ
2014-09-16 16:45 - 2014-09-26 00:45 - 0000065 _____ () C:\Users\Tammy\AppData\Roaming\WB.CFG
2015-01-25 12:12 - 2015-01-25 12:12 - 0002086 _____ () C:\Users\Tammy\AppData\Roaming\WCDUDQK
2015-03-25 18:49 - 2015-03-25 18:49 - 0000000 _____ () C:\Users\Tammy\AppData\Local\.a852.db
2015-03-09 16:06 - 2015-03-09 16:06 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
2015-03-08 01:18 - 2015-03-08 01:18 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
2015-03-08 01:04 - 2015-03-08 01:04 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
2013-03-20 22:23 - 2014-12-25 17:54 - 0005312 _____ () C:\ProgramData\LMADEscan.log
 
Some content of TEMP:
====================
C:\Users\Tammy\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.dll
C:\Users\Tammy\AppData\Local\Temp\20BDA0D1-E5D6-6D09-FA05-A27BA825C086.exe
C:\Users\Tammy\AppData\Local\Temp\A39437BA-EF23-7C17-A1D9-1FC617AF6386.exe
C:\Users\Tammy\AppData\Local\Temp\AutoRun.exe
C:\Users\Tammy\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Tammy\AppData\Local\Temp\drm_dyndata_7360010.dll
C:\Users\Tammy\AppData\Local\Temp\jue5DA9.exe
C:\Users\Tammy\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Tammy\AppData\Local\Temp\optsetup.exe
C:\Users\Tammy\AppData\Local\Temp\qEf67B8.exe
C:\Users\Tammy\AppData\Local\Temp\Quarantine.exe
C:\Users\Tammy\AppData\Local\Temp\ShopperProJSINJFull.exe
C:\Users\Tammy\AppData\Local\Temp\SpOrder.dll
C:\Users\Tammy\AppData\Local\Temp\sqlite3.dll
C:\Users\Tammy\AppData\Local\Temp\supoptsetup.exe
C:\Users\Tammy\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Tammy\AppData\Local\Temp\TUp5A5F.exe
C:\Users\Tammy\AppData\Local\Temp\TUp7E82.exe
C:\Users\Tammy\AppData\Local\Temp\uobnyv04ydl6.exe
C:\Users\Tammy\AppData\Local\Temp\wk0l85er.dll
C:\Users\Tammy\AppData\Local\Temp\{9CD7FDB1-A196-451D-B223-676E395BB779}-41.0.2272.89_40.0.2214.115_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 22:58
 
==================== End Of Log ============================
 
 
 
==ADDN===
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Tammy at 2015-03-26 20:33:25
Running from C:\Users\Tammy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ChromecastApp (HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{4741965C-AFD0-4D00-81D1-1039F96D4DC3}) (Version: 5.3.0.273 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 38 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.380 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark S310 Series Uninstaller (HKLM\...\Lexmark S310 Series) (Version:  - Lexmark International, Inc.)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.2600 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software Informer 1.3.1068.0 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27252 - TeamViewer)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.11 - Earth Networks, Inc.)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4081401466-2854415465-36764422-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4081401466-2854415465-36764422-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4081401466-2854415465-36764422-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
28-02-2015 20:39:09 Windows Update
04-03-2015 16:02:44 Windows Update
05-03-2015 15:51:46 Windows Update
09-03-2015 09:53:15 Windows Update
25-03-2015 18:31:46 Windows Update
25-03-2015 23:43:13 Windows Update
26-03-2015 18:25:37 Revo Uninstaller's restore point - Eppink
26-03-2015 18:28:25 Revo Uninstaller's restore point - ESET Online Scanner v3
26-03-2015 18:39:25 Revo Uninstaller's restore point - Health Alert
26-03-2015 18:40:57 Revo Uninstaller's restore point - Health Alert
26-03-2015 18:41:56 Revo Uninstaller's restore point - Lucky Savings Widget
26-03-2015 18:43:44 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.7 by SweetPacks
26-03-2015 18:44:47 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.7 by SweetPacks
26-03-2015 18:52:25 Revo Uninstaller's restore point - Optimizer Pro v3.2
26-03-2015 19:03:26 Revo Uninstaller's restore point - SySaver
26-03-2015 19:07:44 Revo Uninstaller's restore point - Strongvault Online Backup
26-03-2015 19:14:11 Revo Uninstaller's restore point - TopArcadeHits
26-03-2015 19:16:20 Revo Uninstaller's restore point - Visual Studio 2012 x86 Redistributables
26-03-2015 19:17:41 Revo Uninstaller's restore point - Word Layers
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-09-30 17:37 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01F72844-05E6-4B79-AA5C-F56B451BF140} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {057223D6-9F81-4611-8A28-CEBC99680159} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {0E5D4165-9304-4FE2-98F1-3E675B321020} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0EADCAD3-A743-4AC4-90A9-05AC3F1F5C00} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {220B330A-55BA-41AE-AC2D-1034B4AC805F} - \Feven 1.7-enabler No Task File <==== ATTENTION
Task: {23C429F0-8BF3-4342-8088-F77445780289} - \SMW_UpdateTask_Time_323939383938373931372d3755556c415a505757414a34 No Task File <==== ATTENTION
Task: {2AC1503B-E256-48FD-A158-85A71EA0C0E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {2BC60FAD-4D3E-4C06-9BBB-740158B1558A} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {32FC86D4-D5B5-4823-82BA-66C41845A4D6} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe ,Command701 update2 <==== ATTENTION
Task: {3449CE58-61C6-4584-9AD3-A8B440903483} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {34F643C2-C2F3-48FA-B39F-32FEF7F9666D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-02-11] (Microsoft)
Task: {389EDA18-BE07-443D-85B9-6505EB147764} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-6 No Task File <==== ATTENTION
Task: {3D683F52-942F-4201-9CE8-77C4B449B7A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001UA => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {4259F6F8-949D-4BD0-BEE6-CD68D05A14A6} - System32\Tasks\HPCeeScheduleForTAMMY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4CEB3C6A-C0C4-48E8-B5AD-B70B97D8DBED} - System32\Tasks\wBgZP6WkEJKDRg0 => C:\Users\Tammy\AppData\Roaming\uJrqmCT\I5T2JTP.exe [2015-03-25] ( )
Task: {4D61C6EE-EA69-4D11-98D4-C5EABF611424} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {4EF90CB4-DFC0-4AE9-9D78-6719D96C2439} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {51375283-7463-45CA-BCBC-B2D5CA54775C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {53541BD2-4B7B-452A-A8AC-20C50E7594BD} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-4 No Task File <==== ATTENTION
Task: {5905FCD1-F2A4-4AAD-82D0-A12DE9ECF0EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5978928D-B451-4E70-907B-49D40F4AF1E8} - \Microsoft\Windows\Maintenance\Advanced IC Updating No Task File <==== ATTENTION
Task: {5F3602B7-5453-45DD-B2F7-70115D4D505F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {611D1ACA-823F-4EFB-99F9-113E22B28AB6} - \Feven 1.7-updater No Task File <==== ATTENTION
Task: {62895D6A-3E84-4E3A-AC11-78CE24FD7C6D} - \LyricsMonkey-1-updater No Task File <==== ATTENTION
Task: {6527549B-9BF1-4EEB-9CC2-A80976E99C3D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4081401466-2854415465-36764422-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6755E6E6-BAFA-4ACF-81A8-E393CC995084} - \SuperLyrics-1-enabler No Task File <==== ATTENTION
Task: {684E0632-8DB3-4DE0-9924-CF20D2DE9CE5} - \Updater19962.exe No Task File <==== ATTENTION
Task: {6A0ED1A5-A94F-4C1C-BBA4-9410A2B3F2C1} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-2 No Task File <==== ATTENTION
Task: {6B5693E1-5BC7-4FC9-90A0-DD25AB7C7CC6} - System32\Tasks\KA3T8ddWS5BclMs => C:\Users\Tammy\AppData\Roaming\sEaXjva\nUtyjRK.exe [2015-03-25] ( )
Task: {79F8B4C7-FA5A-4483-AB2F-19707AB3065A} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-3 No Task File <==== ATTENTION
Task: {7CC4D123-C92D-495C-B4F8-F06CA4ADD33C} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-5 No Task File <==== ATTENTION
Task: {812978DE-EEC0-43A9-86A2-58DE0E69DE1F} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-7 No Task File <==== ATTENTION
Task: {8232E0CA-C3CD-4921-8F4A-F9A695B319F0} - System32\Tasks\zeyvubCcQVGK49w => C:\Users\Tammy\AppData\Roaming\YsV1bts\4Zf2kj6.exe [2015-03-25] ( )
Task: {83FA2618-1317-40BA-B6DD-9F85A0AD0166} - \LyricsMonkey-1-codedownloader No Task File <==== ATTENTION
Task: {8678FD49-B557-461F-8FEB-0BA24B20EB4C} - \SPBIW_UpdateTask_Time_323939383938373931372d3755556c415a505757414a34 No Task File <==== ATTENTION
Task: {8A9FFB05-5019-49C4-908E-DE03A18BDC8C} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2014-03-19] (Informer Technologies, Inc.)
Task: {954066E3-1F37-4302-8C06-5E24C753247A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {972D071D-48AE-40CA-AA1F-098B5FB33947} - System32\Tasks\ACHGF => C:\Users\Tammy\AppData\Roaming\ACHGF.exe <==== ATTENTION
Task: {A5CD1F55-DD36-414F-8C16-14CE397FD4DA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4081401466-2854415465-36764422-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {AB4FFAF4-9E5B-47CA-BA66-4CCFFA1A4C63} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B0A7B39A-D1FE-4275-8871-BD41FC8D8005} - \LyricsMonkey-1-enabler No Task File <==== ATTENTION
Task: {B294F755-AA50-41E4-BDD1-0B123A06E590} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe ,Command701 update3 <==== ATTENTION
Task: {B3308E2D-25A5-4682-B40A-C4E2D0653724} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-1 No Task File <==== ATTENTION
Task: {B5053B09-6257-4131-8CFC-3F06DA74EDE2} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe <==== ATTENTION
Task: {B71FEE58-C00C-4FC4-957A-EA5CABB31DF1} - \Feven 1.7-codedownloader No Task File <==== ATTENTION
Task: {BE1C142D-1AC0-46A2-AE03-8E4978BBB05C} - \Special IC Runner No Task File <==== ATTENTION
Task: {C0C63456-84E9-464A-AD34-C884E84BB543} - \FF Watcher {E92C7F88-1EBC-4E08-B27E-0F1F315938AA} No Task File <==== ATTENTION
Task: {C13FA52C-E5F3-407F-89B7-62138EDE234F} - System32\Tasks\DPTDYGCK => C:\ProgramData\81d19778c51c4881a7eae8f07044d0be\81d19778c51c4881a7eae8f07044d0be.exe
Task: {C506FA87-34A4-47FC-943B-2143ADCE8DA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {CD3B5820-7FE6-4907-9ACB-F24C163058CA} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {D7DE6B63-0A11-4139-B403-7468A20C20F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: {D82E7FEB-6A2B-4B48-BB5C-763CC09051C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D94C612C-473E-45C1-A972-99245BBC8993} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {DCCD6C62-AC7B-4424-816F-B411AE4440E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {DE69168A-91E2-42BF-BFD5-45589E2A187D} - System32\Tasks\GlobalUpdate-nmy2yzhxogswbth => C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth\nmy2yzhxogswbth.exe [2015-03-06] () <==== ATTENTION
Task: {E42930ED-93EF-4A99-B16E-20356C21AC51} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {E449361E-F22D-4804-BB0C-CC77FED21AF6} - System32\Tasks\HPCeeScheduleForTammy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E4515D07-C378-417F-B9DC-FD4E9C26150B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: {E97D66CD-A626-4C7A-B360-80C9700B39C1} - System32\Tasks\WCDUDQK => C:\Users\Tammy\AppData\Roaming\WCDUDQK.exe <==== ATTENTION
Task: {FFC98389-5A5E-4C3A-A220-8CC4EA93CB5F} - \SuperLyrics-1-codedownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\ACHGF.job => C:\Users\Tammy\AppData\Roaming\ACHGF.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001UA.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTAMMY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTammy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
Task: C:\Windows\Tasks\WCDUDQK.job => C:\Users\Tammy\AppData\Roaming\WCDUDQK.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-03-06 23:04 - 2015-03-06 23:04 - 01016320 _____ () C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth\nmy2yzhxogswbth.exe
2011-09-27 09:52 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-12-18 03:02 - 2012-09-07 06:40 - 00952496 _____ () C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
2010-06-24 05:21 - 2010-06-24 05:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-02-12 23:58 - 2014-02-12 23:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-30 17:25 - 2013-05-16 13:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-30 17:25 - 2013-05-16 13:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-30 17:25 - 2013-05-16 13:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-30 17:25 - 2012-08-23 13:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-30 17:25 - 2012-04-03 20:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-12-18 03:02 - 2012-08-22 10:05 - 01490944 _____ () C:\Program Files (x86)\Lexmark S310 Series\lmabdrs.dll
2014-10-16 11:12 - 2014-10-16 11:12 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-09-27 09:51 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 05:19 - 2010-06-24 05:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2015-03-25 19:13 - 2015-03-14 06:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-25 19:13 - 2015-03-14 06:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-25 19:13 - 2015-03-14 06:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-25 19:13 - 2015-03-14 06:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts.lnk => C:\Windows\pss\Severe Weather Alerts.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: ConduitFloatingPlugin_jccpjpmiegdnbmbnaiaicnaakpacgbdi => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tammy\AppData\Local\Temp\CT3279414\plugins\TBVerifier.dll",RunConduitFloatingPlugin jccpjpmiegdnbmbnaiaicnaakpacgbdi
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\FileKiddo Download Manager\fdm.exe" -autorun
MSCONFIG\startupreg: Gameo => C:\Users\Tammy\AppData\Roaming\Gameo\gameo.exe "C:\Users\Tammy\AppData\Roaming\Gameo\gameo.dat" mode:minimized
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LMab1err => "C:\Program Files\Lexmark\ErrorApp\LMab1err.exe"
MSCONFIG\startupreg: LMADEmon => "C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe
MSCONFIG\startupreg: V-bates => C:\Program Files\V-bates\notifier.exe
MSCONFIG\startupreg: WeatherBug => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4081401466-2854415465-36764422-500 - Administrator - Disabled)
Guest (S-1-5-21-4081401466-2854415465-36764422-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4081401466-2854415465-36764422-1002 - Limited - Enabled)
Tammy (S-1-5-21-4081401466-2854415465-36764422-1001 - Administrator - Enabled) => C:\Users\Tammy
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: SPDRIVER_1.39.1.1655
Description: SPDRIVER_1.39.1.1655
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SPDRIVER_1.39.1.1655
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/26/2015 08:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 07:26:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 07:09:06 PM) (Source: MsiInstaller) (EventID: 11721) (User: Tammy-HP)
Description: Product: Strongvault Online Backup -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: AI_UPDATER_UNINSTALL, location: C:\Program Files (x86)\Strongvault Online Backup\updater.exe, command: /clean silent
 
Error: (03/26/2015 07:05:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b64
 
Start Time: 01d06819172e7005
 
Termination Time: 0
 
Application Path: C:\Users\Tammy\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
Report Id: 9c208e7a-d40c-11e4-87ff-101f741a5eb4
 
Error: (03/26/2015 06:17:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/25/2015 11:00:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/25/2015 10:07:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/25/2015 09:29:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/25/2015 09:26:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Runner.exe, version: 0.0.0.0, time stamp: 0x54eb6db3
Faulting module name: Runner.exe, version: 0.0.0.0, time stamp: 0x54eb6db3
Exception code: 0xc0000005
Fault offset: 0x000047a4
Faulting process id: 0x2304
Faulting application start time: 0xRunner.exe0
Faulting application path: Runner.exe1
Faulting module path: Runner.exe2
Report Id: Runner.exe3
 
Error: (03/25/2015 09:25:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Runner.exe, version: 0.0.0.0, time stamp: 0x54eb6db3
Faulting module name: Runner.exe, version: 0.0.0.0, time stamp: 0x54eb6db3
Exception code: 0xc0000005
Fault offset: 0x000047a4
Faulting process id: 0x24a8
Faulting application start time: 0xRunner.exe0
Faulting application path: Runner.exe1
Faulting module path: Runner.exe2
Report Id: Runner.exe3
 
 
System errors:
=============
Error: (03/26/2015 08:19:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.39.1.1655 service failed to start due to the following error: 
%%3
 
Error: (03/26/2015 07:27:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error: 
%%1053
 
Error: (03/26/2015 07:27:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
 
Error: (03/26/2015 07:26:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SPDRIVER_1.39.1.1655 service failed to start due to the following error: 
%%3
 
Error: (03/26/2015 07:25:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/26/2015 07:25:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/26/2015 07:25:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/26/2015 07:25:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/26/2015 07:25:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/26/2015 07:25:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2015 08:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 07:26:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 07:09:06 PM) (Source: MsiInstaller) (EventID: 11721) (User: Tammy-HP)
Description: Product: Strongvault Online Backup -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: AI_UPDATER_UNINSTALL, location: C:\Program Files (x86)\Strongvault Online Backup\updater.exe, command: /clean silent (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (03/26/2015 07:05:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Au_.exe0.0.0.01b6401d06819172e70050C:\Users\Tammy\AppData\Local\Temp\~nsu.tmp\Au_.exe9c208e7a-d40c-11e4-87ff-101f741a5eb4
 
Error: (03/26/2015 06:17:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/25/2015 11:00:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (03/25/2015 10:07:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/25/2015 09:29:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/25/2015 09:26:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Runner.exe0.0.0.054eb6db3Runner.exe0.0.0.054eb6db3c0000005000047a4230401d06763dc952f9fC:\Users\Tammy\AppData\Local\C971B441-CB4C-9749-854D-5CC0EDF34782\Runner.exeC:\Users\Tammy\AppData\Local\C971B441-CB4C-9749-854D-5CC0EDF34782\Runner.exe1a441bdf-d357-11e4-856d-101f741a5eb4
 
Error: (03/25/2015 09:25:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Runner.exe0.0.0.054eb6db3Runner.exe0.0.0.054eb6db3c0000005000047a424a801d06763ca936fcfC:\Users\Tammy\AppData\Local\C971B441-CB4C-9749-854D-5CC0EDF34782\Runner.exeC:\Users\Tammy\AppData\Local\C971B441-CB4C-9749-854D-5CC0EDF34782\Runner.exe0844bd70-d357-11e4-856d-101f741a5eb4
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 4043.86 MB
Available physical RAM: 2135.97 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 5611.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:581.63 GB) (Free:470.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.25 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7ADEB7CE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=581.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================
 
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:45 AM

Posted 27 March 2015 - 04:18 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
    C:\Program Files (x86)\Driver Support
    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
    BootExecute: autocheck autochk * bootdelete
    GroupPolicy: Group Policy on Chrome detected 
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-4081401466-2854415465-36764422-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
    CHR HomePage: Default -> hxxp://www-searching.com/?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,
    CHR StartupUrls: Default -> "hxxp://www-searching.com/?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,"
    R2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
    C:\Program Files (x86)\Windows Network Accelerater
    S2 MediaDevSrv; "C:\ProgramData\MediaDev\1400194695\mediadev.exe" [X]
    C:\ProgramData\MediaDev
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S1 kxtbmjwb; \??\C:\Windows\system32\drivers\kxtbmjwb.sys [X]
    S2 SPDRIVER_1.39.1.1655; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.39.1.1655\jsdrv.sys [X]
    Task: {220B330A-55BA-41AE-AC2D-1034B4AC805F} - \Feven 1.7-enabler No Task File 
    Task: {23C429F0-8BF3-4342-8088-F77445780289} - \SMW_UpdateTask_Time_323939383938373931372d3755556c415a505757414a34 No Task File 
    Task: {2BC60FAD-4D3E-4C06-9BBB-740158B1558A} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe 
    Task: {32FC86D4-D5B5-4823-82BA-66C41845A4D6} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe ,Command701 update2 
    Task: {3449CE58-61C6-4584-9AD3-A8B440903483} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe 
    Task: {389EDA18-BE07-443D-85B9-6505EB147764} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-6 No Task File 
    Task: {4CEB3C6A-C0C4-48E8-B5AD-B70B97D8DBED} - System32\Tasks\wBgZP6WkEJKDRg0 => C:\Users\Tammy\AppData\Roaming\uJrqmCT\I5T2JTP.exe [2015-03-25] ( )
    Task: {53541BD2-4B7B-452A-A8AC-20C50E7594BD} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-4 No Task File 
    Task: {5978928D-B451-4E70-907B-49D40F4AF1E8} - \Microsoft\Windows\Maintenance\Advanced IC Updating No Task File 
    Task: {611D1ACA-823F-4EFB-99F9-113E22B28AB6} - \Feven 1.7-updater No Task File 
    Task: {62895D6A-3E84-4E3A-AC11-78CE24FD7C6D} - \LyricsMonkey-1-updater No Task File 
    Task: {6755E6E6-BAFA-4ACF-81A8-E393CC995084} - \SuperLyrics-1-enabler No Task File 
    Task: {684E0632-8DB3-4DE0-9924-CF20D2DE9CE5} - \Updater19962.exe No Task File 
    Task: {6A0ED1A5-A94F-4C1C-BBA4-9410A2B3F2C1} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-2 No Task File 
    Task: {6B5693E1-5BC7-4FC9-90A0-DD25AB7C7CC6} - System32\Tasks\KA3T8ddWS5BclMs => C:\Users\Tammy\AppData\Roaming\sEaXjva\nUtyjRK.exe [2015-03-25] ( )
    Task: {79F8B4C7-FA5A-4483-AB2F-19707AB3065A} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-3 No Task File 
    Task: {7CC4D123-C92D-495C-B4F8-F06CA4ADD33C} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-5 No Task File 
    Task: {812978DE-EEC0-43A9-86A2-58DE0E69DE1F} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-7 No Task File 
    Task: {8232E0CA-C3CD-4921-8F4A-F9A695B319F0} - System32\Tasks\zeyvubCcQVGK49w => C:\Users\Tammy\AppData\Roaming\YsV1bts\4Zf2kj6.exe [2015-03-25] ( )
    Task: {83FA2618-1317-40BA-B6DD-9F85A0AD0166} - \LyricsMonkey-1-codedownloader No Task File <==== ATTENTION
    Task: {8678FD49-B557-461F-8FEB-0BA24B20EB4C} - \SPBIW_UpdateTask_Time_323939383938373931372d3755556c415a505757414a34 No Task File 
    Task: {972D071D-48AE-40CA-AA1F-098B5FB33947} - System32\Tasks\ACHGF => C:\Users\Tammy\AppData\Roaming\ACHGF.exe 
    Task: {B0A7B39A-D1FE-4275-8871-BD41FC8D8005} - \LyricsMonkey-1-enabler No Task File 
    Task: {B294F755-AA50-41E4-BDD1-0B123A06E590} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe ,Command701 update3 
    Task: {B3308E2D-25A5-4682-B40A-C4E2D0653724} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-1 No Task File 
    Task: {B5053B09-6257-4131-8CFC-3F06DA74EDE2} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe 
    Task: {B71FEE58-C00C-4FC4-957A-EA5CABB31DF1} - \Feven 1.7-codedownloader No Task File 
    Task: {BE1C142D-1AC0-46A2-AE03-8E4978BBB05C} - \Special IC Runner No Task File 
    Task: {C0C63456-84E9-464A-AD34-C884E84BB543} - \FF Watcher {E92C7F88-1EBC-4E08-B27E-0F1F315938AA} No Task File 
    Task: {C13FA52C-E5F3-407F-89B7-62138EDE234F} - System32\Tasks\DPTDYGCK => C:\ProgramData\81d19778c51c4881a7eae8f07044d0be\81d19778c51c4881a7eae8f07044d0be.exe
    Task: {DE69168A-91E2-42BF-BFD5-45589E2A187D} - System32\Tasks\GlobalUpdate-nmy2yzhxogswbth => C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth\nmy2yzhxogswbth.exe [2015-03-06] () 
    Task: {E97D66CD-A626-4C7A-B360-80C9700B39C1} - System32\Tasks\WCDUDQK => C:\Users\Tammy\AppData\Roaming\WCDUDQK.exe 
    Task: {FFC98389-5A5E-4C3A-A220-8CC4EA93CB5F} - \SuperLyrics-1-codedownloader No Task File 
    Task: C:\Windows\Tasks\ACHGF.job => C:\Users\Tammy\AppData\Roaming\ACHGF.exe 
    Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe 
    Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: C:\Windows\Tasks\WCDUDQK.job => C:\Users\Tammy\AppData\Roaming\WCDUDQK.exe 
    C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth
    AlternateDataStreams: C:\ProgramData\Temp:373E1720
    C:\Users\Tammy\AppData\Roaming\WCDUDQK.exe 
    C:\Users\Tammy\AppData\Roaming\ACHGF.exe 
    C:\ProgramData\81d19778c51c4881a7eae8f07044d0be
    C:\Users\Tammy\AppData\Local\IdleCrawler
    C:\Users\Tammy\AppData\Roaming\YsV1bts
    C:\Users\Tammy\AppData\Roaming\sEaXjva
    C:\Users\Tammy\AppData\Roaming\uJrqmCT
    C:\Program Files\PC Optimizer Pro
    C:\Program Files\Common Files\Goobzo
    CreateRestorePoint:
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 FeedMeInfo

FeedMeInfo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 27 March 2015 - 01:30 PM

Hi there, Jürgen,

Thanks again for the help! Here are the requested files:

 

FixLog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Tammy at 2015-03-27 14:12:29 Run:1
Running from C:\Users\Tammy\Desktop
Loaded Profiles: Tammy (Available profiles: Tammy & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
C:\Program Files (x86)\Driver Support
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4081401466-2854415465-36764422-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
CHR HomePage: Default -> hxxp://www-searching.com/?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,
CHR StartupUrls: Default -> "hxxp://www-searching.com/?s=F39ztutdk0003,38b13e07-4ceb-4083-822a-41c5060f0315,"
R2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
C:\Program Files (x86)\Windows Network Accelerater
S2 MediaDevSrv; "C:\ProgramData\MediaDev\1400194695\mediadev.exe" [X]
C:\ProgramData\MediaDev
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 kxtbmjwb; \??\C:\Windows\system32\drivers\kxtbmjwb.sys [X]
S2 SPDRIVER_1.39.1.1655; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.39.1.1655\jsdrv.sys [X]
Task: {220B330A-55BA-41AE-AC2D-1034B4AC805F} - \Feven 1.7-enabler No Task File 
Task: {23C429F0-8BF3-4342-8088-F77445780289} - \SMW_UpdateTask_Time_323939383938373931372d3755556c415a505757414a34 No Task File 
Task: {2BC60FAD-4D3E-4C06-9BBB-740158B1558A} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe 
Task: {32FC86D4-D5B5-4823-82BA-66C41845A4D6} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe ,Command701 update2 
Task: {3449CE58-61C6-4584-9AD3-A8B440903483} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe 
Task: {389EDA18-BE07-443D-85B9-6505EB147764} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-6 No Task File 
Task: {4CEB3C6A-C0C4-48E8-B5AD-B70B97D8DBED} - System32\Tasks\wBgZP6WkEJKDRg0 => C:\Users\Tammy\AppData\Roaming\uJrqmCT\I5T2JTP.exe [2015-03-25] ( )
Task: {53541BD2-4B7B-452A-A8AC-20C50E7594BD} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-4 No Task File 
Task: {5978928D-B451-4E70-907B-49D40F4AF1E8} - \Microsoft\Windows\Maintenance\Advanced IC Updating No Task File 
Task: {611D1ACA-823F-4EFB-99F9-113E22B28AB6} - \Feven 1.7-updater No Task File 
Task: {62895D6A-3E84-4E3A-AC11-78CE24FD7C6D} - \LyricsMonkey-1-updater No Task File 
Task: {6755E6E6-BAFA-4ACF-81A8-E393CC995084} - \SuperLyrics-1-enabler No Task File 
Task: {684E0632-8DB3-4DE0-9924-CF20D2DE9CE5} - \Updater19962.exe No Task File 
Task: {6A0ED1A5-A94F-4C1C-BBA4-9410A2B3F2C1} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-2 No Task File 
Task: {6B5693E1-5BC7-4FC9-90A0-DD25AB7C7CC6} - System32\Tasks\KA3T8ddWS5BclMs => C:\Users\Tammy\AppData\Roaming\sEaXjva\nUtyjRK.exe [2015-03-25] ( )
Task: {79F8B4C7-FA5A-4483-AB2F-19707AB3065A} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-3 No Task File 
Task: {7CC4D123-C92D-495C-B4F8-F06CA4ADD33C} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-5 No Task File 
Task: {812978DE-EEC0-43A9-86A2-58DE0E69DE1F} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-7 No Task File 
Task: {8232E0CA-C3CD-4921-8F4A-F9A695B319F0} - System32\Tasks\zeyvubCcQVGK49w => C:\Users\Tammy\AppData\Roaming\YsV1bts\4Zf2kj6.exe [2015-03-25] ( )
Task: {83FA2618-1317-40BA-B6DD-9F85A0AD0166} - \LyricsMonkey-1-codedownloader No Task File <==== ATTENTION
Task: {8678FD49-B557-461F-8FEB-0BA24B20EB4C} - \SPBIW_UpdateTask_Time_323939383938373931372d3755556c415a505757414a34 No Task File 
Task: {972D071D-48AE-40CA-AA1F-098B5FB33947} - System32\Tasks\ACHGF => C:\Users\Tammy\AppData\Roaming\ACHGF.exe 
Task: {B0A7B39A-D1FE-4275-8871-BD41FC8D8005} - \LyricsMonkey-1-enabler No Task File 
Task: {B294F755-AA50-41E4-BDD1-0B123A06E590} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe ,Command701 update3 
Task: {B3308E2D-25A5-4682-B40A-C4E2D0653724} - \c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-1 No Task File 
Task: {B5053B09-6257-4131-8CFC-3F06DA74EDE2} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe 
Task: {B71FEE58-C00C-4FC4-957A-EA5CABB31DF1} - \Feven 1.7-codedownloader No Task File 
Task: {BE1C142D-1AC0-46A2-AE03-8E4978BBB05C} - \Special IC Runner No Task File 
Task: {C0C63456-84E9-464A-AD34-C884E84BB543} - \FF Watcher {E92C7F88-1EBC-4E08-B27E-0F1F315938AA} No Task File 
Task: {C13FA52C-E5F3-407F-89B7-62138EDE234F} - System32\Tasks\DPTDYGCK => C:\ProgramData\81d19778c51c4881a7eae8f07044d0be\81d19778c51c4881a7eae8f07044d0be.exe
Task: {DE69168A-91E2-42BF-BFD5-45589E2A187D} - System32\Tasks\GlobalUpdate-nmy2yzhxogswbth => C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth\nmy2yzhxogswbth.exe [2015-03-06] () 
Task: {E97D66CD-A626-4C7A-B360-80C9700B39C1} - System32\Tasks\WCDUDQK => C:\Users\Tammy\AppData\Roaming\WCDUDQK.exe 
Task: {FFC98389-5A5E-4C3A-A220-8CC4EA93CB5F} - \SuperLyrics-1-codedownloader No Task File 
Task: C:\Windows\Tasks\ACHGF.job => C:\Users\Tammy\AppData\Roaming\ACHGF.exe 
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe 
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
Task: C:\Windows\Tasks\WCDUDQK.job => C:\Users\Tammy\AppData\Roaming\WCDUDQK.exe 
C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth
AlternateDataStreams: C:\ProgramData\Temp:373E1720
C:\Users\Tammy\AppData\Roaming\WCDUDQK.exe 
C:\Users\Tammy\AppData\Roaming\ACHGF.exe 
C:\ProgramData\81d19778c51c4881a7eae8f07044d0be
C:\Users\Tammy\AppData\Local\IdleCrawler
C:\Users\Tammy\AppData\Roaming\YsV1bts
C:\Users\Tammy\AppData\Roaming\sEaXjva
C:\Users\Tammy\AppData\Roaming\uJrqmCT
C:\Program Files\PC Optimizer Pro
C:\Program Files\Common Files\Goobzo
CreateRestorePoint:
EmptyTemp:
*****************
 
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Support => value deleted successfully.
"C:\Program Files (x86)\Driver Support" => File/Directory not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4081401466-2854415465-36764422-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. 
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
WindowsVNT_R5 => Service stopped successfully.
WindowsVNT_R5 => Service deleted successfully.
C:\Program Files (x86)\Windows Network Accelerater => Moved successfully.
MediaDevSrv => Service deleted successfully.
C:\ProgramData\MediaDev => Moved successfully.
esgiguard => Service deleted successfully.
kxtbmjwb => Service deleted successfully.
SPDRIVER_1.39.1.1655 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{220B330A-55BA-41AE-AC2D-1034B4AC805F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{220B330A-55BA-41AE-AC2D-1034B4AC805F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.7-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23C429F0-8BF3-4342-8088-F77445780289}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23C429F0-8BF3-4342-8088-F77445780289}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323939383938373931372d3755556c415a505757414a34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BC60FAD-4D3E-4C06-9BBB-740158B1558A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BC60FAD-4D3E-4C06-9BBB-740158B1558A}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMWUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32FC86D4-D5B5-4823-82BA-66C41845A4D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32FC86D4-D5B5-4823-82BA-66C41845A4D6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3449CE58-61C6-4584-9AD3-A8B440903483}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3449CE58-61C6-4584-9AD3-A8B440903483}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{389EDA18-BE07-443D-85B9-6505EB147764}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{389EDA18-BE07-443D-85B9-6505EB147764}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CEB3C6A-C0C4-48E8-B5AD-B70B97D8DBED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CEB3C6A-C0C4-48E8-B5AD-B70B97D8DBED}" => Key deleted successfully.
C:\Windows\System32\Tasks\wBgZP6WkEJKDRg0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wBgZP6WkEJKDRg0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53541BD2-4B7B-452A-A8AC-20C50E7594BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53541BD2-4B7B-452A-A8AC-20C50E7594BD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5978928D-B451-4E70-907B-49D40F4AF1E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5978928D-B451-4E70-907B-49D40F4AF1E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Advanced IC Updating" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{611D1ACA-823F-4EFB-99F9-113E22B28AB6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{611D1ACA-823F-4EFB-99F9-113E22B28AB6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.7-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{62895D6A-3E84-4E3A-AC11-78CE24FD7C6D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62895D6A-3E84-4E3A-AC11-78CE24FD7C6D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsMonkey-1-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6755E6E6-BAFA-4ACF-81A8-E393CC995084}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6755E6E6-BAFA-4ACF-81A8-E393CC995084}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperLyrics-1-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{684E0632-8DB3-4DE0-9924-CF20D2DE9CE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{684E0632-8DB3-4DE0-9924-CF20D2DE9CE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater19962.exe" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A0ED1A5-A94F-4C1C-BBA4-9410A2B3F2C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0ED1A5-A94F-4C1C-BBA4-9410A2B3F2C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B5693E1-5BC7-4FC9-90A0-DD25AB7C7CC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B5693E1-5BC7-4FC9-90A0-DD25AB7C7CC6}" => Key deleted successfully.
C:\Windows\System32\Tasks\KA3T8ddWS5BclMs => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KA3T8ddWS5BclMs" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79F8B4C7-FA5A-4483-AB2F-19707AB3065A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79F8B4C7-FA5A-4483-AB2F-19707AB3065A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CC4D123-C92D-495C-B4F8-F06CA4ADD33C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CC4D123-C92D-495C-B4F8-F06CA4ADD33C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{812978DE-EEC0-43A9-86A2-58DE0E69DE1F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{812978DE-EEC0-43A9-86A2-58DE0E69DE1F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8232E0CA-C3CD-4921-8F4A-F9A695B319F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8232E0CA-C3CD-4921-8F4A-F9A695B319F0}" => Key deleted successfully.
C:\Windows\System32\Tasks\zeyvubCcQVGK49w => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\zeyvubCcQVGK49w" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83FA2618-1317-40BA-B6DD-9F85A0AD0166}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83FA2618-1317-40BA-B6DD-9F85A0AD0166}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsMonkey-1-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8678FD49-B557-461F-8FEB-0BA24B20EB4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8678FD49-B557-461F-8FEB-0BA24B20EB4C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323939383938373931372d3755556c415a505757414a34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{972D071D-48AE-40CA-AA1F-098B5FB33947}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{972D071D-48AE-40CA-AA1F-098B5FB33947}" => Key deleted successfully.
C:\Windows\System32\Tasks\ACHGF => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACHGF" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0A7B39A-D1FE-4275-8871-BD41FC8D8005}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0A7B39A-D1FE-4275-8871-BD41FC8D8005}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LyricsMonkey-1-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B294F755-AA50-41E4-BDD1-0B123A06E590}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B294F755-AA50-41E4-BDD1-0B123A06E590}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3308E2D-25A5-4682-B40A-C4E2D0653724}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3308E2D-25A5-4682-B40A-C4E2D0653724}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c4c8aa3a-1eaa-4b43-b0b7-6c11df4daae7-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5053B09-6257-4131-8CFC-3F06DA74EDE2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5053B09-6257-4131-8CFC-3F06DA74EDE2}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\IdleCrawler Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B71FEE58-C00C-4FC4-957A-EA5CABB31DF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B71FEE58-C00C-4FC4-957A-EA5CABB31DF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Feven 1.7-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE1C142D-1AC0-46A2-AE03-8E4978BBB05C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1C142D-1AC0-46A2-AE03-8E4978BBB05C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Special IC Runner" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0C63456-84E9-464A-AD34-C884E84BB543}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C63456-84E9-464A-AD34-C884E84BB543}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {E92C7F88-1EBC-4E08-B27E-0F1F315938AA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C13FA52C-E5F3-407F-89B7-62138EDE234F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C13FA52C-E5F3-407F-89B7-62138EDE234F}" => Key deleted successfully.
C:\Windows\System32\Tasks\DPTDYGCK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DPTDYGCK" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DE69168A-91E2-42BF-BFD5-45589E2A187D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE69168A-91E2-42BF-BFD5-45589E2A187D}" => Key deleted successfully.
C:\Windows\System32\Tasks\GlobalUpdate-nmy2yzhxogswbth => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlobalUpdate-nmy2yzhxogswbth" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E97D66CD-A626-4C7A-B360-80C9700B39C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E97D66CD-A626-4C7A-B360-80C9700B39C1}" => Key deleted successfully.
C:\Windows\System32\Tasks\WCDUDQK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WCDUDQK" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FFC98389-5A5E-4C3A-A220-8CC4EA93CB5F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFC98389-5A5E-4C3A-A220-8CC4EA93CB5F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperLyrics-1-codedownloader" => Key deleted successfully.
C:\Windows\Tasks\ACHGF.job => Moved successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
C:\Windows\Tasks\Quick PC Booster64 startups.job => Moved successfully.
C:\Windows\Tasks\WCDUDQK.job => Moved successfully.
C:\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
"C:\Users\Tammy\AppData\Roaming\WCDUDQK.exe" => File/Directory not found.
"C:\Users\Tammy\AppData\Roaming\ACHGF.exe" => File/Directory not found.
C:\ProgramData\81d19778c51c4881a7eae8f07044d0be => Moved successfully.
"C:\Users\Tammy\AppData\Local\IdleCrawler" => File/Directory not found.
C:\Users\Tammy\AppData\Roaming\YsV1bts => Moved successfully.
C:\Users\Tammy\AppData\Roaming\sEaXjva => Moved successfully.
C:\Users\Tammy\AppData\Roaming\uJrqmCT => Moved successfully.
"C:\Program Files\PC Optimizer Pro" => File/Directory not found.
"C:\Program Files\Common Files\Goobzo" => File/Directory not found.
Restore point was successfully created.
EmptyTemp: => Removed 536.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:15:06 ====
 
 
 
 
FRST---
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Tammy (administrator) on TAMMY-HP on 27-03-2015 14:18:03
Running from C:\Users\Tammy\Desktop
Loaded Profiles: Tammy (Available profiles: Tammy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
(Google Inc.) C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-09-11] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-09-24] (IDT, Inc.)
HKLM\...\Run: [LMADEmon] => C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-09-12] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [Google Update] => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-25] (Google Inc.)
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Policies\system: [DisableChangePassword] 0
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-25] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-12-17] (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-25] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-12-17] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-06-21] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-06-21] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-11-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-11-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4081401466-2854415465-36764422-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4081401466-2854415465-36764422-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF Extension: 158d7cb370394a758e0b3bd0a464edd2 - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2} [2014-12-10]
FF Extension: cd61737567434ee8bac4fbf10f35729e - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2015-03-25]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-09-17]
FF HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-09-25]
CHR Extension: (Google Cast) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-25]
CHR Extension: (Netflix) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-01-25]
CHR Extension: (Yahoo!) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfkbfjcbkhnmiignagpkiijohkcdkffb [2015-03-25]
CHR Extension: (Pin It Button) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-03-27] (SurfRight B.V.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-09-12] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 aswSP; No ImagePath
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 14:11 - 2015-03-27 14:11 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-26 19:25 - 2015-03-26 19:25 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-03-26 19:22 - 2015-03-26 19:21 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-26 19:22 - 2015-03-23 14:28 - 02168320 _____ () C:\Users\Tammy\Desktop\AdwCleaner.exe
2015-03-26 19:09 - 2015-03-26 19:09 - 00000000 __SHD () C:\AI_RecycleBin
2015-03-26 18:35 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-26 18:35 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-26 18:35 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-26 18:35 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-26 18:35 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-26 18:35 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-26 18:35 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-26 18:35 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-26 18:35 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-26 18:35 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-26 18:34 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-26 18:34 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-26 18:34 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-26 18:34 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-26 18:34 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-26 18:34 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-26 18:34 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-26 18:34 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-26 18:34 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-26 18:34 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-26 18:34 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-26 18:34 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-26 18:34 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-26 18:34 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-26 18:34 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-26 18:34 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-26 18:34 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-26 18:34 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-26 18:34 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-26 18:34 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-26 18:34 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-26 18:34 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-26 18:19 - 2015-03-26 19:32 - 00001264 _____ () C:\Users\Tammy\Desktop\Revo Uninstaller.lnk
2015-03-26 18:19 - 2015-03-26 19:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-26 18:19 - 2015-03-26 18:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tammy\Desktop\revosetup.exe
2015-03-25 22:22 - 2015-03-27 14:18 - 00020861 _____ () C:\Users\Tammy\Desktop\FRST.txt
2015-03-25 22:22 - 2015-03-26 20:34 - 00045830 _____ () C:\Users\Tammy\Desktop\Addition.txt
2015-03-25 22:20 - 2015-03-27 14:18 - 00000000 ____D () C:\FRST
2015-03-25 22:19 - 2015-03-25 22:17 - 05615749 _____ (Swearware) C:\Users\Tammy\Desktop\ComboFix.exe
2015-03-25 22:19 - 2015-03-25 22:17 - 02095616 _____ (Farbar) C:\Users\Tammy\Desktop\FRST64.exe
2015-03-25 22:07 - 2015-03-25 22:07 - 00014557 _____ () C:\Users\Tammy\Desktop\hijackthis.log
2015-03-25 21:50 - 2015-03-25 22:04 - 00000000 ____D () C:\Users\Tammy\Desktop\backups
2015-03-25 21:31 - 2015-03-25 21:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tammy\Desktop\HijackThis.exe
2015-03-25 21:12 - 2015-03-25 21:12 - 00000000 ____D () C:\ProgramData\c07c07600005650
2015-03-25 21:07 - 2015-03-26 20:18 - 00000000 ____D () C:\ProgramData\owCxlB
2015-03-25 21:07 - 2015-03-25 21:07 - 01020964 _____ () C:\Users\Tammy\Downloads\Unconfirmed 586426.crdownload
2015-03-25 20:44 - 2015-03-25 20:47 - 00000000 ____D () C:\ProgramData\EmailNotifier
2015-03-25 20:36 - 2015-03-25 20:36 - 00000000 ____D () C:\Program Files (x86)\5c3e877c-03e4-46ff-8b8c-ccd0f16063bd
2015-03-25 20:35 - 2015-03-26 19:26 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForTammy.job
2015-03-25 20:35 - 2015-03-26 18:24 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTammy
2015-03-25 20:16 - 2015-03-25 20:16 - 00000000 _____ () C:\F5C5.tmp
2015-03-25 20:13 - 2015-03-25 20:13 - 02168320 _____ () C:\Users\Tammy\Downloads\adwcleaner_4.113.exe
2015-03-25 20:08 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Tammy\AppData\Local\352D39B5-1427314108-0EA4-0CD7-101F741A5EB4
2015-03-25 19:53 - 2015-03-25 19:53 - 00000000 _____ () C:\Users\Tammy\AppData\Roaming\1.txt
2015-03-25 18:49 - 2015-03-25 18:49 - 00000000 _____ () C:\Users\Tammy\AppData\Local\.a852.db
2015-03-25 18:39 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-25 18:39 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-25 18:39 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-25 18:39 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-25 18:38 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-25 18:38 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-25 18:38 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-25 18:38 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-25 18:38 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-25 18:38 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-25 18:38 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-25 18:38 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-25 18:38 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-25 18:38 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-25 18:38 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-25 18:38 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-25 18:38 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-25 18:38 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-25 18:37 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-25 18:37 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-25 18:37 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-25 18:37 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-25 18:37 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-25 18:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-25 18:37 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-25 18:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-25 18:37 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-25 18:37 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-25 18:37 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-25 18:37 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-25 18:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-25 18:37 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-25 18:37 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-25 18:37 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-25 18:37 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-25 18:37 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-25 18:37 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-25 18:37 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-25 18:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-25 18:37 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-25 18:37 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-25 18:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-25 18:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-25 18:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-25 18:37 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-25 18:37 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-25 18:37 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-25 18:37 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-25 18:37 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-25 18:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-25 18:37 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-25 18:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-25 18:37 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-25 18:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-25 18:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-25 18:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-25 18:37 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-25 18:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-25 18:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-25 18:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-25 18:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-25 18:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-25 18:37 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-25 18:37 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-25 18:37 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-25 18:37 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-25 18:37 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-25 18:37 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-25 18:36 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-25 18:36 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-25 18:36 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-25 18:36 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-25 18:36 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-25 18:36 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-25 18:36 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-25 18:36 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-25 18:36 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-25 18:36 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-25 18:36 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-25 18:36 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-25 18:36 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-25 18:25 - 2015-03-25 19:14 - 00002295 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-25 14:52 - 2015-03-25 14:52 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-03-25 14:52 - 2015-03-25 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-03-25 14:52 - 2015-03-25 14:52 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
2015-03-09 16:06 - 2015-03-09 16:06 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
2015-03-09 09:47 - 2015-03-09 12:31 - 00000000 ____D () C:\ProgramData\{55665be6-7d66-9ea4-5566-65be67d66f99}
2015-03-09 09:43 - 2015-03-09 09:43 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashRpt
2015-03-08 14:53 - 2015-03-25 14:50 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-03-08 01:18 - 2015-03-08 01:18 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
2015-03-08 01:04 - 2015-03-08 01:04 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
2015-03-08 01:03 - 2015-03-08 14:52 - 00000000 ____D () C:\ProgramData\Optimizer
2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Users\Tammy\Documents\DreamVideoSoft
2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-03-08 00:56 - 2015-03-08 00:56 - 00435720 _____ (InstallerTech Corp) C:\Users\Tammy\Downloads\Setup (2).exe
2015-03-08 00:49 - 2015-03-25 19:19 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-08 00:18 - 2015-03-25 19:23 - 00000000 ____D () C:\ProgramData\0d4294919c9a4941ba7cc97f91f909a5
2015-03-08 00:16 - 2015-03-08 00:16 - 00637440 _____ () C:\Users\Tammy\Downloads\UH.Hack.v1.18.1__4024_il943.exe
2015-03-08 00:16 - 2015-03-08 00:16 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Geckofx
2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\QsMttiv
2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\nO1cZpN
2015-03-08 00:14 - 2015-03-08 00:14 - 00000000 ____D () C:\ProgramData\atjs
2015-03-08 00:11 - 2015-03-25 19:43 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\OAS
2015-03-08 00:11 - 2015-03-08 00:11 - 00657920 _____ () C:\Users\Tammy\Downloads\Installer11__7934_il13539.exe
2015-03-07 15:42 - 2015-03-07 15:43 - 00435416 _____ (InstallerTech Corp) C:\Users\Tammy\Downloads\Setup (1).exe
2015-03-06 20:31 - 2015-03-25 14:52 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-03-06 20:31 - 2015-03-25 14:52 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-03-06 20:31 - 2015-03-06 20:31 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-03 16:02 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 16:02 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 16:02 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 16:02 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 13:09 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 13:09 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 14:17 - 2014-07-24 16:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-27 14:16 - 2014-12-21 06:06 - 00008819 _____ () C:\Windows\setupact.log
2015-03-27 14:16 - 2014-05-15 18:52 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-27 14:16 - 2013-09-13 02:54 - 00000008 __RSH () C:\Users\Tammy\ntuser.pol
2015-03-27 14:16 - 2012-08-07 20:43 - 00000000 ____D () C:\Users\Tammy
2015-03-27 14:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 14:15 - 2014-03-05 21:48 - 01182221 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 14:15 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 14:15 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 14:12 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-27 14:07 - 2009-07-14 00:45 - 00302136 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 14:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-27 14:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-27 14:04 - 2014-12-21 06:06 - 00637922 _____ () C:\Windows\PFRO.log
2015-03-26 22:30 - 2013-10-04 15:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 21:55 - 2012-12-24 03:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 21:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-26 20:27 - 2009-07-14 01:13 - 00783532 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 20:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-03-26 20:17 - 2013-04-02 12:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-26 19:34 - 2014-07-24 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-26 19:34 - 2014-07-24 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-26 19:34 - 2013-10-19 23:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-26 19:25 - 2013-10-19 21:47 - 00000000 ____D () C:\AdwCleaner
2015-03-26 19:24 - 2012-08-07 20:54 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D75D12E0-FDDE-4CAB-898C-0D9BCC45FE94}
2015-03-25 23:55 - 2013-01-14 17:47 - 00776146 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-25 23:49 - 2013-07-24 16:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-25 23:45 - 2012-08-30 14:10 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-25 22:24 - 2012-12-04 14:42 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTAMMY-HP$
2015-03-25 22:24 - 2012-12-04 14:42 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTAMMY-HP$.job
2015-03-25 21:31 - 2012-08-07 20:44 - 00000000 ____D () C:\Users\Tammy\AppData\Local\VirtualStore
2015-03-25 21:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SchCache
2015-03-25 21:26 - 2012-08-08 11:40 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashDumps
2015-03-25 21:00 - 2014-02-24 00:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-25 20:38 - 2013-09-16 13:50 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Mozilla
2015-03-25 20:11 - 2013-09-30 11:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-25 19:04 - 2013-09-30 17:02 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-25 19:04 - 2012-08-07 20:54 - 00001073 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:25 - 2014-07-23 18:33 - 00001106 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:25 - 2013-10-04 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 06:15 - 2014-07-24 16:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-24 16:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-10-19 23:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 16:43 - 2015-01-25 20:32 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core.job
2015-03-08 00:36 - 2013-01-14 17:47 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\SoftGrid Client
2015-03-06 20:31 - 2012-08-14 15:56 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Adobe
2015-03-04 16:03 - 2012-08-09 16:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
 
==================== Files in the root of some directories =======
 
2015-03-25 19:53 - 2015-03-25 19:53 - 0000000 _____ () C:\Users\Tammy\AppData\Roaming\1.txt
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
2015-01-25 12:12 - 2015-01-25 12:12 - 0001248 _____ () C:\Users\Tammy\AppData\Roaming\AUSAMRFZ
2014-09-16 16:45 - 2014-09-26 00:45 - 0000065 _____ () C:\Users\Tammy\AppData\Roaming\WB.CFG
2015-01-25 12:12 - 2015-01-25 12:12 - 0002086 _____ () C:\Users\Tammy\AppData\Roaming\WCDUDQK
2015-03-25 18:49 - 2015-03-25 18:49 - 0000000 _____ () C:\Users\Tammy\AppData\Local\.a852.db
2015-03-09 16:06 - 2015-03-09 16:06 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
2015-03-08 01:18 - 2015-03-08 01:18 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
2015-03-08 01:04 - 2015-03-08 01:04 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
2013-03-20 22:23 - 2014-12-25 17:54 - 0005312 _____ () C:\ProgramData\LMADEscan.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 22:58
 
==================== End Of Log ============================
 
 
Addl----
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Tammy at 2015-03-27 14:19:52
Running from C:\Users\Tammy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ChromecastApp (HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{4741965C-AFD0-4D00-81D1-1039F96D4DC3}) (Version: 5.3.0.273 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 38 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.380 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark S310 Series Uninstaller (HKLM\...\Lexmark S310 Series) (Version:  - Lexmark International, Inc.)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.2600 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software Informer 1.3.1068.0 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27252 - TeamViewer)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.11 - Earth Networks, Inc.)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4081401466-2854415465-36764422-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4081401466-2854415465-36764422-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4081401466-2854415465-36764422-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
05-03-2015 15:51:46 Windows Update
09-03-2015 09:53:15 Windows Update
25-03-2015 18:31:46 Windows Update
25-03-2015 23:43:13 Windows Update
26-03-2015 18:25:37 Revo Uninstaller's restore point - Eppink
26-03-2015 18:28:25 Revo Uninstaller's restore point - ESET Online Scanner v3
26-03-2015 18:39:25 Revo Uninstaller's restore point - Health Alert
26-03-2015 18:40:57 Revo Uninstaller's restore point - Health Alert
26-03-2015 18:41:56 Revo Uninstaller's restore point - Lucky Savings Widget
26-03-2015 18:43:44 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.7 by SweetPacks
26-03-2015 18:44:47 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.7 by SweetPacks
26-03-2015 18:52:25 Revo Uninstaller's restore point - Optimizer Pro v3.2
26-03-2015 19:03:26 Revo Uninstaller's restore point - SySaver
26-03-2015 19:07:44 Revo Uninstaller's restore point - Strongvault Online Backup
26-03-2015 19:14:11 Revo Uninstaller's restore point - TopArcadeHits
26-03-2015 19:16:20 Revo Uninstaller's restore point - Visual Studio 2012 x86 Redistributables
26-03-2015 19:17:41 Revo Uninstaller's restore point - Word Layers
26-03-2015 22:41:22 Windows Update
27-03-2015 14:13:28 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-09-30 17:37 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01F72844-05E6-4B79-AA5C-F56B451BF140} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {057223D6-9F81-4611-8A28-CEBC99680159} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {0E5D4165-9304-4FE2-98F1-3E675B321020} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0EADCAD3-A743-4AC4-90A9-05AC3F1F5C00} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {2AC1503B-E256-48FD-A158-85A71EA0C0E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {34F643C2-C2F3-48FA-B39F-32FEF7F9666D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-02-11] (Microsoft)
Task: {3D683F52-942F-4201-9CE8-77C4B449B7A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001UA => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {4259F6F8-949D-4BD0-BEE6-CD68D05A14A6} - System32\Tasks\HPCeeScheduleForTAMMY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4D61C6EE-EA69-4D11-98D4-C5EABF611424} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {4EF90CB4-DFC0-4AE9-9D78-6719D96C2439} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {51375283-7463-45CA-BCBC-B2D5CA54775C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {5905FCD1-F2A4-4AAD-82D0-A12DE9ECF0EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5F3602B7-5453-45DD-B2F7-70115D4D505F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6527549B-9BF1-4EEB-9CC2-A80976E99C3D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4081401466-2854415465-36764422-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8A9FFB05-5019-49C4-908E-DE03A18BDC8C} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2014-03-19] (Informer Technologies, Inc.)
Task: {954066E3-1F37-4302-8C06-5E24C753247A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {96B47C0F-2647-4D15-B63A-1285D21E6184} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
Task: {A5CD1F55-DD36-414F-8C16-14CE397FD4DA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4081401466-2854415465-36764422-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {AB4FFAF4-9E5B-47CA-BA66-4CCFFA1A4C63} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C506FA87-34A4-47FC-943B-2143ADCE8DA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
Task: {CD3B5820-7FE6-4907-9ACB-F24C163058CA} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {D7DE6B63-0A11-4139-B403-7468A20C20F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: {D82E7FEB-6A2B-4B48-BB5C-763CC09051C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D94C612C-473E-45C1-A972-99245BBC8993} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {E42930ED-93EF-4A99-B16E-20356C21AC51} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {E449361E-F22D-4804-BB0C-CC77FED21AF6} - System32\Tasks\HPCeeScheduleForTammy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E4515D07-C378-417F-B9DC-FD4E9C26150B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001UA.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTAMMY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTammy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-09-27 09:52 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-12-18 03:02 - 2012-09-07 06:40 - 00952496 _____ () C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
2014-02-12 23:58 - 2014-02-12 23:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-30 17:25 - 2013-05-16 13:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-30 17:25 - 2013-05-16 13:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-30 17:25 - 2013-05-16 13:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-30 17:25 - 2012-08-23 13:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-30 17:25 - 2012-04-03 20:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-12-18 03:02 - 2012-08-22 10:05 - 01490944 _____ () C:\Program Files (x86)\Lexmark S310 Series\lmabdrs.dll
2014-10-16 11:12 - 2014-10-16 11:12 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-09-27 09:51 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-06-24 05:19 - 2010-06-24 05:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts.lnk => C:\Windows\pss\Severe Weather Alerts.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: ConduitFloatingPlugin_jccpjpmiegdnbmbnaiaicnaakpacgbdi => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tammy\AppData\Local\Temp\CT3279414\plugins\TBVerifier.dll",RunConduitFloatingPlugin jccpjpmiegdnbmbnaiaicnaakpacgbdi
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\FileKiddo Download Manager\fdm.exe" -autorun
MSCONFIG\startupreg: Gameo => C:\Users\Tammy\AppData\Roaming\Gameo\gameo.exe "C:\Users\Tammy\AppData\Roaming\Gameo\gameo.dat" mode:minimized
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LMab1err => "C:\Program Files\Lexmark\ErrorApp\LMab1err.exe"
MSCONFIG\startupreg: LMADEmon => "C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe
MSCONFIG\startupreg: V-bates => C:\Program Files\V-bates\notifier.exe
MSCONFIG\startupreg: WeatherBug => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4081401466-2854415465-36764422-500 - Administrator - Disabled)
Guest (S-1-5-21-4081401466-2854415465-36764422-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4081401466-2854415465-36764422-1002 - Limited - Enabled)
Tammy (S-1-5-21-4081401466-2854415465-36764422-1001 - Administrator - Enabled) => C:\Users\Tammy
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/27/2015 02:16:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/27/2015 02:13:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Virtual Network (WVN5) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/27/2015 02:13:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service MediaDevSrv since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/27/2015 02:13:25 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0e3e8c08-dfe8-413f-ad41-2bdbc7954010}
 
Error: (03/27/2015 02:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 08:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 07:26:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 07:09:06 PM) (Source: MsiInstaller) (EventID: 11721) (User: Tammy-HP)
Description: Product: Strongvault Online Backup -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: AI_UPDATER_UNINSTALL, location: C:\Program Files (x86)\Strongvault Online Backup\updater.exe, command: /clean silent
 
Error: (03/26/2015 07:05:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Au_.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b64
 
Start Time: 01d06819172e7005
 
Termination Time: 0
 
Application Path: C:\Users\Tammy\AppData\Local\Temp\~nsu.tmp\Au_.exe
 
Report Id: 9c208e7a-d40c-11e4-87ff-101f741a5eb4
 
Error: (03/26/2015 06:17:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/27/2015 02:15:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/27/2015 02:15:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/27/2015 02:15:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/27/2015 02:15:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/27/2015 02:14:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: 
%%1056
 
Error: (03/27/2015 02:13:23 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/27/2015 02:13:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (03/27/2015 02:12:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/27/2015 02:12:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/27/2015 02:12:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Quick Synchronization Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (03/27/2015 02:16:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/27/2015 02:13:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service Windows Virtual Network (WVN5) since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (03/27/2015 02:13:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service MediaDevSrv since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
 
Error: (03/27/2015 02:13:25 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {0e3e8c08-dfe8-413f-ad41-2bdbc7954010}
 
Error: (03/27/2015 02:07:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 08:19:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 07:26:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/26/2015 07:09:06 PM) (Source: MsiInstaller) (EventID: 11721) (User: Tammy-HP)
Description: Product: Strongvault Online Backup -- Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor. Action: AI_UPDATER_UNINSTALL, location: C:\Program Files (x86)\Strongvault Online Backup\updater.exe, command: /clean silent (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (03/26/2015 07:05:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Au_.exe0.0.0.01b6401d06819172e70050C:\Users\Tammy\AppData\Local\Temp\~nsu.tmp\Au_.exe9c208e7a-d40c-11e4-87ff-101f741a5eb4
 
Error: (03/26/2015 06:17:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 42%
Total physical RAM: 4043.86 MB
Available physical RAM: 2308.48 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 6154.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:581.63 GB) (Free:470.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.25 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7ADEB7CE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=581.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:45 AM

Posted 27 March 2015 - 04:11 PM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    FF NewTab: about:newtab
    2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
    2015-03-09 16:06 - 2015-03-09 16:06 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
    2015-03-09 09:47 - 2015-03-09 12:31 - 00000000 ____D () C:\ProgramData\{55665be6-7d66-9ea4-5566-65be67d66f99}
    2015-03-08 01:18 - 2015-03-08 01:18 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
    2015-03-08 01:04 - 2015-03-08 01:04 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
    2015-03-08 01:03 - 2015-03-08 14:52 - 00000000 ____D () C:\ProgramData\Optimizer
    2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Users\Tammy\Documents\DreamVideoSoft
    2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
    2015-03-08 00:16 - 2015-03-08 00:16 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Geckofx
    2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\QsMttiv
    2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\nO1cZpN
    2015-03-08 00:14 - 2015-03-08 00:14 - 00000000 ____D () C:\ProgramData\atjs
    2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
    2015-01-25 12:12 - 2015-01-25 12:12 - 0001248 _____ () C:\Users\Tammy\AppData\Roaming\AUSAMRFZ
    2014-09-16 16:45 - 2014-09-26 00:45 - 0000065 _____ () C:\Users\Tammy\AppData\Roaming\WB.CFG
    2015-01-25 12:12 - 2015-01-25 12:12 - 0002086 _____ () C:\Users\Tammy\AppData\Roaming\WCDUDQK
    2015-03-09 16:06 - 2015-03-09 16:06 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
    2015-03-08 01:18 - 2015-03-08 01:18 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
    2015-03-08 01:04 - 2015-03-08 01:04 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
    Task: {0EADCAD3-A743-4AC4-90A9-05AC3F1F5C00} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
    C:\Program Files\Quick PC Booster
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

v21logo.PNG
Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif



Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 FeedMeInfo

FeedMeInfo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 28 March 2015 - 01:06 AM

Hi there!

 

Here are the logs-

 

 

FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Tammy at 2015-03-27 22:36:16 Run:2
Running from C:\Users\Tammy\Desktop
Loaded Profiles: Tammy (Available profiles: Tammy & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
FF NewTab: about:newtab
2015-03-09 17:30 - 2015-03-09 17:30 - 00005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
2015-03-09 16:06 - 2015-03-09 16:06 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
2015-03-09 09:47 - 2015-03-09 12:31 - 00000000 ____D () C:\ProgramData\{55665be6-7d66-9ea4-5566-65be67d66f99}
2015-03-08 01:18 - 2015-03-08 01:18 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
2015-03-08 01:04 - 2015-03-08 01:04 - 00613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
2015-03-08 01:03 - 2015-03-08 14:52 - 00000000 ____D () C:\ProgramData\Optimizer
2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Users\Tammy\Documents\DreamVideoSoft
2015-03-08 01:03 - 2015-03-08 01:03 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-03-08 00:16 - 2015-03-08 00:16 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Geckofx
2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\QsMttiv
2015-03-08 00:14 - 2015-03-25 21:00 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\nO1cZpN
2015-03-08 00:14 - 2015-03-08 00:14 - 00000000 ____D () C:\ProgramData\atjs
2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Tammy\AppData\Roaming\ACHGF
2015-01-25 12:12 - 2015-01-25 12:12 - 0001248 _____ () C:\Users\Tammy\AppData\Roaming\AUSAMRFZ
2014-09-16 16:45 - 2014-09-26 00:45 - 0000065 _____ () C:\Users\Tammy\AppData\Roaming\WB.CFG
2015-01-25 12:12 - 2015-01-25 12:12 - 0002086 _____ () C:\Users\Tammy\AppData\Roaming\WCDUDQK
2015-03-09 16:06 - 2015-03-09 16:06 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsf3CD6.tmp
2015-03-08 01:18 - 2015-03-08 01:18 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nspBF6A.tmp
2015-03-08 01:04 - 2015-03-08 01:04 - 0613255 _____ (CMI Limited) C:\Users\Tammy\AppData\Local\nsz8C1A.tmp
Task: {0EADCAD3-A743-4AC4-90A9-05AC3F1F5C00} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
C:\Program Files\Quick PC Booster
*****************
 
Processes closed successfully.
Firefox newtab deleted successfully.
C:\Users\Tammy\AppData\Roaming\ACHGF => Moved successfully.
C:\Users\Tammy\AppData\Local\nsf3CD6.tmp => Moved successfully.
C:\ProgramData\{55665be6-7d66-9ea4-5566-65be67d66f99} => Moved successfully.
C:\Users\Tammy\AppData\Local\nspBF6A.tmp => Moved successfully.
C:\Users\Tammy\AppData\Local\nsz8C1A.tmp => Moved successfully.
C:\ProgramData\Optimizer => Moved successfully.
C:\Users\Tammy\Documents\DreamVideoSoft => Moved successfully.
C:\Program Files (x86)\YouTube-Downloader => Moved successfully.
C:\Users\Tammy\AppData\Local\Geckofx => Moved successfully.
C:\Users\Tammy\AppData\Roaming\QsMttiv => Moved successfully.
C:\Users\Tammy\AppData\Roaming\nO1cZpN => Moved successfully.
C:\ProgramData\atjs => Moved successfully.
"C:\Users\Tammy\AppData\Roaming\ACHGF" => File/Directory not found.
C:\Users\Tammy\AppData\Roaming\AUSAMRFZ => Moved successfully.
C:\Users\Tammy\AppData\Roaming\WB.CFG => Moved successfully.
C:\Users\Tammy\AppData\Roaming\WCDUDQK => Moved successfully.
"C:\Users\Tammy\AppData\Local\nsf3CD6.tmp" => File/Directory not found.
"C:\Users\Tammy\AppData\Local\nspBF6A.tmp" => File/Directory not found.
"C:\Users\Tammy\AppData\Local\nsz8C1A.tmp" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0EADCAD3-A743-4AC4-90A9-05AC3F1F5C00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EADCAD3-A743-4AC4-90A9-05AC3F1F5C00}" => Key deleted successfully.
C:\Windows\System32\Tasks\Quick PC Booster64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick PC Booster64 startups" => Key deleted successfully.
"C:\Program Files\Quick PC Booster" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:36:17 ====
 
 
 
MALWARE
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/27/2015
Scan Time: 10:39:33 PM
Logfile: mwr.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.03.28.01
Rootkit Database: v2015.03.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tammy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 463544
Time Elapsed: 35 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ede48a4cec7cf44796cd1701dd409500
# engine=23124
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-28 05:37:05
# local_time=2015-03-28 01:37:05 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 179064475 0 0
# scanned=287890
# found=288
# cleaned=0
# scan_time=6505
sh=FBA57E56A12F85212C029A8B53D26CA86F45F365 ft=1 fh=d5614c4eb331c813 vn="Win32/Toolbar.Perion.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\DGChrome.exe.vir"
sh=8C1DE0FC73F99E5334B7583981BB5FE77B276EFD ft=1 fh=22c1970e615992ee vn="a variant of Win32/Toolbar.Perion.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\Extension32.dll.vir"
sh=F612F4C40004083E87E32268FEE33E60A4C5E96E ft=1 fh=1059bdc4ca02cc1e vn="a variant of Win64/Toolbar.Perion.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\Extension64.dll.vir"
sh=A71A42EC7ED78CB6E296088C584437247051E4DA ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\source.crx.vir"
sh=7BC9F94375FA3094EF2F602E1497DC32F1F83458 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\Firefox\chrome\content\main.js.vir"
sh=EE890B6675E68C2826EEC6BBCFB838AE946DFB67 ft=1 fh=edc6b90448cf60ed vn="a variant of Win32/Toolbar.Conduit.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3279414\plugins\TBVerifier.dll.vir"
sh=CD0F7C803D32FB3646AA6CDA236970678B714923 ft=1 fh=020bf757970d04d7 vn="a variant of Win32/ELEX.BF potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365\eUninstall.exe.vir"
sh=4063121292AE137C23DDFFF96EAD583C3E2A5997 ft=1 fh=1ca0dc69c916a31d vn="a variant of Win32/ELEX.BF potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Desk 365\TrayDownloader.exe.vir"
sh=837F5751C9E6E2ECBB0A343AE11C8246CCFF5A1C ft=1 fh=d01c54c595d170ca vn="MSIL/FileTypeHelper.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Helper\FileTypeHelper.exe.vir"
sh=B7011B22D9679F41BED7E2ADC4DBAE3F21826E5F ft=1 fh=6dd2c64de3527661 vn="MSIL/FileTypeHelper.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Helper\FileTypeHelper_assoc.exe.vir"
sh=BBE808062BC5549FDE5E02CD59209DD8578C404A ft=1 fh=cea29cec86d06433 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=EA22C913C8530E9BF265CE6BF15C3297B496359F ft=1 fh=db5b5695b2d8eabd vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir"
sh=D64BE51BC298BE6C853CEE912B5976ACC5DC56BB ft=1 fh=98537e06a52ce4c4 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir"
sh=829E9CDCE7C1FFFEAC4122F7FC0655819920C560 ft=1 fh=ff1bede3e52252c1 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir"
sh=3B891FB4439090E525592DA51C74817DD028ABA2 ft=1 fh=977e1d7009e33685 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpt.dll.vir"
sh=AAA623029121715DD514658EB72C344C182CE5D4 ft=1 fh=2063f527e15bc225 vn="a variant of MSIL/MyPCBackup.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\BackupStackUI.dll.vir"
sh=192CBAABA0DCF493142342428C7C4CF4E9BB2373 ft=1 fh=f77dc598a5ff0260 vn="a variant of MSIL/RunElevated.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\Configuration Updater.exe.vir"
sh=BAFC87AA0D99C347EA00A77BB09CE78915DF75E5 ft=1 fh=edcb43f436e617cd vn="MSIL/MyPCBackup.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir"
sh=07B47D5C54A2CE2BFED9A592A06E901B51A57D44 ft=1 fh=e3a192889f086bab vn="a variant of Win32/Adware.SpeedingUpMyPC.X application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProGuard.exe.vir"
sh=5A40B0C46B548DEFF1CCD4157EDE946BB1837962 ft=1 fh=c968ccc50418f779 vn="a variant of Win32/Adware.SpeedingUpMyPC.V application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProReminder.exe.vir"
sh=27636862ACBBB23F21D8950D2F4FAD68D69ACA7A ft=1 fh=9717b8204d5cd11a vn="a variant of Win32/Adware.Salus.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Salus\uninstall.exe.vir"
sh=0CACF65C99062D1F6839DA2755D4437B85B98627 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir"
sh=1CD0B604AC3A6F2B35EC837475C3CB367545A26D ft=0 fh=0000000000000000 vn="JS/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.crx.vir"
sh=7057447BBE7271D75A2F3B30B3CDE92F21C66BCB ft=1 fh=37abce139c971c0d vn="a variant of Win32/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll.vir"
sh=823591BEFFDF9F9147BF598AE878FAC02F471F8C ft=1 fh=de31fd7634f84956 vn="a variant of Win32/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.exe.vir"
sh=458E6F260B24451A6C11CF0995B86B66EB35167A ft=0 fh=0000000000000000 vn="JS/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.zip.vir"
sh=E3BC0AE0B76B04315278A0DEBB903E7938C2A01A ft=1 fh=b9469a0fe2b56a8b vn="a variant of Win64/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll.vir"
sh=64378419B5C96AC42D30DBDEB8635447698248F3 ft=1 fh=a306cb03aea90230 vn="Win32/SpeedBit.B.gen potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\SPRemove.exe.vir"
sh=FD23D46A3F69C6AD6CCDBA493F0A65C577DAA253 ft=1 fh=725cb028234fce2d vn="a variant of Win32/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe.vir"
sh=3EB1572995B8D22042BBF8D8932CCE5C0D852582 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js.vir"
sh=B77DEE82F77160CAE5B414B411E6E1E51423A794 ft=1 fh=c71c0011537b5055 vn="a variant of Win32/ShopperPro.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe.vir"
sh=C02B618A63385D148A253BC6D3ADD91A8550FAF4 ft=1 fh=c71c0011c5573777 vn="a variant of Win32/ShopperPro.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe.vir"
sh=2EB436FF9A1569E174ED8F027746A3951A796A69 ft=1 fh=de436982ffffc20f vn="a variant of Win64/ShopperPro.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.sys.vir"
sh=B77DEE82F77160CAE5B414B411E6E1E51423A794 ft=1 fh=c71c0011537b5055 vn="a variant of Win32/ShopperPro.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.39.1.1655\jsdrv.exe.vir"
sh=695AB3DC454F3D659D08F6AF53E27182B5F8A0DA ft=1 fh=c71c001146c07f50 vn="a variant of Win32/ShopperPro.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1535.0.0.0\jsdrv.exe.vir"
sh=9AE5C47A5339A49F7DAB7EDEED8846517D7095C7 ft=1 fh=f8a30ef7a9d1ac8b vn="a variant of Win64/ShopperPro.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1535.0.0.0\jsdrv.sys.vir"
sh=AE60E656413E9DF1933D707AF99B5525C73D75B4 ft=1 fh=c71c0011618742cc vn="a variant of Win32/AdWare.Agent.NNW application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\wse_astromenda\BRS\brs.exe.vir"
sh=EBAE57304D8BC52946AA431D2029377FBC9FDC2E ft=1 fh=8d25a6b81fa43057 vn="a variant of Win32/SBWatchman.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelper.exe.vir"
sh=0CE04FFBA8CD34D050932CC5187459EE1A41E5A3 ft=1 fh=e85f48ef4dbf2ac4 vn="a variant of Win32/SBWatchman.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe.vir"
sh=FF41D0AA73B1FDA9A49FEF0B1F4C33AD84A69423 ft=1 fh=503f20edada4f81d vn="a variant of Win32/SBWatchman.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe.vir"
sh=48A1CCDE888C6E2B23BBA840802A90DC1E046785 ft=1 fh=68b3f4c1eac91edf vn="a variant of Win32/SBWatchman.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir"
sh=FA6CF53AF311BAFA944BE350368880B1F30E49B7 ft=1 fh=3b93cfa11798f28d vn="a variant of Win32/SBWatchman.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadHelper.exe.vir"
sh=FE8916C4ED23C1AEFFFA3B26D560D1C3698E8482 ft=1 fh=547478be043d2d64 vn="a variant of Win32/SBWatchman.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\sbmntr.sys.vir"
sh=93EB42025F9BE0E69FF6B0FE07DC2B447134AAC2 ft=1 fh=b16df4e0aa88024a vn="a variant of Win32/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir"
sh=8C03D975CCE19A9E49A76E3BA0D4EBF7C5BF7828 ft=1 fh=4252b0843c1d26e2 vn="a variant of Win32/SBWatchman.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir"
sh=11E615859CCC9AB122E841745EC9E1F78436391A ft=1 fh=ba90a5d00ef6ba7c vn="a variant of Win32/SBWatchman.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir"
sh=4929B2CBAA80D743B23AC3E036A89B7BFE088329 ft=1 fh=9204f66306aa9067 vn="a variant of MSIL/Adware.PullUpdate.L.gen application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3279414\UninstallerUI.exe.vir"
sh=D2979FB2B48A4403152593BB0D9A415D9F3381C6 ft=1 fh=9899246f50914caa vn="a variant of Win32/Adware.PicColor.S application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\RfndNSIS.dll.vir"
sh=7057447BBE7271D75A2F3B30B3CDE92F21C66BCB ft=1 fh=37abce139c971c0d vn="a variant of Win32/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll.vir"
sh=E3BC0AE0B76B04315278A0DEBB903E7938C2A01A ft=1 fh=b9469a0fe2b56a8b vn="a variant of Win64/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.24.12_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.24.12_0\extensionData\plugins\92_superfish_m.js.vir"
sh=DEF8CB14886F5A427CEB5E70D8C1D395AC135F4A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.24.12_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=74355138F1CC2F634308F1A790D5AD1D7C401E23 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=CF3F763C2D37847B8BA8D2FE67BFDCB903725348 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CD6C49370804B033E758D7EC277EA0D08B95B890 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\92_superfish_m.js.vir"
sh=AFD9829F5C599DA11A6F662604DFB5A53FA88B08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjeeijengimhajmemcjoocganikbopa\1.25.15_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=7E797140BE2D76B80EC180071B039E1DA561191D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\92_superfish_m.js.vir"
sh=DEF8CB14886F5A427CEB5E70D8C1D395AC135F4A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.24.15_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=74355138F1CC2F634308F1A790D5AD1D7C401E23 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=CF3F763C2D37847B8BA8D2FE67BFDCB903725348 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CD6C49370804B033E758D7EC277EA0D08B95B890 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\92_superfish_m.js.vir"
sh=AFD9829F5C599DA11A6F662604DFB5A53FA88B08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhcfmaahmpmacphcjdfmcjgdflhkgall\1.25.19_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C78286C00360EAADA991A3898674CF2B795AC982 ft=1 fh=60907a1d271b3b67 vn="a variant of Win32/Toolbar.Conduit.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\plugins\ConduitChromeApiPlugin.dll.vir"
sh=EE890B6675E68C2826EEC6BBCFB838AE946DFB67 ft=1 fh=edc6b90448cf60ed vn="a variant of Win32/Toolbar.Conduit.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\plugins\TBVerifier.dll.vir"
sh=F205AF462E34D6980666FA8D8CCA69AE4650BDA2 ft=1 fh=b87f4d75e98f69a0 vn="a variant of Win32/Toolbar.Conduit.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccpjpmiegdnbmbnaiaicnaakpacgbdi\10.22.5.10_0\TBHostSupport\TBHostSupport.dll.vir"
sh=E13FAB8E570DA5FA5FB6EA4AF92837E624B98211 ft=1 fh=c71c0011a617a106 vn="a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\Ilivid\Helper.dll.vir"
sh=41F23E459EFF023AB1B26586463360E45528ABC7 ft=1 fh=5a93daf7e0cc20e5 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\NativeMessaging\CT3279414\1_0_0_10\TBMessagingHost.exe.vir"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\NativeMessaging\CT3279414\1_0_0_4\TBMessagingHost.exe.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\NativeMessaging\CT3279414\1_0_0_6\TBMessagingHost.exe.vir"
sh=D4D640E4A04D91DEF41DAD844D1EC046FA1D5F3E ft=1 fh=f32a1de57c3d142e vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\NativeMessaging\CT3279414\1_0_0_7\TBMessagingHost.exe.vir"
sh=47684BC9F96872C4134DD46689D013BD8E51A14A ft=1 fh=47ffb6bc73749a57 vn="Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\NativeMessaging\CT3279414\1_0_0_9\TBMessagingHost.exe.vir"
sh=FADE4553CF63ABD446132E31C7F927AC9D191F5D ft=1 fh=cfebcaa46fcaed43 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\NativeMessaging\CT3279414\1_0_1_6\TBMessagingHost.exe.vir"
sh=95D6172E485A8CE4E67FC5544335FB317B8D989B ft=1 fh=1a7ba23778e9464f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\NativeMessaging\CT3279414\1_0_2_0\TBMessagingHost.exe.vir"
sh=32BE00C9B8BD83BF621E433EC87DE21B08F82098 ft=1 fh=a4fbdca8e8e73dc7 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\SmartWeb\__u.exe.vir"
sh=531B82C8ECE2AF3E96F0720E66806293A5EB5470 ft=1 fh=def75e25ed835e26 vn="a variant of Win32/AdWare.Toolbar.AmyBar.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Local\WordLayers\temp.dat.vir"
sh=37FDC039C02562267559D42D94DDB64B692FD091 ft=1 fh=7aeecd1bb81f6a22 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\hk64tbapp0.dll.vir"
sh=89EFB95EA494B79655C7F863F1C1281CD2709657 ft=1 fh=e87f6ab06a9e2986 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\hk64tbapp2.dll.vir"
sh=068A54F966DB6AC14BCA0E39E2A99E3F0027304D ft=1 fh=39f7a16b0423d981 vn="Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\hk64tbappb.dll.vir"
sh=A6D053127826CDA8DD8FCDBB4E81F63000910624 ft=1 fh=e8f05c501331b563 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\hktbapp0.dll.vir"
sh=AB06A99D1673ACFDB102B0E2A1A77589CFEBEB88 ft=1 fh=1adb5a7836c4d687 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\hktbapp2.dll.vir"
sh=CC6AF3A384A61C1C621BA5AB43583E82FF281530 ft=1 fh=bbbd034bf7d0bf76 vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\hktbappb.dll.vir"
sh=4ED909DA6660CED26F0838A7C1233779B8A23013 ft=1 fh=779718076a3c51f7 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\ldrtbapp2.dll.vir"
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\ldrtbappb.dll.vir"
sh=B24E3DDDEBADE922CBBB4D910726576F58543587 ft=1 fh=7019312cd9cc83e2 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\prxtbapp2.dll.vir"
sh=7148AC44C7FE0CB8D30A12ACB28171AE1F609C20 ft=1 fh=779162af1796b620 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\tbapp0.dll.vir"
sh=74A27DC188109ED4962370B2DF8653CE5D04C98A ft=1 fh=ccc8c447b09029dc vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\tbapp1.dll.vir"
sh=0BEB96A71B86E22B0B605D512C47BB0BA5A9AA7F ft=1 fh=963ff6bc3d69b8f0 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\tbapp2.dll.vir"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\tbappb.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\appbario15\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\InternetHelper1.5\ldrtbInt0.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\InternetHelper1.5\ldrtbInte.dll.vir"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\InternetHelper1.5\tbInt0.dll.vir"
sh=41CDE566540E31CF556FFC948255F45D4A94EAF8 ft=1 fh=3fb8233a96c1e513 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\InternetHelper1.5\tbInt1.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\InternetHelper1.5\tbInte.dll.vir"
sh=DF1228E7C88CAE31EF7D11128601A24523ED6F0F ft=1 fh=653c0ef22a801e03 vn="Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\internethelper3.1\hk64tbInte.dll.vir"
sh=24BD3148E6D11082120E6AC774745BFB25A6DC09 ft=1 fh=7a03eec334d3ad19 vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\internethelper3.1\hktbInte.dll.vir"
sh=D59EDD4E636B9A3D401213DF36AF5A9B43B4ED7D ft=1 fh=7121e0f37bea1006 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\internethelper3.1\ldrtbInte.dll.vir"
sh=7DF1630E7EA989B17D2BAAC27BB80CD36458B0C4 ft=1 fh=d36c354928da402b vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\internethelper3.1\tbInte.dll.vir"
sh=639EC700B0AE3E4022B0E2194154C35804C1495D ft=1 fh=cea679b0d15a81f3 vn="Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\KeyBar_2.2\hk64tbKeyB.dll.vir"
sh=E81DDA2EB87C2B9FC5567266DCB0F473CA8879DD ft=1 fh=ce9365354cde4d2d vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\KeyBar_2.2\hktbKeyB.dll.vir"
sh=BB64EAB4A8D339B38E2C84ECCDC1EB9BCB508661 ft=1 fh=b9050071cbb9d4b1 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\KeyBar_2.2\ldrtbKeyB.dll.vir"
sh=41565A5C7C5DE65C949CC2C3566265E05A0BA782 ft=1 fh=95024ab9b65b3320 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\KeyBar_2.2\tbKeyB.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\KeyBar_2.2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=639EC700B0AE3E4022B0E2194154C35804C1495D ft=1 fh=cea679b0d15a81f3 vn="Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\MixiDJ_V30\hk64tbMixi.dll.vir"
sh=E81DDA2EB87C2B9FC5567266DCB0F473CA8879DD ft=1 fh=ce9365354cde4d2d vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\MixiDJ_V30\hktbMixi.dll.vir"
sh=BB64EAB4A8D339B38E2C84ECCDC1EB9BCB508661 ft=1 fh=b9050071cbb9d4b1 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\MixiDJ_V30\ldrtbMixi.dll.vir"
sh=41565A5C7C5DE65C949CC2C3566265E05A0BA782 ft=1 fh=95024ab9b65b3320 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\MixiDJ_V30\tbMixi.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\MixiDJ_V30\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Produtools_Manuals_2.1\ldrtbPro0.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Produtools_Manuals_2.1\ldrtbProd.dll.vir"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Produtools_Manuals_2.1\tbPro0.dll.vir"
sh=41CDE566540E31CF556FFC948255F45D4A94EAF8 ft=1 fh=3fb8233a96c1e513 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Produtools_Manuals_2.1\tbPro1.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Produtools_Manuals_2.1\tbProd.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Produtools_Manuals_2.1\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=639EC700B0AE3E4022B0E2194154C35804C1495D ft=1 fh=cea679b0d15a81f3 vn="Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Vafmusic2\hk64tbVafm.dll.vir"
sh=E81DDA2EB87C2B9FC5567266DCB0F473CA8879DD ft=1 fh=ce9365354cde4d2d vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Vafmusic2\hktbVafm.dll.vir"
sh=BB64EAB4A8D339B38E2C84ECCDC1EB9BCB508661 ft=1 fh=b9050071cbb9d4b1 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Vafmusic2\ldrtbVafm.dll.vir"
sh=41565A5C7C5DE65C949CC2C3566265E05A0BA782 ft=1 fh=95024ab9b65b3320 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Vafmusic2\tbVafm.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\LocalLow\Vafmusic2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=671E3E4E9E4C9A039D9AD1479A0C91E670AF18E3 ft=1 fh=d643e79c9fb8f862 vn="Win32/Toolbar.Babylon.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir"
sh=A66441EA33B541895F23B3A4F8EB408B616A94BA ft=1 fh=02e58446c958c5ff vn="Win32/Toolbar.DefaultTab.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe.vir"
sh=1D7D935DFBAD0A1A7FA4C846ACD200C53E2D6E8A ft=1 fh=8804492d95458987 vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe.vir"
sh=45EBE0FDE5DFE2D3680BB9EC4ACA875DE0F392EA ft=1 fh=c71c0011eeab8e7c vn="Win32/bProtector.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\freegames4357\install_helper.exe.vir"
sh=3EB1572995B8D22042BBF8D8932CCE5C0D852582 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=74355138F1CC2F634308F1A790D5AD1D7C401E23 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=CF3F763C2D37847B8BA8D2FE67BFDCB903725348 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CD6C49370804B033E758D7EC277EA0D08B95B890 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\170_icm1_5_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\92_superfish_m.js.vir"
sh=AFD9829F5C599DA11A6F662604DFB5A53FA88B08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\0efc9c38-1ec7-49ed-8915-53a48b6b7600@e7f17679-2a42-4659-83c5-7ba961fdf75a.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=8CE29B8AB884C4365F82A7A8AFB62B296781C051 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\2eb528f3-950d-48a3-be4b-5d7de6c8331e@a41e199b-6ca4-4d23-ab87-73f2d1973314.com\extensionData\plugins\91.js.vir"
sh=F66F477B53B39DF2C2C561D4AF1C7C8F87C89046 ft=1 fh=d0f38e5e390c9502 vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\ffxtlbr@delta.com\uninstall.exe.vir"
sh=27327CE935264BE6554AB64CC62CCA1AED7E1671 ft=1 fh=3cfe49887f8b1621 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=88267695FD221902B0D40BEF608BB5CB52D4BEEA ft=0 fh=0000000000000000 vn="JS/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir"
sh=A011DFD8D93BBA7B75833C0F85FF6E1D25594B84 ft=1 fh=049679d5506e563e vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\f2vra5g6.default\Extensions\{7557724b-30a9-42a4-98eb-77fcb0fd1be3}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=77801D0E0DC02E8C50CDC73562F4D7F13FC1C18B ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Searchprotect\ffprotect\application.js.vir"
sh=170ACC25B35BA845064591DF61F2D52142823738 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir"
sh=45EBE0FDE5DFE2D3680BB9EC4ACA875DE0F392EA ft=1 fh=c71c0011eeab8e7c vn="Win32/bProtector.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\speedtest4354\install_helper.exe.vir"
sh=C0093C80E56E3D0954B9C6F3A10745A7210A8B40 ft=1 fh=7c704831bda2a0ea vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir"
sh=69241CCDD10C437A2BBF5E2D265EB4D32D06D7FD ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\wse_astromenda\UpdateProc\bkup.dat.vir"
sh=EAEED023A8A52C4E87712B449979925814ADE515 ft=1 fh=f57eab75dff0d38f vn="Win32/DealPly.U potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tammy\AppData\Roaming\wse_astromenda\UpdateProc\UpdateTask.exe.vir"
sh=83E01A66093CD5E9AFD7BB3AEA73EB9700EB4FEB ft=1 fh=dcfabc2a317baf47 vn="Win32/VOPackage.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\TEMP\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=2AAB40288A33E431480E904BD7A9A9C6D065B3D0 ft=1 fh=b484f4b7f98c653e vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=BC671AECC3C1A615A726376ADC89016A7282A1B2 ft=1 fh=3e76834ec8202471 vn="a variant of Win32/Komodia.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\BDL.dll.vir"
sh=0DFC08029E9909AA7478883FBC4D12CCCDB76C41 ft=1 fh=a92bab62982ed354 vn="a variant of Win32/Komodia.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\VCL.dll.vir"
sh=D12D1DC8E19528B9FAC16047DBA4770085F8F6F6 ft=1 fh=d8a00dc2ea0bd5df vn="Win32/Adware.SpeedingUpMyPC.Y application" ac=I fn="C:\FRST\Quarantine\C\ProgramData\{55665be6-7d66-9ea4-5566-65be67d66f99}\superpc_soft_partner.exe"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Tammy\AppData\Local\nsf3CD6.tmp.xBAD"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Tammy\AppData\Local\nspBF6A.tmp.xBAD"
sh=6FA07C781B84151C862A8FACD4E2EFB7D8DA3E2F ft=1 fh=ebf21d2230451b57 vn="Win32/AnyProtect.G potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Tammy\AppData\Local\nsz8C1A.tmp.xBAD"
sh=96EDAD94BE1A45EC7D5E7D67B97FE20C1DE1D676 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Tammy\AppData\Roaming\ACHGF.xBAD"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Tammy\AppData\Roaming\AUSAMRFZ.xBAD"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Tammy\AppData\Roaming\WCDUDQK.xBAD"
sh=7F27EB931B1E94ECF47716BCAFCAE474D93EB9AD ft=1 fh=2d24c5dc2dab693f vn="a variant of Win32/Adware.Salus.H application" ac=I fn="C:\FRST\Quarantine\C\Users\Tammy\AppData\Roaming\nmy2yzhxogswbth\nmy2yzhxogswbth.exe"
sh=14FA08491C4CF6BB20F57EDBF8E2FBC7B82309B0 ft=1 fh=853b5e7a7cf8ac5e vn="a variant of MSIL/Adware.WinuSecu.B application" ac=I fn="C:\FRST\Quarantine\C\Users\Tammy\AppData\Roaming\uJrqmCT\I5T2JTP.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\ProgramData\Adobe\AIH.f5b6d47f7526ddade4ac1d0f6d2cdcd0cce032e8\GTB.exe"
sh=F6A211F49FBB9BAF8248B90567C95D3DE4881429 ft=1 fh=43aa14f99a8c3df1 vn="a variant of MSIL/Adware.PullUpdate.K.gen application" ac=I fn="C:\ProgramData\owCxlB\dat\nasxSKVZns.dll"
sh=204CDEE6005FE10035792F24BF68C276B08022BB ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\All Users\Adobe\AIH.f5b6d47f7526ddade4ac1d0f6d2cdcd0cce032e8\GTB.exe"
sh=F6A211F49FBB9BAF8248B90567C95D3DE4881429 ft=1 fh=43aa14f99a8c3df1 vn="a variant of MSIL/Adware.PullUpdate.K.gen application" ac=I fn="C:\Users\All Users\owCxlB\dat\nasxSKVZns.dll"
sh=204CDEE6005FE10035792F24BF68C276B08022BB ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\All Users\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.res"
sh=FB17EF4DB2AD6F514C592C2EAA78EA992CA1EF4A ft=1 fh=6df40e7df30f98e4 vn="a variant of Win32/SpeedBit.C potentially unwanted application" ac=I fn="C:\Users\Tammy\AppData\Local\Installer\Install_28136\DCytdkietut_tutdk_setup.exe"
sh=FB17EF4DB2AD6F514C592C2EAA78EA992CA1EF4A ft=1 fh=6df40e7df30f98e4 vn="a variant of Win32/SpeedBit.C potentially unwanted application" ac=I fn="C:\Users\Tammy\AppData\Local\Installer\Install_3725\DCytdkietut_tutdk_setup.exe"
sh=CE3D4C153A9BBCB6FF136C39D9B5D31D6441E0C1 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Tammy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\44877d6b-47cff024"
sh=E471A3F1F05C907498F603B47D55074F592EB4A0 ft=1 fh=8e428864d084ae31 vn="a variant of Win32/InstallCore.QB potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\CCleaner_Setup.exe"
sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tammy\Downloads\ccsetup406.exe"
sh=DFDA3BEB6A8E9899118BBDE16E4DE6878E323A90 ft=1 fh=dc19b4d7d4992970 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tammy\Downloads\ccsetup419.exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tammy\Downloads\cc_setup.exe"
sh=FB36B55C107677AA275D57375FD4817F236B4C2B ft=1 fh=ac5a1f48f2d63c03 vn="a variant of Win32/Adware.MultiPlug.EP application" ac=I fn="C:\Users\Tammy\Downloads\Fifa 2015 Coin Generator v.1.1.exe"
sh=429837C10452C1C26AC9CD26D7B1C186A8A54429 ft=1 fh=6680d037c9d5d482 vn="NSIS/TrojanDownloader.Adload.AB trojan" ac=I fn="C:\Users\Tammy\Downloads\FLVPlayer-Chrome (1).exe"
sh=CFE40278D61B03D2530FAE7413D48F73A0A56C5A ft=1 fh=d4ee9d1d3f466f6d vn="NSIS/TrojanDownloader.Adload.AP trojan" ac=I fn="C:\Users\Tammy\Downloads\FLVPlayer-Chrome (2).exe"
sh=CFE40278D61B03D2530FAE7413D48F73A0A56C5A ft=1 fh=d4ee9d1d3f466f6d vn="NSIS/TrojanDownloader.Adload.AP trojan" ac=I fn="C:\Users\Tammy\Downloads\FLVPlayer-Chrome (3).exe"
sh=429837C10452C1C26AC9CD26D7B1C186A8A54429 ft=1 fh=6680d037c9d5d482 vn="NSIS/TrojanDownloader.Adload.AB trojan" ac=I fn="C:\Users\Tammy\Downloads\FLVPlayer-Chrome.exe"
sh=F5508C9FE728564F2E5DE98DA5AC20BE4712D83C ft=1 fh=eea80ed8356a73e4 vn="a variant of Win32/Amonetize.EA potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\Installer11__7934_il13539.exe"
sh=A2D0D692CD6734003DAA0B4546C80994312657F0 ft=1 fh=8e42886472980e39 vn="a variant of Win32/InstallCore.QB potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\iTunes_Setup.exe"
sh=5F08F395C6CB59107315E5B7ABAEE215B044A475 ft=1 fh=5b9a13424391c05d vn="a variant of Win32/Verti.G potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\RealPlayer_RocketFuelInstaller.exe"
sh=1BD0A493DA8D8AB54662CCCC7AE83F52D2345E6B ft=1 fh=0c597d85171f7fe4 vn="Win32/Packed.VMDetector.O potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\Setup (1).exe"
sh=074E248D1831AD21F5A21174839093F47AC10CC5 ft=1 fh=01ca3e04919ec3a6 vn="Win32/Packed.VMDetector.O potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\Setup (2).exe"
sh=34AD15382329B15FDCBEE0636BA6699417D280F7 ft=1 fh=4e0cb790866cec28 vn="Win32/OutBrowse.J potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\Setup.exe"
sh=DD779EE571BC580F5B2E22A5E2D9A95F66A4F710 ft=1 fh=fac19de0ff545421 vn="a variant of Win32/Amonetize.EE potentially unwanted application" ac=I fn="C:\Users\Tammy\Downloads\UH.Hack.v1.18.1__4024_il943.exe"
sh=4CA3ED86FEF8FE90C983EEF853B31C7BB24B1DF3 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\edeff5.msi"
sh=BBE808062BC5549FDE5E02CD59209DD8578C404A ft=1 fh=cea29cec86d06433 vn="a variant of MSIL/Toolbar.Linkury.I potentially unwanted application" ac=I fn="C:\Windows\Installer\MSI77D2.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=EA22C913C8530E9BF265CE6BF15C3297B496359F ft=1 fh=db5b5695b2d8eabd vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\Installer\MSI77D2.tmp-\sppsm.dll"
sh=D64BE51BC298BE6C853CEE912B5976ACC5DC56BB ft=1 fh=98537e06a52ce4c4 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\Installer\MSI77D2.tmp-\spusm.dll"
ESETSmartInstaller@High as downloader log:
all ok


The only issue i'm still seeing so far seems to be that her browsers are still opening to www-search.info/ with some redirects when trying to use the page.  I can't find this program anywhere on the system to delete it.
 
Thanks again for all your help, you're great!
 


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:45 AM

Posted 28 March 2015 - 05:12 AM

Hello :)
 
Please do the following:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    C:\ProgramData\Adobe\AIH.f5b6d47f7526ddade4ac1d0f6d2cdcd0cce032e8\GTB.exe
    C:\ProgramData\owCxlB\dat\nasxSKVZns.dll
    C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}
    C:\Users\Tammy\AppData\Local\Installer\Install_28136
    C:\Users\Tammy\AppData\Local\Installer\Install_3725
    C:\Windows\Installer\edeff5.msi
    C:\Windows\Installer\MSI77D2.tmp-
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: sh.PNG
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Shortcut.txt) in the same directory the tool was run from.
    Please copy and paste the content of Shortcut.txt in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 FeedMeInfo

FeedMeInfo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 28 March 2015 - 02:50 PM

Heya-

 

Here are the logs-

 

 

FixLog-

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Tammy at 2015-03-28 06:44:48 Run:3
Running from C:\Users\Tammy\Desktop
Loaded Profiles: Tammy (Available profiles: Tammy & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\ProgramData\Adobe\AIH.f5b6d47f7526ddade4ac1d0f6d2cdcd0cce032e8\GTB.exe
C:\ProgramData\owCxlB\dat\nasxSKVZns.dll
C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756}
C:\Users\Tammy\AppData\Local\Installer\Install_28136
C:\Users\Tammy\AppData\Local\Installer\Install_3725
C:\Windows\Installer\edeff5.msi
C:\Windows\Installer\MSI77D2.tmp-
EmptyTemp:
*****************
 
C:\ProgramData\Adobe\AIH.f5b6d47f7526ddade4ac1d0f6d2cdcd0cce032e8\GTB.exe => Moved successfully.
C:\ProgramData\owCxlB\dat\nasxSKVZns.dll => Moved successfully.
C:\ProgramData\{E0A9340B-C01B-42C1-9910-C307D7BE4756} => Moved successfully.
C:\Users\Tammy\AppData\Local\Installer\Install_28136 => Moved successfully.
C:\Users\Tammy\AppData\Local\Installer\Install_3725 => Moved successfully.
C:\Windows\Installer\edeff5.msi => Moved successfully.
C:\Windows\Installer\MSI77D2.tmp- => Moved successfully.
EmptyTemp: => Removed 31 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 06:44:49 ====
 
 
 
 
 
Shortcut---
 
 
Users shortcut scan result (x64) Version: 11-03-2015
Ran by Tammy at 2015-03-28 06:50:38
Running from C:\Users\Tammy\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Wireless Display.lnk -> C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Desktop.lnk -> C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe (EasyBits Software AS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Forefront Endpoint Protection 2010.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Software Informer.lnk -> C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer\Uninstall Software Informer.lnk -> C:\Program Files\Software Informer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection\HP SimplePass 2011.lnk -> C:\Program Files (x86)\HP SimplePass 2011\Splash.exe (HP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio\RoxioNow\HP MovieStore.lnk -> C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe (Sonic Solutions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Skype.lnk -> C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media\Blio.lnk -> C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media\Install Rhapsody.lnk -> C:\Program Files (x86)\Online Services\Rhapsody\RhapsodyHpq.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\Customer Support.LNK -> C:\Program Files\Lexmark S310 Series\Install\Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\EU Waste Recycling Information.LNK -> C:\Program Files\Lexmark\EU_Waste_Electronic_Information.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\Status Monitor Center.LNK -> C:\Program Files\Lexmark\Status Center\lmsmc.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\User's Guide.LNK -> C:\Program Files (x86)\Lexmark\Pubs\LMADEuser.pdf (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless\Intel® My WiFi Technology.lnk -> C:\Program Files\Intel\WiFi\bin\PanUI.exe (Intel® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation\Intel® Wireless Display\Intel® Wireless Display.lnk -> C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP CoolSense.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPThermalAssistant\HPThermalAssistant.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Documentation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Documentation\NotebookDocs.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\hpDST.lnk -> C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Recovery Manager\HP Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery Manager\Rebecca.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Evernote.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star\Power Saving.lnk -> C:\Windows\Installer\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}\_FA5007C6DF56413F6D252E.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\Read Me.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\Support\en-us\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\Technical Support.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\Support\EA Help\Electronic_Arts_Technical_Support.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\The Sims™ 2 Double Deluxe.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\Uninstall The Sims™ 2 Double Deluxe.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\eauninstall.exe (Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\CyberLink YouCam.lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}\PlayTasks\0\Play The Sims™ 2 Double Deluxe.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Intel® HD Graphics.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\EmailNotifier\AOL.lnk -> C:\ProgramData\EmailNotifier\dtuser\dtUser.exe (No File)
Shortcut: C:\ProgramData\EmailNotifier\Gmail.lnk -> C:\ProgramData\EmailNotifier\dtuser\dtUser.exe (No File)
Shortcut: C:\ProgramData\EmailNotifier\Hotmail.lnk -> C:\ProgramData\EmailNotifier\dtuser\dtUser.exe (No File)
Shortcut: C:\ProgramData\EmailNotifier\RRTimeWarner.lnk -> C:\ProgramData\EmailNotifier\dtuser\dtUser.exe (No File)
Shortcut: C:\ProgramData\EmailNotifier\Yahoo.lnk -> C:\ProgramData\EmailNotifier\dtuser\dtUser.exe (No File)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\Links\Desktop.lnk -> C:\Users\Tammy\Desktop ()
Shortcut: C:\Users\Guest\Links\Downloads.lnk -> C:\Users\Tammy\Downloads ()
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk -> C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Documents\YouCam\YouCam(Webcam).lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\Public\Desktop\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Public\Desktop\The Sims™ 2 Double Deluxe.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\TSBin\Sims2Launcher.exe (Electronic Arts)
Shortcut: C:\Users\Tammy\Links\Desktop.lnk -> C:\Users\Tammy\Desktop ()
Shortcut: C:\Users\Tammy\Links\Downloads.lnk -> C:\Users\Tammy\Downloads ()
Shortcut: C:\Users\Tammy\Documents\Youcam\CyberLink YouCam(Webcam).lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Tammy\Documents\Documents\Documents\YouCam\YouCam(Webcam).lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Tammy\Desktop\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\Users\Tammy\Desktop\Chromecast.lnk -> C:\Users\Tammy\AppData\Local\Google\Chromecast\ChromecastApp.exe (Google)
Shortcut: C:\Users\Tammy\Desktop\Continue FLV Player.lnk -> C:\Users\Tammy\AppData\Local\Temp\DM.exe (No File)
Shortcut: C:\Users\Tammy\Desktop\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Tammy\Desktop\Norton 360.lnk -> C:\Program Files (x86)\Norton 360\Engine64\20.4.0.40\uistub.exe (No File)
Shortcut: C:\Users\Tammy\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Tammy\Desktop\backups\backup-20150325-220412-428-MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
Shortcut: C:\Users\Tammy\Desktop\backups\backup-20150325-220412-507-McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton\Norton Installation Files.lnk -> C:\Users\Public\Downloads\Norton\{N360202019-SHPD-FSD31014} ()
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast\Chromecast.lnk -> C:\Users\Tammy\AppData\Local\Google\Chromecast\ChromecastApp.exe (Google)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast\Uninstall Chromecast.lnk -> C:\Users\Tammy\AppData\Local\Google\Chromecast\unins000.exe ()
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk -> C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\OpenOffice 4.0.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Tammy\AppData\Local\Microsoft\Windows\GameExplorer\{B09CBE6D-8F7B-42E1-BD75-6761BAA50B26}\PlayTasks\0\Play.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ()
Shortcut: C:\Users\Tammy\AppData\Local\Microsoft\Windows\GameExplorer\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}\PlayTasks\1\The Sims™ 2 Body Shop.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\CSBin\TS2BodyShop.exe (Maxis, a division of Electronic Arts Inc.)
Shortcut: C:\Users\Tammy\AppData\Local\Microsoft\Windows\GameExplorer\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}\PlayTasks\0\Play The Sims™ 2 Double Deluxe.lnk -> C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\SP4\TSBin\Sims2Launcher.exe (Electronic Arts)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=pavilion&tp=onlinesvs&s=quickenfc&pf=cnnb&c=113&TYPE=4
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cnnb&s=hp_softwarestore&c=113&TYPE=4
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=6
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\eBay.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cnnb&locale=en_us&bd=all&c=113
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_us
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cnnb&s=hp_softwarestore&c=113&TYPE=4
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=6
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cnnb&s=hp_softwarestore&c=113&TYPE=4
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=6
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://usa-aa.s3-website-us-east-1.amazonaws.com/?grp=6
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cnnb&s=hp_softwarestore&c=113&TYPE=4
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Uninstall.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\Lexmark Printer Home.LNK -> C:\Program Files\Lexmark\Dashboard\lx__Dashboard.exe () -> "/D=Lexmark S310 Series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\Lexmark S310 Series Uninstaller.LNK -> C:\Program Files\Lexmark S310 Series\Install\x64\LMADEinstallgui.exe ( ) -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\Printer Setup Utility.LNK -> C:\Program Files (x86)\Lexmark\PSU\lmpsu.exe () -> /tfsu45 /product="LMADE" /series="Lexmark S310 Series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\Product Update.LNK -> C:\Program Files\Lexmark\ProductUpdate\lmprodupdate.exe () -> /Model 'Lexmark S310 Series'
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\Status Messenger.LNK -> C:\Program Files\Lexmark\ErrorApp\lmab1err.exe () -> -splash
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark S310 Series\Wireless Setup Utility.LNK -> C:\Program Files (x86)\Lexmark\WirelessSetup\LMwpss.exe () -> /product="LMADE" /mfg="" /series="Lexmark S310 Series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Connection Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.) -> -FromStartup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Recovery Manager\HP Recovery Media Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery Manager\Rebecca.exe () -> \CRM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk -> C:\Program Files\HitmanPro\HitmanPro.exe (SurfRight B.V.) -> /uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Agatha Christie - Peril at End House.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 3\Bejeweled3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blasterball 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bounce Symphony.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bounce Symphony\bounce-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Build-a-lot 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Build-a-lot 2\Buildalot2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Cake Mania.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Club Penguin.lnk -> C:\Program Files (x86)\HP Games\Web Link - Club Penguin\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Club Penguin\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Crush the Castle 2.lnk -> C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk -> C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dora's World Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farm Frenzy.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Farm Frenzy\Farm Frenzy-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Free Realms.lnk -> C:\Program Files (x86)\HP Games\Web Link - Free Realms\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Free Realms\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Habbo Hotel.lnk -> C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from HP Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mystery P.I. - Stolen in San Francisco.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mystery P.I. - Stolen in San Francisco\MysteryPISanFrancisco-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Namco All-Stars PAC-MAN.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\pacman-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Pixie Hollow.lnk -> C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Seafight.lnk -> C:\Program Files (x86)\HP Games\Web Link - Seafight\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Seafight\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Shaiya.lnk -> C:\Program Files (x86)\HP Games\Web Link - Shaiya\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Shaiya\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Slingo Supreme.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Slingo Supreme\SlingoSupreme-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\WildTangent Games App - hp.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenu /dp hpcnb2c11
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk -> C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Create Ink Note.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Ink_Note.ico () -> /newinknote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Create Note.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico () -> /newnote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fac60ee0-3e65-46c0-862e-52d1e16fa6d1}\PlayTasks\0\Farm Frenzy.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Farm Frenzy\Farm Frenzy-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e9f7e4c9-fbef-42e7-b19f-48bf2ea8176b}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{dcf8c30f-84f6-4475-829d-2dea8d873786}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c44af186-ce1f-41b7-94d3-def66a94aeeb}\PlayTasks\0\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b3454272-20b1-4853-9201-5a71a281bf30}\PlayTasks\0\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b0a33b86-31a7-4631-ba6d-b5a4fe1606d9}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{a897d9a2-a669-4856-bdc4-f84ea324cf47}\PlayTasks\0\Slingo Supreme.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Slingo Supreme\SlingoSupreme-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9e81298d-ecad-4464-b46d-0ffb96e1d270}\PlayTasks\0\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9d36fecf-a272-4632-a018-906223216b09}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9c57dc32-44bf-4dad-8cce-4d334f4f725a}\PlayTasks\0\Dora's World Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9b9b12f2-7e8f-4fe3-8365-8998b415574d}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{989c5174-cdb7-456a-81a0-8c2d6e45d6c5}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{961391a5-faff-4656-b639-9469eafbd166}\PlayTasks\0\Agatha Christie - Peril at End House.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{93c5e4ca-9d35-4bd8-95b1-c7327601d483}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{90e6e1ce-1450-49b0-b6e3-82e43551c60f}\PlayTasks\0\Namco All-Stars PAC-MAN.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\pacman-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{8dde8af6-a947-49ea-8858-e46765d3acb9}\PlayTasks\0\Bounce Symphony.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bounce Symphony\bounce-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{736aff42-8708-4017-be92-eb94aabb558f}\PlayTasks\0\Mystery P.I. - Stolen in San Francisco.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mystery P.I. - Stolen in San Francisco\MysteryPISanFrancisco-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{677247CF-4120-46DC-A3DF-71588CC9CB7E}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Shaiya\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Shaiya\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ea2c3d3-899a-4d22-b46b-e03dc3c2a115}\PlayTasks\0\Bejeweled 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 3\Bejeweled3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{58081f22-f467-440d-b45a-d1207a716bdd}\PlayTasks\0\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{530bf15f-039a-4796-9724-3503dfc6796a}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{502CF397-846F-459B-AB59-9826E34B7ECE}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Club Penguin\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Club Penguin\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4f4fa136-6ede-454c-9495-620e06dcb70f}\PlayTasks\0\Cake Mania.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4c62c261-4bc4-4df9-9107-4f91e6a38018}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{41F454F5-BF18-49DC-AF06-C69765992EDB}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{40E227A9-5146-4228-B973-C5CE3CAAC442}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Free Realms\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Free Realms\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3c4466d3-a3d7-410d-97ed-d148233326db}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2D080D0F-37EF-433E-90F1-CE36EB0205F6}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Seafight\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Seafight\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{22A975C0-D22F-482C-A387-637EEC15870F}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{227680FF-28CE-48EE-AADF-8D009B2813A9}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1cd10db5-fd52-412c-8f5d-106e71b1c9bd}\PlayTasks\0\Build-a-lot 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Build-a-lot 2\Buildalot2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{119eedc1-0c64-4f7d-a42f-15559b86ea74}\PlayTasks\0\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{09c578b5-3aa9-45e6-aff9-d128b52cfa9a}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{060c286e-7b14-4bf4-9936-205028416ca7}\PlayTasks\0\Blasterball 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\HP Setup\launchreg.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\RunOnceHPTCS.exe () -> MODE=Registration
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\base\launch_base.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --use-spdy=off --disable-quic
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --use-spdy=off --disable-quic
ShortcutWithArgument: C:\Users\Guest\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Tammy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Tammy\AppData\Local\Microsoft\Windows\GameExplorer\{58081f22-f467-440d-b45a-d1207a716bdd}\PlayTasks\0\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\Users\Tammy\AppData\Local\Microsoft\Windows\GameExplorer\{4c62c261-4bc4-4df9-9107-4f91e6a38018}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gameexploreroem
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theft Protection\LoJack Theft Protection - Learn More Now.url -> hxxp://www.absolute.com/HP
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\Electronic Registration.url -> https://account.ea.com/reg/entry/subscribe-entry.jsp?ipath=12&prodId=OREG&skin=oreg&locale=en_us
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES\The Sims™ 2 Double Deluxe\www.thesims2.com.url -> hxxp://www.thesims2.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\Default\Favorites\Links\Amazon.com – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&c=113&bd=presario&tp=iefavbar&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Amazon.com – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&c=113&bd=pavilion&tp=iefavs&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_us&bd=all&c=113
InternetURL: C:\Users\Default\Favorites\HP\Get Skype - Download for Free.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=skype&pf=cnnb&locale=en_ww&bd=all&c=none
InternetURL: C:\Users\Default\Favorites\HP\HP Download Store.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=iefavs&pf=cnnb&s=hp_softwarestore&c=113&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_US&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Snapfish.url -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_us
InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Guest\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Guest\Favorites\Links\Amazon.com – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&c=113&bd=presario&tp=iefavbar&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Guest\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Guest\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\Amazon.com – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&c=113&bd=pavilion&tp=iefavs&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Guest\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_us&bd=all&c=113
InternetURL: C:\Users\Guest\Favorites\HP\Get Skype - Download for Free.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=skype&pf=cnnb&locale=en_ww&bd=all&c=none
InternetURL: C:\Users\Guest\Favorites\HP\HP Download Store.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=iefavs&pf=cnnb&s=hp_softwarestore&c=113&TYPE=4
InternetURL: C:\Users\Guest\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_US&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Guest\Favorites\HP\Snapfish.url -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_us
InternetURL: C:\Users\Guest\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Tammy\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Tammy\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\Amazon.com – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&c=113&bd=pavilion&tp=iefavs&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Tammy\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_us&bd=all&c=113
InternetURL: C:\Users\Tammy\Favorites\HP\Get Skype - Download for Free.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=skype&pf=cnnb&locale=en_ww&bd=all&c=none
InternetURL: C:\Users\Tammy\Favorites\HP\HP Download Store.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=iefavs&pf=cnnb&s=hp_softwarestore&c=113&TYPE=4
InternetURL: C:\Users\Tammy\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_US&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Tammy\Favorites\HP\Snapfish.url -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_us
InternetURL: C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url -> hxxp://gameoapp.com/?utm_source=gameo&utm_medium=Dlink&utm_campaign=ic13_US
 
==================== End of log =============================


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:45 AM

Posted 29 March 2015 - 05:02 AM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 FeedMeInfo

FeedMeInfo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 31 March 2015 - 01:05 AM

Heya!

 

 

Sorry for the delay, work had me busy.  Logs are below :)


FRST---

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Tammy (administrator) on TAMMY-HP on 31-03-2015 01:59:33
Running from C:\Users\Tammy\Desktop
Loaded Profiles: Tammy (Available profiles: Tammy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
(Google Inc.) C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2013-09-11] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-09-24] (IDT, Inc.)
HKLM\...\Run: [LMADEmon] => C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe [952496 2012-09-07] ()
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2013-09-12] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Run: [Google Update] => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-25] (Google Inc.)
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Policies\system: [DisableChangePassword] 0
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-08-25] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-06-21] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-12-17] (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-08-25] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-12-17] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-06-21] (EasyBits Software Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382
FF Homepage: about:home
FF SelectedSearchEngine: Google
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-06-21] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-11-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-11-14] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4081401466-2854415465-36764422-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-4081401466-2854415465-36764422-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Tammy\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF Extension: 158d7cb370394a758e0b3bd0a464edd2 - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2} [2014-12-10]
FF Extension: cd61737567434ee8bac4fbf10f35729e - C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\ckxz9qdt.default-1411706757382\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e} [2015-03-25]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-09-17]
FF HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-09-25]
CHR Extension: (Google Cast) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-25]
CHR Extension: (Netflix) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-01-25]
CHR Extension: (Yahoo!) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfkbfjcbkhnmiignagpkiijohkcdkffb [2015-03-25]
CHR Extension: (Pin It Button) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-08-22]
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-03-27] (SurfRight B.V.)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2013-09-12] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 aswSP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-28 06:50 - 2015-03-28 06:50 - 00079576 _____ () C:\Users\Tammy\Desktop\Shortcut.txt
2015-03-28 06:48 - 2015-03-28 06:50 - 00043766 _____ () C:\Users\Tammy\Desktop\Addition.txt
2015-03-28 06:47 - 2015-03-31 02:00 - 00020753 _____ () C:\Users\Tammy\Desktop\FRST.txt
2015-03-27 23:19 - 2015-03-27 23:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-27 23:18 - 2015-03-27 23:19 - 02347384 _____ (ESET) C:\Users\Tammy\Downloads\esetsmartinstaller_enu.exe
2015-03-26 19:25 - 2015-03-26 19:25 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-03-26 19:22 - 2015-03-26 19:21 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tammy\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-26 19:22 - 2015-03-23 14:28 - 02168320 _____ () C:\Users\Tammy\Desktop\AdwCleaner.exe
2015-03-26 19:09 - 2015-03-26 19:09 - 00000000 __SHD () C:\AI_RecycleBin
2015-03-26 18:35 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-26 18:35 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-26 18:35 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-26 18:35 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-26 18:35 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-26 18:35 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-26 18:35 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-26 18:35 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-26 18:35 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-26 18:35 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-26 18:34 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-26 18:34 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-26 18:34 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-26 18:34 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-26 18:34 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-26 18:34 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-26 18:34 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-26 18:34 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-26 18:34 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-26 18:34 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-26 18:34 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-26 18:34 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-26 18:34 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-26 18:34 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-26 18:34 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-26 18:34 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-26 18:34 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-26 18:34 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-26 18:34 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-26 18:34 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-26 18:34 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-26 18:34 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-26 18:34 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-26 18:34 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-26 18:34 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-26 18:34 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-26 18:19 - 2015-03-26 19:32 - 00001264 _____ () C:\Users\Tammy\Desktop\Revo Uninstaller.lnk
2015-03-26 18:19 - 2015-03-26 19:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-26 18:19 - 2015-03-26 18:16 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tammy\Desktop\revosetup.exe
2015-03-25 22:20 - 2015-03-31 01:59 - 00000000 ____D () C:\FRST
2015-03-25 22:19 - 2015-03-25 22:17 - 05615749 _____ (Swearware) C:\Users\Tammy\Desktop\ComboFix.exe
2015-03-25 22:19 - 2015-03-25 22:17 - 02095616 _____ (Farbar) C:\Users\Tammy\Desktop\FRST64.exe
2015-03-25 22:07 - 2015-03-25 22:07 - 00014557 _____ () C:\Users\Tammy\Desktop\hijackthis.log
2015-03-25 21:50 - 2015-03-25 22:04 - 00000000 ____D () C:\Users\Tammy\Desktop\backups
2015-03-25 21:31 - 2015-03-25 21:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tammy\Desktop\HijackThis.exe
2015-03-25 21:12 - 2015-03-25 21:12 - 00000000 ____D () C:\ProgramData\c07c07600005650
2015-03-25 21:07 - 2015-03-26 20:18 - 00000000 ____D () C:\ProgramData\owCxlB
2015-03-25 21:07 - 2015-03-25 21:07 - 01020964 _____ () C:\Users\Tammy\Downloads\Unconfirmed 586426.crdownload
2015-03-25 20:44 - 2015-03-25 20:47 - 00000000 ____D () C:\ProgramData\EmailNotifier
2015-03-25 20:36 - 2015-03-25 20:36 - 00000000 ____D () C:\Program Files (x86)\5c3e877c-03e4-46ff-8b8c-ccd0f16063bd
2015-03-25 20:35 - 2015-03-31 01:58 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForTammy.job
2015-03-25 20:35 - 2015-03-28 15:23 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTammy
2015-03-25 20:16 - 2015-03-25 20:16 - 00000000 _____ () C:\F5C5.tmp
2015-03-25 20:13 - 2015-03-25 20:13 - 02168320 _____ () C:\Users\Tammy\Downloads\adwcleaner_4.113.exe
2015-03-25 20:08 - 2015-03-25 20:08 - 00000000 ____D () C:\Users\Tammy\AppData\Local\352D39B5-1427314108-0EA4-0CD7-101F741A5EB4
2015-03-25 19:53 - 2015-03-25 19:53 - 00000000 _____ () C:\Users\Tammy\AppData\Roaming\1.txt
2015-03-25 18:49 - 2015-03-25 18:49 - 00000000 _____ () C:\Users\Tammy\AppData\Local\.a852.db
2015-03-25 18:39 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-25 18:39 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-25 18:39 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-25 18:39 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-25 18:38 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-25 18:38 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-25 18:38 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-25 18:38 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-25 18:38 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-25 18:38 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-25 18:38 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-25 18:38 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-25 18:38 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-25 18:38 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-25 18:38 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-25 18:38 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-25 18:38 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-25 18:38 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-25 18:38 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-25 18:38 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-25 18:37 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-25 18:37 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-25 18:37 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-25 18:37 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-25 18:37 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-25 18:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-25 18:37 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-25 18:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-25 18:37 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-25 18:37 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-25 18:37 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-25 18:37 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-25 18:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-25 18:37 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-25 18:37 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-25 18:37 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-25 18:37 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-25 18:37 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-25 18:37 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-25 18:37 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-25 18:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-25 18:37 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-25 18:37 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-25 18:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-25 18:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-25 18:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-25 18:37 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-25 18:37 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-25 18:37 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-25 18:37 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-25 18:37 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-25 18:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-25 18:37 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-25 18:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-25 18:37 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-25 18:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-25 18:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-25 18:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-25 18:37 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-25 18:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-25 18:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-25 18:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-25 18:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-25 18:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-25 18:37 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-25 18:37 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-25 18:37 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-25 18:37 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-25 18:37 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-25 18:37 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-25 18:36 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-25 18:36 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-25 18:36 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-25 18:36 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-25 18:36 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-25 18:36 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-25 18:36 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-25 18:36 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-25 18:36 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-25 18:36 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-25 18:36 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-25 18:36 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-25 18:36 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-25 18:25 - 2015-03-25 19:14 - 00002295 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-25 14:52 - 2015-03-25 14:52 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-03-25 14:52 - 2015-03-25 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-03-25 14:52 - 2015-03-25 14:52 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-03-09 09:43 - 2015-03-09 09:43 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashRpt
2015-03-08 14:53 - 2015-03-25 14:50 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-03-08 00:56 - 2015-03-08 00:56 - 00435720 _____ (InstallerTech Corp) C:\Users\Tammy\Downloads\Setup (2).exe
2015-03-08 00:49 - 2015-03-25 19:19 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-08 00:18 - 2015-03-25 19:23 - 00000000 ____D () C:\ProgramData\0d4294919c9a4941ba7cc97f91f909a5
2015-03-08 00:16 - 2015-03-08 00:16 - 00637440 _____ () C:\Users\Tammy\Downloads\UH.Hack.v1.18.1__4024_il943.exe
2015-03-08 00:11 - 2015-03-25 19:43 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\OAS
2015-03-08 00:11 - 2015-03-08 00:11 - 00657920 _____ () C:\Users\Tammy\Downloads\Installer11__7934_il13539.exe
2015-03-07 15:42 - 2015-03-07 15:43 - 00435416 _____ (InstallerTech Corp) C:\Users\Tammy\Downloads\Setup (1).exe
2015-03-06 20:31 - 2015-03-25 14:52 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-03-06 20:31 - 2015-03-25 14:52 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-03-06 20:31 - 2015-03-06 20:31 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-03 16:02 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 16:02 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 16:02 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 16:02 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-31 01:58 - 2014-12-21 06:06 - 00009211 _____ () C:\Windows\setupact.log
2015-03-31 01:58 - 2014-07-24 16:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 01:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 15:30 - 2013-10-04 15:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 15:25 - 2009-07-14 01:13 - 00783532 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-28 15:25 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 15:25 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 15:21 - 2014-03-05 21:48 - 01252387 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 06:55 - 2012-12-24 03:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 02:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-27 22:56 - 2012-08-07 20:54 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D75D12E0-FDDE-4CAB-898C-0D9BCC45FE94}
2015-03-27 22:28 - 2015-01-25 20:32 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core.job
2015-03-27 14:16 - 2014-05-15 18:52 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-03-27 14:16 - 2013-09-13 02:54 - 00000008 __RSH () C:\Users\Tammy\ntuser.pol
2015-03-27 14:16 - 2012-08-07 20:43 - 00000000 ____D () C:\Users\Tammy
2015-03-27 14:12 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-27 14:07 - 2009-07-14 00:45 - 00302136 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-27 14:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-27 14:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-27 14:04 - 2014-12-21 06:06 - 00637922 _____ () C:\Windows\PFRO.log
2015-03-26 20:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-03-26 20:17 - 2013-04-02 12:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-26 19:34 - 2014-07-24 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-26 19:34 - 2014-07-24 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-26 19:34 - 2013-10-19 23:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-26 19:25 - 2013-10-19 21:47 - 00000000 ____D () C:\AdwCleaner
2015-03-25 23:55 - 2013-01-14 17:47 - 00776146 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-25 23:49 - 2013-07-24 16:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-25 23:45 - 2012-08-30 14:10 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-25 22:24 - 2012-12-04 14:42 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTAMMY-HP$
2015-03-25 22:24 - 2012-12-04 14:42 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTAMMY-HP$.job
2015-03-25 21:31 - 2012-08-07 20:44 - 00000000 ____D () C:\Users\Tammy\AppData\Local\VirtualStore
2015-03-25 21:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SchCache
2015-03-25 21:26 - 2012-08-08 11:40 - 00000000 ____D () C:\Users\Tammy\AppData\Local\CrashDumps
2015-03-25 21:00 - 2014-02-24 00:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-25 20:38 - 2013-09-16 13:50 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\Mozilla
2015-03-25 20:11 - 2013-09-30 11:32 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-25 19:04 - 2013-09-30 17:02 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-03-25 19:04 - 2012-08-07 20:54 - 00001073 _____ () C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:25 - 2014-07-23 18:33 - 00001106 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 18:25 - 2013-10-04 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-17 06:15 - 2014-07-24 16:47 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-07-24 16:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-10-19 23:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-08 00:36 - 2013-01-14 17:47 - 00000000 ____D () C:\Users\Tammy\AppData\Roaming\SoftGrid Client
2015-03-06 20:31 - 2012-08-14 15:56 - 00000000 ____D () C:\Users\Tammy\AppData\Local\Adobe
2015-03-04 16:03 - 2012-08-09 16:00 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
 
==================== Files in the root of some directories =======
 
2015-03-25 19:53 - 2015-03-25 19:53 - 0000000 _____ () C:\Users\Tammy\AppData\Roaming\1.txt
2015-03-25 18:49 - 2015-03-25 18:49 - 0000000 _____ () C:\Users\Tammy\AppData\Local\.a852.db
2013-03-20 22:23 - 2014-12-25 17:54 - 0005312 _____ () C:\ProgramData\LMADEscan.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 22:58
 
==================== End Of Log ============================
 
 
ADDITION---
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Tammy at 2015-03-31 02:00:54
Running from C:\Users\Tammy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ChromecastApp (HKU\S-1-5-21-4081401466-2854415465-36764422-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3908 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13231.3673 - Hewlett-Packard Company)
HP SimplePass 2011 (HKLM-x32\...\{4741965C-AFD0-4D00-81D1-1039F96D4DC3}) (Version: 5.3.0.273 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}) (Version: 2.0.30.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 38 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.380 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark S310 Series Uninstaller (HKLM\...\Lexmark S310 Series) (Version:  - Lexmark International, Inc.)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.2600 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.19.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.19.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Software Informer 1.3.1068.0 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27252 - TeamViewer)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}) (Version:  - Electronic Arts)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.11 - Earth Networks, Inc.)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4081401466-2854415465-36764422-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4081401466-2854415465-36764422-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4081401466-2854415465-36764422-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tammy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
05-03-2015 15:51:46 Windows Update
09-03-2015 09:53:15 Windows Update
25-03-2015 18:31:46 Windows Update
25-03-2015 23:43:13 Windows Update
26-03-2015 18:25:37 Revo Uninstaller's restore point - Eppink
26-03-2015 18:28:25 Revo Uninstaller's restore point - ESET Online Scanner v3
26-03-2015 18:39:25 Revo Uninstaller's restore point - Health Alert
26-03-2015 18:40:57 Revo Uninstaller's restore point - Health Alert
26-03-2015 18:41:56 Revo Uninstaller's restore point - Lucky Savings Widget
26-03-2015 18:43:44 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.7 by SweetPacks
26-03-2015 18:44:47 Revo Uninstaller's restore point - Internet Explorer Toolbar 4.7 by SweetPacks
26-03-2015 18:52:25 Revo Uninstaller's restore point - Optimizer Pro v3.2
26-03-2015 19:03:26 Revo Uninstaller's restore point - SySaver
26-03-2015 19:07:44 Revo Uninstaller's restore point - Strongvault Online Backup
26-03-2015 19:14:11 Revo Uninstaller's restore point - TopArcadeHits
26-03-2015 19:16:20 Revo Uninstaller's restore point - Visual Studio 2012 x86 Redistributables
26-03-2015 19:17:41 Revo Uninstaller's restore point - Word Layers
26-03-2015 22:41:22 Windows Update
27-03-2015 14:13:28 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2013-09-30 17:37 - 00447822 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01F72844-05E6-4B79-AA5C-F56B451BF140} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {057223D6-9F81-4611-8A28-CEBC99680159} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {0E5D4165-9304-4FE2-98F1-3E675B321020} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2AC1503B-E256-48FD-A158-85A71EA0C0E8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {34F643C2-C2F3-48FA-B39F-32FEF7F9666D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-02-11] (Microsoft)
Task: {3D683F52-942F-4201-9CE8-77C4B449B7A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001UA => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-25] (Google Inc.)
Task: {4259F6F8-949D-4BD0-BEE6-CD68D05A14A6} - System32\Tasks\HPCeeScheduleForTAMMY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4D61C6EE-EA69-4D11-98D4-C5EABF611424} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-08] (CyberLink)
Task: {4EF90CB4-DFC0-4AE9-9D78-6719D96C2439} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {51375283-7463-45CA-BCBC-B2D5CA54775C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {5905FCD1-F2A4-4AAD-82D0-A12DE9ECF0EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5F3602B7-5453-45DD-B2F7-70115D4D505F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {6527549B-9BF1-4EEB-9CC2-A80976E99C3D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4081401466-2854415465-36764422-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8A9FFB05-5019-49C4-908E-DE03A18BDC8C} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2014-03-19] (Informer Technologies, Inc.)
Task: {8B6CC765-A54B-4FCB-8FE3-57658C6F9E5A} - System32\Tasks\HPCeeScheduleForTammy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {8E5DA142-005F-482B-8E18-0C1AB0CF7D33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
Task: {954066E3-1F37-4302-8C06-5E24C753247A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A5CD1F55-DD36-414F-8C16-14CE397FD4DA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4081401466-2854415465-36764422-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {AB4FFAF4-9E5B-47CA-BA66-4CCFFA1A4C63} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C506FA87-34A4-47FC-943B-2143ADCE8DA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-10] (Hewlett-Packard)
Task: {CD3B5820-7FE6-4907-9ACB-F24C163058CA} - System32\Tasks\LexmarkPUDCTask => C:\Program Files\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {D7DE6B63-0A11-4139-B403-7468A20C20F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: {D82E7FEB-6A2B-4B48-BB5C-763CC09051C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {D94C612C-473E-45C1-A972-99245BBC8993} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {E42930ED-93EF-4A99-B16E-20356C21AC51} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {E4515D07-C378-417F-B9DC-FD4E9C26150B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-05] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001Core.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081401466-2854415465-36764422-1001UA.job => C:\Users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTAMMY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTammy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-09-27 09:52 - 2011-01-27 12:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-12-18 03:02 - 2012-09-07 06:40 - 00952496 _____ () C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe
2014-02-12 23:58 - 2014-02-12 23:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-30 17:25 - 2013-05-16 13:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-30 17:25 - 2013-05-16 13:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-30 17:25 - 2013-05-16 13:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-30 17:25 - 2012-08-23 13:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-30 17:25 - 2012-04-03 20:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-12-18 03:02 - 2012-08-22 10:05 - 01490944 _____ () C:\Program Files (x86)\Lexmark S310 Series\lmabdrs.dll
2010-06-24 05:19 - 2010-06-24 05:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-10-16 11:12 - 2014-10-16 11:12 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-09-27 09:51 - 2011-05-20 13:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4081401466-2854415465-36764422-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tammy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts App.lnk => C:\Windows\pss\Severe Weather Alerts App.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Tammy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Severe Weather Alerts.lnk => C:\Windows\pss\Severe Weather Alerts.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: ConduitFloatingPlugin_jccpjpmiegdnbmbnaiaicnaakpacgbdi => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tammy\AppData\Local\Temp\CT3279414\plugins\TBVerifier.dll",RunConduitFloatingPlugin jccpjpmiegdnbmbnaiaicnaakpacgbdi
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\FileKiddo Download Manager\fdm.exe" -autorun
MSCONFIG\startupreg: Gameo => C:\Users\Tammy\AppData\Roaming\Gameo\gameo.exe "C:\Users\Tammy\AppData\Roaming\Gameo\gameo.dat" mode:minimized
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LMab1err => "C:\Program Files\Lexmark\ErrorApp\LMab1err.exe"
MSCONFIG\startupreg: LMADEmon => "C:\Program Files (x86)\Lexmark S310 Series\LMADEmon.exe"
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.36.1.172\jsdrv.exe
MSCONFIG\startupreg: V-bates => C:\Program Files\V-bates\notifier.exe
MSCONFIG\startupreg: WeatherBug => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4081401466-2854415465-36764422-500 - Administrator - Disabled)
Guest (S-1-5-21-4081401466-2854415465-36764422-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4081401466-2854415465-36764422-1002 - Limited - Enabled)
Tammy (S-1-5-21-4081401466-2854415465-36764422-1001 - Administrator - Enabled) => C:\Users\Tammy
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/31/2015 01:58:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 03:18:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 02:18:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 06:46:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 01:57:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 01:52:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/28/2015 01:49:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/28/2015 01:49:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/28/2015 01:49:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/28/2015 01:49:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (03/31/2015 01:58:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:50:43 PM on ‎3/‎28/‎2015 was unexpected.
 
Error: (03/28/2015 03:17:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:42:51 PM on ‎3/‎28/‎2015 was unexpected.
 
Error: (03/27/2015 10:36:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error: 
%%109
 
Error: (03/27/2015 10:36:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error: 
%%109
 
Error: (03/27/2015 10:36:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/27/2015 10:36:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/27/2015 10:36:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/27/2015 10:36:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/27/2015 10:36:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/27/2015 10:36:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (03/31/2015 01:58:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 03:18:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 02:18:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 06:46:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 01:57:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/28/2015 01:52:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (03/28/2015 01:49:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Tammy\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/28/2015 01:49:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Tammy\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/28/2015 01:49:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Tammy\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/28/2015 01:49:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Tammy\Downloads\esetsmartinstaller_enu.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 44%
Total physical RAM: 4043.86 MB
Available physical RAM: 2229.95 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 6074.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:581.63 GB) (Free:468.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.25 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7ADEB7CE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=581.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:45 AM

Posted 31 March 2015 - 12:53 PM

Hi there,
 

 

that her browsers are still opening to www-search.info/

 

Is that issue still present?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 FeedMeInfo

FeedMeInfo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 31 March 2015 - 02:57 PM

Heya-

 

Still getting the same page load on chrome startup.  I can't find an extension for it, and I've fixed the initial start page to go to google but it's still pulling search.info



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:45 AM

Posted 31 March 2015 - 03:02 PM

Internet Explorer as well?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 FeedMeInfo

FeedMeInfo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:45 AM

Posted 31 March 2015 - 03:38 PM

Yes Internet explorer pops the same search info page






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users