Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MindSpark A PUP


  • This topic is locked This topic is locked
19 replies to this topic

#1 FrankenstienPC

FrankenstienPC

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:04 PM

Posted 08 May 2015 - 04:20 AM

My computer started acting whacky tonight. It was locking up, freezing and I suddenly have a cubic ton of popups ads.  Rut-roh, not good so I ran Malware bytes and it found this:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/8/2015
Scan Time: 3:22:41 AM
Logfile: MBAMScan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.08.02
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Donna

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 330341
Time Elapsed: 25 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E404E9A-EDB1-4C5E-853E-D95D9FE14C22}, , [bd75bfd2a5e5f34373f7293d71942bd5],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63C40C48-EE70-41A9-9D39-A9B4D0D5AD2F}, , [b9790a875832a690ff6bbbabc144ef11],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F553ACE-F2B6-4F7B-BC51-86F87C369604}, , [ff33d4bdbbcfe25469016ff7fb0a5fa1],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD91FA1-C327-47FA-8479-561B2400845E}, , [240e3f524a4023136a00d294679e1ae6],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3F674E6-C45E-4508-A782-762D9BA89F97}, , [1f13e9a81b6f40f66bff7aecd33243bd],

Registry Values: 5
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1e404e9a-edb1-4c5e-853e-d95d9fe14c22}|AppPath, C:\Program Files (x86)\Astrology_4a\bar\1.bin, , [bd75bfd2a5e5f34373f7293d71942bd5]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{63c40c48-ee70-41a9-9d39-a9b4d0d5ad2f}|AppPath, C:\Program Files (x86)\Astrology_4a\bar\1.bin, , [b9790a875832a690ff6bbbabc144ef11]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7f553ace-f2b6-4f7b-bc51-86f87c369604}|AppPath, C:\Program Files (x86)\Astrology_4a\bar\1.bin, , [ff33d4bdbbcfe25469016ff7fb0a5fa1]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{bad91fa1-c327-47fa-8479-561b2400845e}|AppPath, C:\Program Files (x86)\Astrology_4a\bar\1.bin, , [240e3f524a4023136a00d294679e1ae6]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c3f674e6-c45e-4508-a782-762d9ba89f97}|AppPath, C:\Program Files (x86)\Astrology_4a\bar\1.bin, , [1f13e9a81b6f40f66bff7aecd33243bd]

Registry Data: 0
(No malicious items detected)

I had Malwarebytes remove it.  Now what should I do?   Looking at that log it mentions a toolbar that I did not download.   That begs the question how did that get on my computer, because I keep my computer clean, very clean.

 

Thank you in advance for your help.

 

FrankenstienPC



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 08 May 2015 - 06:58 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 FrankenstienPC

FrankenstienPC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:04 PM

Posted 08 May 2015 - 08:31 AM

Okay I ran the FRST scan.  Here is the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Donna (administrator) on METHOS on 08-05-2015 08:05:58
Running from C:\Users\Donna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PHSUIW2
Loaded Profiles: Donna (Available profiles: Donna & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [984736 2011-10-22] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
HKU\S-1-5-21-3329493992-913906160-3006372120-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\Users\Donna\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-08-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Donna\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-03-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3329493992-913906160-3006372120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM -> {F6974BF7-E780-469F-963B-216B72CF080C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {3ea5cc93-e372-4e4d-83b9-793689516a65} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZQ^xdm234^S03139^us&si=CJb5-c6_sbICFWZfTAodLREA5Q&ptb=E0A9E091-1BF1-4F5C-9BD1-535AD320CBDC&ind=2012091222&n=77ee1356&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {F6974BF7-E780-469F-963B-216B72CF080C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {3ea5cc93-e372-4e4d-83b9-793689516a65} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZQ^xdm234^S03139^us&si=CJb5-c6_sbICFWZfTAodLREA5Q&ptb=E0A9E091-1BF1-4F5C-9BD1-535AD320CBDC&ind=2012091222&n=77ee1356&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {F6974BF7-E780-469F-963B-216B72CF080C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-22] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {160837A9-67E0-4E3F-8DD6-065361150FDA} https://service2.contactondemand.com/TAW/ClientLib/Collaboration.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-31] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-31] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MI4066~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-06-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-06-24] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tamarack-software.com/TGPlugin,version=7.5 -> C:\Program Files (x86)\Mozilla Firefox\Plugins\nptgeqplugin.dll [2013-07-16] (Tamarack Software, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll [2013-10-28] ()
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll [2013-02-07] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-3329493992-913906160-3006372120-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\user.js [2015-03-19]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll [2013-07-16] (Tamarack Software, Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-04-16]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-04-16]
FF Extension: FacebookMakeup - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\jid1-WVbAc2l8jcpUyw@jetpack.xpi [2015-04-16]
FF Extension: Adblock Plus - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-22]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-31]

Chrome:
=======
CHR Profile: C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-22]
CHR Extension: (Bookmark Manager) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-05]
CHR Extension: (RealDownloader) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Skype Click to Call) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-10-22] (Atheros Commnucations) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-09-24] (Bradford Networks)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [429784 2015-03-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-10] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-10] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-30] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-24] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-10] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-03-12] (Razer Inc.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 3178864drv; C:\Windows\System32\DRIVERS\3178864drv.sys [556632 2013-04-09] () [File not signed]
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-03-10] (BlueStack Systems)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-05-11] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-31] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-31] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2014-11-06] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-03-10] (Razer, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 08:03 - 2015-05-08 08:06 - 00000000 ____D () C:\FRST
2015-05-08 04:43 - 2015-05-08 04:43 - 00005744 _____ () C:\Windows\PFRO.log
2015-05-08 03:49 - 2015-05-08 03:49 - 00003131 _____ () C:\MBAMScan.txt
2015-05-08 03:14 - 2015-05-08 03:15 - 06162288 _____ ( ) C:\Users\Donna\Downloads\adblockplusie-1.4.exe
2015-05-04 09:44 - 2015-05-04 09:44 - 00000000 ____D () C:\Users\Donna\Documents\05-04-2015
2015-05-03 23:56 - 2015-05-03 23:56 - 00001816 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-05-03 23:56 - 2015-05-03 23:56 - 00001767 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-03 23:54 - 2015-05-03 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-03 23:54 - 2015-05-03 23:54 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-03 23:51 - 2015-05-03 23:51 - 00000000 ____D () C:\Users\Donna\AppData\Local\Bluestacks
2015-05-03 23:21 - 2015-05-03 23:21 - 00570280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-03 01:00 - 2015-05-08 04:44 - 00000908 _____ () C:\Windows\setupact.log
2015-05-03 01:00 - 2015-05-03 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-02 00:59 - 2015-05-02 00:59 - 00009541 _____ () C:\Users\Donna\Downloads\pp.dat
2015-05-01 22:43 - 2015-05-01 22:43 - 00118056 _____ () C:\Users\Donna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-01 22:43 - 2015-05-01 22:43 - 00006680 _____ () C:\Users\Donna\Documents\cc_20150501_224303.reg
2015-04-30 01:03 - 2015-04-30 01:03 - 00000000 ____D () C:\Users\Donna\AppData\Local\Grammarly
2015-04-30 01:02 - 2015-04-30 01:02 - 00000000 ____D () C:\Users\Donna\AppData\Local\Package Cache
2015-04-29 22:51 - 2015-04-29 22:51 - 00001427 _____ () C:\Users\Public\Desktop\Ultima 8.lnk
2015-04-29 22:51 - 2015-04-29 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima 8
2015-04-22 19:04 - 2015-04-22 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 17:08 - 2015-04-22 17:08 - 00002444 _____ () C:\Users\Donna\Desktop\wal mart comment.txt
2015-04-14 13:15 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 13:15 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 13:15 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 13:15 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 13:15 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 13:15 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 13:15 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 13:15 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 13:15 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 13:15 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 13:15 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 13:15 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 13:15 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 13:15 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 13:15 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 13:15 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 13:15 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 13:15 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 13:15 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 13:15 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 13:15 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 13:15 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 13:15 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 13:15 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 13:15 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 13:15 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 13:15 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 13:15 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 13:15 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 13:15 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 13:15 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:15 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 13:15 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 13:15 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 13:15 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 13:15 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 13:15 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 13:15 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 13:15 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 13:15 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 13:15 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 13:15 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 13:15 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 13:15 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 13:15 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 13:15 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 13:15 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 13:15 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 13:15 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 13:15 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 13:15 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 13:15 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 13:15 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 13:15 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 13:15 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 13:15 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 13:15 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 13:15 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 13:15 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 13:15 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 13:15 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 13:15 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 13:14 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 13:14 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 13:14 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 13:14 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 13:14 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 13:14 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 13:14 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 13:14 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 13:14 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 13:14 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 13:14 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 13:14 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 13:14 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 13:14 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 13:14 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 13:14 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 13:14 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 13:14 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 13:14 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 13:14 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 13:14 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 13:14 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 13:14 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 13:14 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 13:14 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 13:14 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 13:14 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 13:14 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 13:14 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 13:14 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 13:14 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 13:14 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 13:14 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 13:14 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 13:14 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 04:08 - 2015-04-13 04:08 - 00000000 ____D () C:\Program Files (x86)\Grammarly
2015-04-12 14:27 - 2015-04-12 14:27 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-12 14:27 - 2015-04-12 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-12 14:26 - 2015-04-12 14:27 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-12 14:26 - 2015-04-12 14:27 - 00000000 ____D () C:\Program Files\iTunes
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Program Files\iPod
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 07:58 - 2012-08-20 10:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 07:43 - 2013-08-16 18:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-08 07:14 - 2015-03-31 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-08 04:57 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 04:57 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 04:55 - 2013-05-03 15:09 - 01173041 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 04:47 - 2013-08-16 18:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-08 04:44 - 2012-09-03 18:05 - 00000000 ____D () C:\ProgramData\Kodak
2015-05-08 04:44 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 04:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-05-08 04:22 - 2012-09-10 15:09 - 00000000 ____D () C:\Users\Donna\AppData\Local\CrashDumps
2015-05-08 04:10 - 2012-08-05 19:41 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E07EC201-85B8-4BFC-BB7F-611DB5ADF584}
2015-05-08 03:22 - 2014-05-22 10:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 01:24 - 2013-10-27 19:00 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-05-08 00:55 - 2011-12-25 04:20 - 00000000 ____D () C:\ProgramData\Temp
2015-05-06 09:42 - 2014-08-19 18:58 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-06 02:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-05 06:44 - 2013-09-29 17:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-05 06:41 - 2012-08-05 23:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-04 22:09 - 2012-10-29 19:06 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDonna
2015-05-04 22:09 - 2012-10-29 19:06 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForDonna.job
2015-05-04 19:18 - 2012-08-13 22:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-04 09:43 - 2009-07-14 00:13 - 00862832 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 23:56 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-03 23:54 - 2014-06-03 22:47 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-03 23:41 - 2012-10-08 20:40 - 00000000 ____D () C:\Users\Donna\Desktop\Anti-Spyware
2015-05-03 23:40 - 2012-08-22 21:57 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 01:10 - 2014-05-19 00:52 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\iFunbox_UserCache
2015-05-02 01:09 - 2015-02-22 18:12 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-01 22:15 - 2012-08-21 15:36 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-01 20:54 - 2014-05-22 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-01 20:54 - 2014-05-22 10:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-01 20:28 - 2013-06-06 23:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-30 01:51 - 2013-06-26 21:31 - 00000000 ____D () C:\ProgramData\Origin
2015-04-30 01:03 - 2013-10-27 19:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-29 22:50 - 2013-06-25 00:28 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-04-29 22:50 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-28 18:22 - 2015-02-22 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-28 18:22 - 2015-02-22 18:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-28 13:47 - 2015-03-31 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-28 13:46 - 2012-11-25 00:04 - 00000000 ____D () C:\Users\Donna\Documents\Outlook Files
2015-04-24 21:05 - 2013-06-25 00:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-23 14:41 - 2014-05-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-22 16:52 - 2014-06-22 19:06 - 00000823 _____ () C:\Windows\wininit.ini
2015-04-22 16:52 - 2012-10-01 03:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-16 19:12 - 2012-08-05 07:31 - 00000000 ____D () C:\Users\Donna
2015-04-15 10:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 10:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 09:32 - 2014-12-11 00:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 09:32 - 2014-05-06 17:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 09:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 09:13 - 2011-12-25 04:06 - 00855446 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 09:05 - 2013-07-11 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 08:40 - 2012-08-11 12:18 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 08:39 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-14 22:47 - 2013-02-10 12:28 - 00312320 ___SH () C:\Users\Donna\Documents\Thumbs.db
2015-04-14 13:58 - 2012-08-20 10:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 13:58 - 2012-08-20 10:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 13:58 - 2011-10-15 01:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 09:37 - 2014-05-22 10:20 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-05-22 10:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-05-22 10:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 14:26 - 2012-08-09 13:44 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2013-09-08 23:58 - 2014-12-29 19:31 - 0000000 _____ () C:\Users\Donna\AppData\Roaming\bitlord_log.txt
2014-03-26 23:17 - 2014-12-03 14:05 - 0002395 _____ () C:\Users\Donna\AppData\Roaming\SAS7_000.DAT
2012-09-03 18:15 - 2012-09-03 18:15 - 0000236 _____ () C:\Users\Donna\AppData\Local\LaunchHomeCenter.log
2014-12-29 19:32 - 2014-12-29 19:32 - 0000218 _____ () C:\Users\Donna\AppData\Local\recently-used.xbel
2014-03-27 18:41 - 2014-03-27 18:41 - 0007609 _____ () C:\Users\Donna\AppData\Local\Resmon.ResmonCfg
2012-08-05 20:01 - 2012-08-05 20:01 - 0017408 _____ () C:\Users\Donna\AppData\Local\WebpageIcons.db

Files to move or delete:
====================
C:\Users\Donna\EM-K61A-33000-DLM-SR.exe
C:\Users\Donna\EM-K61A-33000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 01:43

==================== End Of Log ============================

 

Here is the Addition.txt  log  from that scan:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Donna at 2015-05-08 08:07:37
Running from C:\Users\Donna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PHSUIW2
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3329493992-913906160-3006372120-500 - Administrator - Disabled)
Donna (S-1-5-21-3329493992-913906160-3006372120-1001 - Administrator - Enabled) => C:\Users\Donna
Guest (S-1-5-21-3329493992-913906160-3006372120-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3329493992-913906160-3006372120-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Amazing Bubbles 3D 1.2 (HKLM-x32\...\Amazing Bubbles 3D_is1) (Version:  - Rixane Interactive)
AMD Catalyst Install Manager (HKLM\...\{F37A899E-1745-52F5-658F-9A4DA4D46BB7}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.102 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
BD_3D Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.5913 - CyberLink Corp.)
Beats Updater (HKLM-x32\...\{DB050B26-820C-485F-94EA-536B47C2530B}) (Version: 1.1.93.0 - Beats Electronics, LLC)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bradford Persistent Agent (HKLM-x32\...\{97FBB5BD-BCAD-4075-B87B-DD1DB9A70AB6}) (Version: 2.2.8.2 - Bradford Networks)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy - Pizza Party (x32 Version: 2.2.0.97 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\{67ea7aa0-ae09-4050-a01a-26e212b3d0d0}) (Version: 6.4.104.5108 - Grammarly)
Grammarly for Microsoft® Office Suite (x32 Version: 6.4.104.5108 - Grammarly) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HWiNFO64 Version 4.38 (HKLM\...\HWiNFO64_is1) (Version: 4.38 - Martin Malík - REALiX)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
New 7 Wonders 3D Screensaver v. 1.1 (HKLM-x32\...\New 7 Wonders 3D Screensaver_is1) (Version:  - new7wonders.com)
NOOK Study (HKLM-x32\...\NOOK Study) (Version: 2.1.2.28770 - Barnesandnoble.com)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Paltalk Messenger  10.4 (HKLM-x32\...\Paltalk Messenger) (Version: 10.4.0 - AVM Software Inc.)
PeaZip 5.4.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.4.15.0 - Razer Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sim AQUARIUM 2 (HKLM-x32\...\Sim AQUARIUM 2_is1) (Version: 2.6d - Digital Illusions Software)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Super Mario World Screensaver (HKLM-x32\...\Super Mario World Screensaver) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TuneClone 2.20 (HKLM\...\TuneClone_is1) (Version:  - TuneClone.com)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version:  - Electronic Arts)
Ultima Online Enhanced Client (HKLM-x32\...\Ultima Online Enhanced) (Version:  - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
UO Auto-Map 9.0.0 (HKLM-x32\...\UO Auto-Map) (Version: 9.0.0 - UOAM)
UOAssist (HKLM-x32\...\UOAssist) (Version:  - )
UOCartographer 0.9 (HKLM-x32\...\UOCartographer 0.9) (Version:  - UOCartographer.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices  (06/24/2014 1.1.1.0) (HKLM\...\F8B39E2BA074C56762575C7A73506B5AA5ECD5ED) (Version: 06/24/2014 1.1.1.0 - Beats Electronics, LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Worlds of Ultima - The Savage Empire (HKLM-x32\...\GOGPACKWORLDSOFULTIMASAVAGE_is1) (Version: 2.0.0.26 - GOG.com)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-04-2015 21:07:12 Scheduled Checkpoint
02-05-2015 11:49:27 Scheduled Checkpoint
03-05-2015 23:29:42 Removed BlueStacks Notification Center
08-05-2015 01:21:43 Installed Adblock Plus for IE (32-bit and 64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-05-07 00:31 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B032E9A-30EE-4FAB-BDD1-8BC2F72443BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {23F60746-7A7E-4C19-9D77-C7A4C5452259} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {27B21A15-25EE-4849-8CE4-D6D7C6797051} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {35E17E70-CD59-46E7-A965-9F826758FC4A} - System32\Tasks\{28D1CCB3-81BE-4DB3-9831-652F9124091F} => pcalua.exe -a "C:\Users\Donna\Downloads\Bradford Persistent Agent.exe" -d C:\Users\Donna\Downloads
Task: {465DBA2D-5C53-4172-9831-BCA28F43766B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4D1C69DC-8617-46A1-8C53-55290C4333E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {625C43C2-3F5C-4600-BADD-F0F73AE53770} - System32\Tasks\{EA35B241-8B86-4415-B614-931B08C1EB9A} => C:\Program Files (x86)\Electronic Arts\Ultima Online Classic\UO.exe [2012-02-27] (Bioware, an EA Studio)
Task: {6E57B879-CC0E-4A30-BFE3-4F16FBE78A08} - System32\Tasks\{48FD321F-CC42-4B02-8C56-A8FC66376C48} => pcalua.exe -a C:\Users\Donna\Downloads\screensaverx2\screensaverx\screensaver\ultimate_babesavers.exe
Task: {776238D6-2C7B-4F26-8425-5A72D982D690} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {83ECD43E-30A4-4C16-8368-1A29AB9C9593} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {8602CAA7-F7C1-4719-A89F-5C1F8138BB83} - System32\Tasks\HPCeeScheduleForDonna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {87E418BF-4F08-439E-9D65-08D67DACFF14} - System32\Tasks\{9843A2D6-DCF7-45F5-913B-C70037DE7848} => C:\Program Files (x86)\Electronic Arts\Ultima Online Classic\UO.exe [2012-02-27] (Bioware, an EA Studio)
Task: {8D872BBE-41F5-46FE-AF66-AE4B764C9F42} - System32\Tasks\{EA9945E9-09FC-4891-90DC-ADC83DE7E5B1} => pcalua.exe -a C:\Users\Donna\Downloads\screensaverx2\screensaverx\screensaver\amazingbubbles3d_dc.exe -d C:\Users\Donna\Downloads\screensaverx2\screensaverx\screensaver
Task: {8F0A8D25-6591-4EAE-A869-62F5298D58A4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {968EECEF-7C76-46B1-B39C-059FECABC493} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9D5CD078-4A90-4831-AD9E-FE2F79D80A9F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {9FF2AB17-1B7B-49E3-99B9-226AE77EAC39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9FF8B192-76AD-4640-9185-0ABA1974D0A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AAE2D2AE-E032-4AB2-876D-110A5C17D619} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {AEB8318B-F51A-4EE1-B00E-16FF973BD50B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AF69D4C7-36A8-4BB5-BFAB-74E3D89C7C51} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {CA98CEF6-CE97-4F7D-83A4-6A5AD6A4326E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {CF5F33B2-9DA9-436C-9652-D647F1F4F539} - System32\Tasks\{F39CFBC0-3C05-4D04-858D-CE971F2E2FB7} => C:\Program Files (x86)\Electronic Arts\Ultima Online Classic\UO.exe [2012-02-27] (Bioware, an EA Studio)
Task: {E25B5B2D-A444-47D7-AE69-B6485BAC8E1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EE868EE4-D2E6-457A-B49A-2E91F5399B94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDonna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-12-19 15:32 - 2012-12-19 15:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 18:39 - 2012-10-17 18:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 18:39 - 2012-10-17 18:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 15:32 - 2012-12-19 15:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-11 17:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-10 13:20 - 2015-03-10 13:20 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-03-19 01:13 - 2015-01-27 10:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2014-11-18 01:05 - 2014-11-18 01:05 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B174FAE
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3329493992-913906160-3006372120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk => C:\Windows\pss\Amazon Unbox.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Donna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2013 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2013 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Donna^Start Menu^Programs^Startup^OneNote 2013 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2013 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Donna^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Donna^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
MSCONFIG\startupreg: DownloadManager => "c:\Program Files (x86)\Download Manager\Download Manager\DownloadManager.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office2010\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SkyDrive => "C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TuneClone => C:\Program Files\TuneClone\TuneClone.exe /silence

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{F463F9A5-14B5-4963-AD62-E106671621B5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{EEB35DCF-F8EC-4ADF-AC93-6DF48813EFA5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{307E7DC6-3FE4-4787-884E-55A29CBF151F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{72D11655-39F0-4D69-A19D-54B0DDF75587}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{111B79AA-B511-4655-B3BB-03F1627F8A1D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D37322CE-74DD-46D2-A71E-782F2C83E146}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9C152CDE-5413-4B4C-B8EE-ECB3A0656758}] => (Allow) LPort=2869
FirewallRules: [{F77CFD0A-A9B6-4448-B8A1-7FA5479E4D7B}] => (Allow) LPort=1900
FirewallRules: [{7988778C-60AB-474D-967B-017FF3174204}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AF66DDF2-FA61-4016-BBA7-9F7FDEFA8165}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{516ECF22-1E9D-447F-B749-C526F8ADDC50}] => (Allow) C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E9546CBA-A5DB-4D30-BAEE-2D04778F888F}] => (Allow) C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5812089D-8647-4151-B0B7-C883AEDEDAA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D29BB3CE-ACE8-4A19-994C-7C267AB3EE3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BEE89C4-C2AD-43AC-8A5D-812F1E4488B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{84C97035-A5E9-458F-A1BA-679A3DA6D6F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66E12395-C8A2-42BA-8AA6-2F2A36BF8D6A}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{BFB5B6A1-3DE5-4B14-B63F-F7EBB9725548}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{F9CA5AFF-BDC7-413E-8E7A-788177CD1BB7}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{17A38368-BBE2-4A0B-92D8-2C61BEF6E668}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{ADF8DCED-BD87-4E11-B072-8445C353AFB4}] => (Allow) LPort=5353
FirewallRules: [{F8EF40EF-CB79-4CB4-9104-05930973DF05}] => (Allow) LPort=9322
FirewallRules: [{A3528B68-8204-4584-BEEA-A8C38E5040ED}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{374705D1-D23D-40E2-AF02-35EBEEF7E9CE}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exe
FirewallRules: [UDP Query User{255D0A80-3E96-4B73-9345-0159D6367590}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exe
FirewallRules: [TCP Query User{6C6D90E8-CF76-4823-9902-A31B8780C0D7}C:\program files (x86)\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [UDP Query User{CCD35A0D-7BBE-40DD-9504-E742AB619091}C:\program files (x86)\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [TCP Query User{B42E21C2-142B-4493-99AE-0B1E281FE567}C:\program files (x86)\eclipse-sdk32\eclipse\eclipse.exe] => (Allow) C:\program files (x86)\eclipse-sdk32\eclipse\eclipse.exe
FirewallRules: [UDP Query User{AE230C57-EEEA-4161-8FD2-FD122F1474F3}C:\program files (x86)\eclipse-sdk32\eclipse\eclipse.exe] => (Allow) C:\program files (x86)\eclipse-sdk32\eclipse\eclipse.exe
FirewallRules: [TCP Query User{8C48B881-89F8-46FD-92BB-1A92F06A11D1}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [UDP Query User{EDCD234C-D2A1-4CA4-BEFA-7793C31784F9}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [{E284B3F8-D3F3-4294-95C8-955529F04A2F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{BBC8AFB0-9A4D-4F53-90A6-C76DBD3374BF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{0295E748-88F0-4278-91B1-139583EA6BE3}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{87467451-D2D6-4624-8C86-07DBD51BD116}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{02CAA021-A332-47DC-BE94-B3AA0A1607FF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{FE947EFE-BEBF-45C1-A9A8-015E21FDB087}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{A14F547D-7A01-430B-BADA-D657D724ADD4}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{95D4E39C-F2B4-485F-A551-CCEBA830B83B}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{D36FC650-5858-4FF6-B045-CCF112F03172}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{AE897871-AF3D-4657-A155-FBE76645FC59}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{369FAAEB-0F11-4EA3-99E4-5CB3ACF2B938}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{01865C06-B8A5-425D-B836-6E1313E1C452}] => (Allow) C:\NOOKstudy\NOOKStudy.exe
FirewallRules: [{0F1B0B93-5178-4A10-A00E-D62A77990F0C}] => (Allow) C:\NOOKstudy\NOOKStudy.exe
FirewallRules: [TCP Query User{B4619D48-9E7B-4962-B255-DF92C6BFC3A1}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{2546AFBF-3503-482A-ACF5-8B72A36BAF12}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{30E0C0A7-99C7-4222-81D3-39B6568FC06C}] => (Allow) C:\Program Files (x86)\Microsoft Office2010\Office14\ONENOTE.EXE
FirewallRules: [{98093FC5-B80B-497D-920D-A0469322CCC4}] => (Allow) C:\Program Files (x86)\Microsoft Office2010\Office14\ONENOTE.EXE
FirewallRules: [{0D4B3C09-B21D-4AB0-80EF-128C3F4D33B0}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{66F11A80-1EB6-4071-9CAA-8EE61DD850E5}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{2D8ABF84-5868-4799-AA52-4721F33173B5}] => (Allow) LPort=51001
FirewallRules: [{49BE0B6B-AB31-4B14-B623-6AE1F8256228}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{28C0B5F9-FE79-4DF3-A35A-261A5E722E83}] => (Allow) LPort=51001
FirewallRules: [{72578B38-8ED4-47F1-89F9-4D65FE448561}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{4AD61C69-0B01-4F31-B9D9-3515162474AE}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{6CB11C3C-9752-4F1A-970A-CDBA6FC3B035}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\WolframCDFPlayer.exe
FirewallRules: [{685F2902-75DB-43A9-8E4D-50E06D617836}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\WolframCDFPlayer.exe
FirewallRules: [{B8149224-55DB-4E0F-955D-B4A3C96BCF14}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\math.exe
FirewallRules: [{E946F0F8-DF8A-4D65-8BB1-6BB7C25C20B2}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\math.exe
FirewallRules: [TCP Query User{6C6F6C75-9BC5-414B-B012-A7B9BFC3CD73}C:\program files (x86)\uoam\uoam.exe] => (Allow) C:\program files (x86)\uoam\uoam.exe
FirewallRules: [UDP Query User{7C6FDF29-564D-49D3-B727-4F73933FA576}C:\program files (x86)\uoam\uoam.exe] => (Allow) C:\program files (x86)\uoam\uoam.exe
FirewallRules: [TCP Query User{26344BDE-BE0F-46A4-B1FD-1D09FF04457B}C:\program files (x86)\uoam\uoam_locked.exe] => (Allow) C:\program files (x86)\uoam\uoam_locked.exe
FirewallRules: [UDP Query User{DB6FA017-8128-4096-9CA3-536588407440}C:\program files (x86)\uoam\uoam_locked.exe] => (Allow) C:\program files (x86)\uoam\uoam_locked.exe
FirewallRules: [{2E40D100-9B5C-4BE3-B999-6E3063B1BAD5}] => (Allow) LPort=9322
FirewallRules: [{FB1D2788-160B-4D19-8D45-BDDE3FB8DA85}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{1D7944CA-01D5-4A3C-A43D-E809F879E6AC}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{4A8DD8F4-B95E-4C3D-B73F-1BE6B6D01662}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{5AE6AC7A-0E6B-4085-A891-C8A8CAD580C4}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{6FADFF9C-D5CC-4FE6-BE50-D88F4890EE5C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{2A0954A3-82FE-4485-800D-41885E120756}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{E964B2E7-115F-4C42-A396-CFDFA7ACDF80}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{9C262D9D-D467-468B-A02D-267FBDBB8201}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{D2619BD6-C06F-4B56-903A-2BCD230A96EA}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{48AA8E0A-B7D5-44A2-8F94-6A87459059E5}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{CF4FD5F0-6EBD-48CE-A9D4-6AF1C8FF5AB9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{611BF06F-6168-4914-8FFF-BB7AB9A3625C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8F9410DD-783F-4722-8364-9D6F3A5DD608}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{701D7699-8750-4DE3-B9CB-59B984EF9627}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{4FA81580-7088-4463-BFBF-0F1A9F150B67}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{F3C4521A-4A87-4AD8-9107-C8E1CF2FC3DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ADCAE321-5DAC-48B9-91F8-8C6BFEF4E2D5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2015 05:35:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/08/2015 04:46:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 65.1.168.192.in-addr.arpa. PTR Methos.local.

Error: (05/08/2015 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 65.1.168.192.in-addr.arpa. PTR Methos-2.local.

Error: (05/08/2015 04:22:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: atidxx32.dll, version: 8.17.10.395, time stamp: 0x4e723f15
Exception code: 0xc0000005
Fault offset: 0x00006961
Faulting process id: 0x3d30
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/08/2015 03:20:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adblockplusie-1.4.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3c14

Start Time: 01d089673af9ef0b

Termination Time: 0

Application Path: C:\Users\Donna\AppData\Local\Temp\is-GLSGN.tmp\adblockplusie-1.4.tmp

Report Id:

Error: (05/08/2015 01:22:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: Flash32_17_0_0_169.ocx, version: 17.0.0.169, time stamp: 0x5529d7e1
Exception code: 0xc0000005
Fault offset: 0x006aacca
Faulting process id: 0x2e80
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/08/2015 01:12:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17728 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 39b4

Start Time: 01d08954ab3d6ca3

Termination Time: 98

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (05/08/2015 00:55:12 AM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (05/08/2015 00:55:12 AM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

System errors:
=============
Error: (05/08/2015 04:47:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
3178864drv

Error: (05/08/2015 04:47:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The BlueStacks Android Service service hung on starting.

Error: (05/08/2015 04:46:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/08/2015 04:45:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/08/2015 04:38:06 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

Error: (05/04/2015 01:42:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/04/2015 01:42:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/04/2015 01:42:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/04/2015 01:42:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/04/2015 01:42:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Microsoft Office Sessions:
=========================
Error: (05/08/2015 05:35:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (05/08/2015 04:46:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 65.1.168.192.in-addr.arpa. PTR Methos.local.

Error: (05/08/2015 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 65.1.168.192.in-addr.arpa. PTR Methos-2.local.

Error: (05/08/2015 04:22:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1772855024724atidxx32.dll8.17.10.3954e723f15c0000005000069613d3001d0896a5f144a84C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dllb7d89741-f563-11e4-b015-9cb70d721049

Error: (05/08/2015 03:20:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: adblockplusie-1.4.tmp51.1052.0.03c1401d089673af9ef0b0C:\Users\Donna\AppData\Local\Temp\is-GLSGN.tmp\adblockplusie-1.4.tmp

Error: (05/08/2015 01:22:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1772855024724Flash32_17_0_0_169.ocx17.0.0.1695529d7e1c0000005006aacca2e8001d08955ecc73700C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\Macromed\Flash\Flash32_17_0_0_169.ocx8c9f8056-f54a-11e4-b015-9cb70d721049

Error: (05/08/2015 01:12:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1772839b401d08954ab3d6ca398C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (05/08/2015 00:55:12 AM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (05/08/2015 00:55:12 AM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

CodeIntegrity Errors:
===================================
  Date: 2015-03-26 03:27:50.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:55:14.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:42:51.633
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:42:47.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:04:51.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:02:55.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 01:44:16.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 01:44:09.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 01:38:37.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 01:38:17.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 64%
Total physical RAM: 3561.41 MB
Available physical RAM: 1251.99 MB
Total Pagefile: 7121 MB
Available Pagefile: 3993.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.51 GB) (Free:244.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.08 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive h: (My Passport) (Fixed) (Total:931.48 GB) (Free:460.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 895A24CC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Okay so what is the next step?

 

FrankenstienPC



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 08 May 2015 - 08:35 AM

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 FrankenstienPC

FrankenstienPC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:04 PM

Posted 08 May 2015 - 09:08 PM

Okay here is the log from Adwcleaner  scan :

# AdwCleaner v4.203 - Logfile created 08/05/2015 at 20:31:07
# Updated 30/04/2015 by Xplode
# Database : 2015-05-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Donna - METHOS
# Running from : C:\Users\Donna\Downloads\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Donna\AppData\Local\DownloadManager
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\user.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3ea5cc93-e372-4e4d-83b9-793689516a65}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3ea5cc93-e372-4e4d-83b9-793689516a65}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Mozilla Firefox v37.0.2 (x86 en-US)

-\\ Google Chrome v42.0.2311.135

[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332464&octid=EB_ORIGINAL_CTID&ISID=C53348B8-4647-426A-8FF8-DC69AE2E8048&SearchSource=58&CUI=&UM=8&UP=SP12047539-8072-46D0-A4E9-9C18114016BF&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [3849 bytes] - [08/05/2015 20:19:32]
AdwCleaner[S0].txt - [3260 bytes] - [08/05/2015 20:31:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3319  bytes] ##########

 

 What's next Jurgen,?

 

Donna



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 08 May 2015 - 11:49 PM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 FrankenstienPC

FrankenstienPC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:04 PM

Posted 09 May 2015 - 12:13 AM

Okay Here is the FRST scan log :

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Donna (administrator) on METHOS on 08-05-2015 23:58:43
Running from C:\Users\Donna\Desktop
Loaded Profiles: Donna (Available profiles: Donna & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [984736 2011-10-22] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
HKU\S-1-5-21-3329493992-913906160-3006372120-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\Users\Donna\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-08-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Donna\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-03-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3329493992-913906160-3006372120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM -> {F6974BF7-E780-469F-963B-216B72CF080C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {F6974BF7-E780-469F-963B-216B72CF080C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {F6974BF7-E780-469F-963B-216B72CF080C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-22] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {160837A9-67E0-4E3F-8DD6-065361150FDA} https://service2.contactondemand.com/TAW/ClientLib/Collaboration.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-31] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-31] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MI4066~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-06-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-06-24] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tamarack-software.com/TGPlugin,version=7.5 -> C:\Program Files (x86)\Mozilla Firefox\Plugins\nptgeqplugin.dll [2013-07-16] (Tamarack Software, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll [2013-10-28] ()
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll [2013-02-07] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-3329493992-913906160-3006372120-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll [2013-07-16] (Tamarack Software, Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-04-16]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-04-16]
FF Extension: FacebookMakeup - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\jid1-WVbAc2l8jcpUyw@jetpack.xpi [2015-04-16]
FF Extension: Adblock Plus - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-22]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-31]

Chrome:
=======
CHR Profile: C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-22]
CHR Extension: (Bookmark Manager) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-05]
CHR Extension: (RealDownloader) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Skype Click to Call) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-10-22] (Atheros Commnucations) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-09-24] (Bradford Networks)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [429784 2015-03-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-10] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-10] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-30] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-24] (Electronic Arts)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 3178864drv; C:\Windows\System32\DRIVERS\3178864drv.sys [556632 2013-04-09] () [File not signed]
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-03-10] (BlueStack Systems)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-05-11] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-31] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-31] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2014-11-06] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 23:58 - 2015-05-08 23:59 - 00035295 _____ () C:\Users\Donna\Desktop\FRST.txt
2015-05-08 23:57 - 2015-05-08 23:57 - 02102272 _____ (Farbar) C:\Users\Donna\Desktop\FRST64.exe
2015-05-08 20:14 - 2015-05-08 20:31 - 00000000 ____D () C:\AdwCleaner
2015-05-08 20:14 - 2015-05-08 20:14 - 02204160 _____ () C:\Users\Donna\Downloads\adwcleaner_4.203.exe
2015-05-08 08:03 - 2015-05-08 23:58 - 00000000 ____D () C:\FRST
2015-05-08 04:43 - 2015-05-08 20:34 - 00006094 _____ () C:\Windows\PFRO.log
2015-05-08 03:49 - 2015-05-08 03:49 - 00003131 _____ () C:\MBAMScan.txt
2015-05-08 03:14 - 2015-05-08 03:15 - 06162288 _____ ( ) C:\Users\Donna\Downloads\adblockplusie-1.4.exe
2015-05-04 09:44 - 2015-05-04 09:44 - 00000000 ____D () C:\Users\Donna\Documents\05-04-2015
2015-05-03 23:56 - 2015-05-03 23:56 - 00001816 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-05-03 23:56 - 2015-05-03 23:56 - 00001767 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-03 23:54 - 2015-05-03 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-03 23:54 - 2015-05-03 23:54 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-03 23:51 - 2015-05-03 23:51 - 00000000 ____D () C:\Users\Donna\AppData\Local\Bluestacks
2015-05-03 23:21 - 2015-05-03 23:21 - 00570280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-03 01:00 - 2015-05-08 20:35 - 00000964 _____ () C:\Windows\setupact.log
2015-05-03 01:00 - 2015-05-03 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-02 00:59 - 2015-05-02 00:59 - 00009541 _____ () C:\Users\Donna\Downloads\pp.dat
2015-05-01 22:43 - 2015-05-01 22:43 - 00118056 _____ () C:\Users\Donna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-01 22:43 - 2015-05-01 22:43 - 00006680 _____ () C:\Users\Donna\Documents\cc_20150501_224303.reg
2015-04-30 01:03 - 2015-04-30 01:03 - 00000000 ____D () C:\Users\Donna\AppData\Local\Grammarly
2015-04-30 01:02 - 2015-04-30 01:02 - 00000000 ____D () C:\Users\Donna\AppData\Local\Package Cache
2015-04-29 22:51 - 2015-04-29 22:51 - 00001427 _____ () C:\Users\Public\Desktop\Ultima 8.lnk
2015-04-29 22:51 - 2015-04-29 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima 8
2015-04-22 19:04 - 2015-04-22 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 17:08 - 2015-04-22 17:08 - 00002444 _____ () C:\Users\Donna\Desktop\wal mart comment.txt
2015-04-14 13:15 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 13:15 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 13:15 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 13:15 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 13:15 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 13:15 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 13:15 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 13:15 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 13:15 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 13:15 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 13:15 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 13:15 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 13:15 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 13:15 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 13:15 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 13:15 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 13:15 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 13:15 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 13:15 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 13:15 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 13:15 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 13:15 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 13:15 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 13:15 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 13:15 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 13:15 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 13:15 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 13:15 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 13:15 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 13:15 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 13:15 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:15 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 13:15 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 13:15 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 13:15 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 13:15 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 13:15 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 13:15 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 13:15 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 13:15 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 13:15 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 13:15 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 13:15 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 13:15 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 13:15 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 13:15 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 13:15 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 13:15 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 13:15 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 13:15 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 13:15 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 13:15 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 13:15 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 13:15 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 13:15 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 13:15 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 13:15 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 13:15 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 13:15 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 13:15 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 13:15 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 13:15 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 13:14 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 13:14 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 13:14 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 13:14 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 13:14 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 13:14 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 13:14 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 13:14 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 13:14 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 13:14 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 13:14 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 13:14 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 13:14 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 13:14 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 13:14 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 13:14 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 13:14 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 13:14 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 13:14 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 13:14 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 13:14 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 13:14 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 13:14 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 13:14 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 13:14 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 13:14 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 13:14 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 13:14 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 13:14 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 13:14 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 13:14 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 13:14 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 13:14 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 13:14 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 13:14 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 04:08 - 2015-04-13 04:08 - 00000000 ____D () C:\Program Files (x86)\Grammarly
2015-04-12 14:27 - 2015-04-12 14:27 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-12 14:27 - 2015-04-12 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-12 14:26 - 2015-04-12 14:27 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-12 14:26 - 2015-04-12 14:27 - 00000000 ____D () C:\Program Files\iTunes
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Program Files\iPod
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 23:58 - 2012-08-20 10:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 23:43 - 2013-08-16 18:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-08 23:32 - 2012-09-03 18:05 - 00000000 ____D () C:\ProgramData\Kodak
2015-05-08 23:29 - 2013-05-03 15:09 - 01196303 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 22:49 - 2015-03-31 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-08 22:09 - 2012-10-29 19:06 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDonna
2015-05-08 22:09 - 2012-10-29 19:06 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForDonna.job
2015-05-08 21:27 - 2015-04-05 17:40 - 00000000 ____D () C:\Users\Donna\AppData\Local\Razer
2015-05-08 21:27 - 2015-04-05 17:39 - 00000000 ____D () C:\ProgramData\Razer
2015-05-08 21:27 - 2015-04-05 17:39 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-05-08 20:47 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 20:47 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 20:36 - 2015-02-22 18:12 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-08 20:36 - 2013-08-16 18:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-08 20:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 04:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-05-08 04:22 - 2012-09-10 15:09 - 00000000 ____D () C:\Users\Donna\AppData\Local\CrashDumps
2015-05-08 04:10 - 2012-08-05 19:41 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E07EC201-85B8-4BFC-BB7F-611DB5ADF584}
2015-05-08 03:22 - 2014-05-22 10:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 01:24 - 2013-10-27 19:00 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-05-08 00:55 - 2011-12-25 04:20 - 00000000 ____D () C:\ProgramData\Temp
2015-05-06 09:42 - 2014-08-19 18:58 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-06 02:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-05 06:44 - 2013-09-29 17:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-05 06:41 - 2012-08-05 23:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-04 19:18 - 2012-08-13 22:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-04 09:43 - 2009-07-14 00:13 - 00862832 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 23:56 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-03 23:54 - 2014-06-03 22:47 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-03 23:41 - 2012-10-08 20:40 - 00000000 ____D () C:\Users\Donna\Desktop\Anti-Spyware
2015-05-03 23:40 - 2012-08-22 21:57 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 01:10 - 2014-05-19 00:52 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\iFunbox_UserCache
2015-05-01 22:15 - 2012-08-21 15:36 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-01 20:54 - 2014-05-22 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-01 20:54 - 2014-05-22 10:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-01 20:28 - 2013-06-06 23:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-30 01:51 - 2013-06-26 21:31 - 00000000 ____D () C:\ProgramData\Origin
2015-04-30 01:03 - 2013-10-27 19:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-29 22:50 - 2013-06-25 00:28 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-04-29 22:50 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-28 18:22 - 2015-02-22 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-28 18:22 - 2015-02-22 18:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-28 13:47 - 2015-03-31 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-28 13:46 - 2012-11-25 00:04 - 00000000 ____D () C:\Users\Donna\Documents\Outlook Files
2015-04-24 21:05 - 2013-06-25 00:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-23 14:41 - 2014-05-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-22 16:52 - 2014-06-22 19:06 - 00000823 _____ () C:\Windows\wininit.ini
2015-04-22 16:52 - 2012-10-01 03:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-16 19:12 - 2012-08-05 07:31 - 00000000 ____D () C:\Users\Donna
2015-04-15 10:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 10:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 09:32 - 2014-12-11 00:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 09:32 - 2014-05-06 17:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 09:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 09:13 - 2011-12-25 04:06 - 00855446 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 09:05 - 2013-07-11 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 08:40 - 2012-08-11 12:18 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 08:39 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-14 22:47 - 2013-02-10 12:28 - 00312320 ___SH () C:\Users\Donna\Documents\Thumbs.db
2015-04-14 13:58 - 2012-08-20 10:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 13:58 - 2012-08-20 10:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 13:58 - 2011-10-15 01:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 09:37 - 2014-05-22 10:20 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-05-22 10:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-05-22 10:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 14:26 - 2012-08-09 13:44 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2013-09-08 23:58 - 2014-12-29 19:31 - 0000000 _____ () C:\Users\Donna\AppData\Roaming\bitlord_log.txt
2014-03-26 23:17 - 2014-12-03 14:05 - 0002395 _____ () C:\Users\Donna\AppData\Roaming\SAS7_000.DAT
2012-09-03 18:15 - 2012-09-03 18:15 - 0000236 _____ () C:\Users\Donna\AppData\Local\LaunchHomeCenter.log
2014-12-29 19:32 - 2014-12-29 19:32 - 0000218 _____ () C:\Users\Donna\AppData\Local\recently-used.xbel
2014-03-27 18:41 - 2014-03-27 18:41 - 0007609 _____ () C:\Users\Donna\AppData\Local\Resmon.ResmonCfg
2012-08-05 20:01 - 2012-08-05 20:01 - 0017408 _____ () C:\Users\Donna\AppData\Local\WebpageIcons.db

Files to move or delete:
====================
C:\Users\Donna\EM-K61A-33000-DLM-SR.exe
C:\Users\Donna\EM-K61A-33000.exe

Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\Quarantine.exe
C:\Users\Donna\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 01:43

==================== End Of Log ============================

Here is the Additions log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Donna (administrator) on METHOS on 08-05-2015 23:58:43
Running from C:\Users\Donna\Desktop
Loaded Profiles: Donna (Available profiles: Donna & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [984736 2011-10-22] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe /tray
HKU\S-1-5-21-3329493992-913906160-3006372120-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234064 2014-05-06] (Eastman Kodak Company)
Startup: C:\Users\Donna\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-08-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office2010\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Donna\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-03-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3329493992-913906160-3006372120-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM -> {F6974BF7-E780-469F-963B-216B72CF080C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {F6974BF7-E780-469F-963B-216B72CF080C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3329493992-913906160-3006372120-1001 -> {F6974BF7-E780-469F-963B-216B72CF080C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-22] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {160837A9-67E0-4E3F-8DD6-065361150FDA} https://service2.contactondemand.com/TAW/ClientLib/Collaboration.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-31] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-31] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MI4066~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-06-24] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-06-24] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tamarack-software.com/TGPlugin,version=7.5 -> C:\Program Files (x86)\Mozilla Firefox\Plugins\nptgeqplugin.dll [2013-07-16] (Tamarack Software, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll [2013-10-28] ()
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll [2013-02-07] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-3329493992-913906160-3006372120-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Donna\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll [2013-07-16] (Tamarack Software, Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-04-16]
FF Extension: YouTube Video and Audio Downloader - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2015-04-16]
FF Extension: FacebookMakeup - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\jid1-WVbAc2l8jcpUyw@jetpack.xpi [2015-04-16]
FF Extension: Adblock Plus - C:\Users\Donna\AppData\Roaming\Mozilla\Firefox\Profiles\oylepiqq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-16]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-22]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-31]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-31]

Chrome:
=======
CHR Profile: C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-22]
CHR Extension: (Bookmark Manager) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-05]
CHR Extension: (RealDownloader) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (Skype Click to Call) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-22]
CHR Extension: (Google Wallet) - C:\Users\Donna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-10-22] (Atheros Commnucations) [File not signed]
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-09-24] (Bradford Networks)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [429784 2015-03-10] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-03-10] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-03-10] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-30] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-24] (Electronic Arts)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 3178864drv; C:\Windows\System32\DRIVERS\3178864drv.sys [556632 2013-04-09] () [File not signed]
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145624 2015-03-10] (BlueStack Systems)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-05-11] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-31] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-31] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2014-11-06] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tclondrv; C:\Windows\System32\DRIVERS\tclondrv.sys [26856 2012-02-24] (TuneClone Software)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 23:58 - 2015-05-08 23:59 - 00035295 _____ () C:\Users\Donna\Desktop\FRST.txt
2015-05-08 23:57 - 2015-05-08 23:57 - 02102272 _____ (Farbar) C:\Users\Donna\Desktop\FRST64.exe
2015-05-08 20:14 - 2015-05-08 20:31 - 00000000 ____D () C:\AdwCleaner
2015-05-08 20:14 - 2015-05-08 20:14 - 02204160 _____ () C:\Users\Donna\Downloads\adwcleaner_4.203.exe
2015-05-08 08:03 - 2015-05-08 23:58 - 00000000 ____D () C:\FRST
2015-05-08 04:43 - 2015-05-08 20:34 - 00006094 _____ () C:\Windows\PFRO.log
2015-05-08 03:49 - 2015-05-08 03:49 - 00003131 _____ () C:\MBAMScan.txt
2015-05-08 03:14 - 2015-05-08 03:15 - 06162288 _____ ( ) C:\Users\Donna\Downloads\adblockplusie-1.4.exe
2015-05-04 09:44 - 2015-05-04 09:44 - 00000000 ____D () C:\Users\Donna\Documents\05-04-2015
2015-05-03 23:56 - 2015-05-03 23:56 - 00001816 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-05-03 23:56 - 2015-05-03 23:56 - 00001767 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-05-03 23:54 - 2015-05-03 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-05-03 23:54 - 2015-05-03 23:54 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-05-03 23:51 - 2015-05-03 23:51 - 00000000 ____D () C:\Users\Donna\AppData\Local\Bluestacks
2015-05-03 23:21 - 2015-05-03 23:21 - 00570280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-03 01:00 - 2015-05-08 20:35 - 00000964 _____ () C:\Windows\setupact.log
2015-05-03 01:00 - 2015-05-03 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-02 00:59 - 2015-05-02 00:59 - 00009541 _____ () C:\Users\Donna\Downloads\pp.dat
2015-05-01 22:43 - 2015-05-01 22:43 - 00118056 _____ () C:\Users\Donna\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-01 22:43 - 2015-05-01 22:43 - 00006680 _____ () C:\Users\Donna\Documents\cc_20150501_224303.reg
2015-04-30 01:03 - 2015-04-30 01:03 - 00000000 ____D () C:\Users\Donna\AppData\Local\Grammarly
2015-04-30 01:02 - 2015-04-30 01:02 - 00000000 ____D () C:\Users\Donna\AppData\Local\Package Cache
2015-04-29 22:51 - 2015-04-29 22:51 - 00001427 _____ () C:\Users\Public\Desktop\Ultima 8.lnk
2015-04-29 22:51 - 2015-04-29 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima 8
2015-04-22 19:04 - 2015-04-22 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 17:08 - 2015-04-22 17:08 - 00002444 _____ () C:\Users\Donna\Desktop\wal mart comment.txt
2015-04-14 13:15 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 13:15 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 13:15 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 13:15 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 13:15 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 13:15 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 13:15 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 13:15 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 13:15 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 13:15 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 13:15 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 13:15 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 13:15 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 13:15 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 13:15 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 13:15 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 13:15 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 13:15 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 13:15 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 13:15 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 13:15 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 13:15 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 13:15 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 13:15 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 13:15 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 13:15 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 13:15 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:15 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 13:15 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 13:15 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 13:15 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 13:15 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 13:15 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 13:15 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 13:15 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 13:15 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 13:15 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 13:15 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:15 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:15 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 13:15 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 13:15 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 13:15 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 13:15 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 13:15 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 13:15 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 13:15 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 13:15 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 13:15 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 13:15 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 13:15 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 13:15 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 13:15 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 13:15 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 13:15 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 13:15 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 13:15 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 13:15 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 13:15 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 13:15 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 13:15 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 13:15 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 13:15 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 13:15 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 13:15 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 13:15 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 13:15 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 13:15 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 13:15 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 13:15 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 13:14 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 13:14 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 13:14 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 13:14 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 13:14 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 13:14 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 13:14 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 13:14 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 13:14 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 13:14 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 13:14 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 13:14 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 13:14 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 13:14 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 13:14 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 13:14 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 13:14 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 13:14 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 13:14 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 13:14 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 13:14 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 13:14 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 13:14 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 13:14 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 13:14 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 13:14 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 13:14 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 13:14 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 13:14 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 13:14 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 13:14 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 13:14 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 13:14 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 13:14 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 13:14 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 04:08 - 2015-04-13 04:08 - 00000000 ____D () C:\Program Files (x86)\Grammarly
2015-04-12 14:27 - 2015-04-12 14:27 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-12 14:27 - 2015-04-12 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-12 14:26 - 2015-04-12 14:27 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-12 14:26 - 2015-04-12 14:27 - 00000000 ____D () C:\Program Files\iTunes
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Program Files\iPod
2015-04-12 14:26 - 2015-04-12 14:26 - 00000000 ____D () C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 23:58 - 2012-08-20 10:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-08 23:43 - 2013-08-16 18:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-08 23:32 - 2012-09-03 18:05 - 00000000 ____D () C:\ProgramData\Kodak
2015-05-08 23:29 - 2013-05-03 15:09 - 01196303 _____ () C:\Windows\WindowsUpdate.log
2015-05-08 22:49 - 2015-03-31 22:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-08 22:09 - 2012-10-29 19:06 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDonna
2015-05-08 22:09 - 2012-10-29 19:06 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForDonna.job
2015-05-08 21:27 - 2015-04-05 17:40 - 00000000 ____D () C:\Users\Donna\AppData\Local\Razer
2015-05-08 21:27 - 2015-04-05 17:39 - 00000000 ____D () C:\ProgramData\Razer
2015-05-08 21:27 - 2015-04-05 17:39 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-05-08 20:47 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-08 20:47 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-08 20:36 - 2015-02-22 18:12 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-08 20:36 - 2013-08-16 18:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-08 20:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-08 04:43 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-05-08 04:22 - 2012-09-10 15:09 - 00000000 ____D () C:\Users\Donna\AppData\Local\CrashDumps
2015-05-08 04:10 - 2012-08-05 19:41 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E07EC201-85B8-4BFC-BB7F-611DB5ADF584}
2015-05-08 03:22 - 2014-05-22 10:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 01:24 - 2013-10-27 19:00 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-05-08 00:55 - 2011-12-25 04:20 - 00000000 ____D () C:\ProgramData\Temp
2015-05-06 09:42 - 2014-08-19 18:58 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-05-06 02:17 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-05 06:44 - 2013-09-29 17:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-05 06:41 - 2012-08-05 23:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-04 19:18 - 2012-08-13 22:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-04 09:43 - 2009-07-14 00:13 - 00862832 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-03 23:56 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-03 23:54 - 2014-06-03 22:47 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-05-03 23:41 - 2012-10-08 20:40 - 00000000 ____D () C:\Users\Donna\Desktop\Anti-Spyware
2015-05-03 23:40 - 2012-08-22 21:57 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-02 01:10 - 2014-05-19 00:52 - 00000000 ____D () C:\Users\Donna\AppData\Roaming\iFunbox_UserCache
2015-05-01 22:15 - 2012-08-21 15:36 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-01 20:54 - 2014-05-22 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-01 20:54 - 2014-05-22 10:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-01 20:28 - 2013-06-06 23:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-30 01:51 - 2013-06-26 21:31 - 00000000 ____D () C:\ProgramData\Origin
2015-04-30 01:03 - 2013-10-27 19:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-29 22:50 - 2013-06-25 00:28 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-04-29 22:50 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-28 18:22 - 2015-02-22 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-28 18:22 - 2015-02-22 18:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-28 13:47 - 2015-03-31 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-28 13:46 - 2012-11-25 00:04 - 00000000 ____D () C:\Users\Donna\Documents\Outlook Files
2015-04-24 21:05 - 2013-06-25 00:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-23 14:41 - 2014-05-03 17:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-22 16:52 - 2014-06-22 19:06 - 00000823 _____ () C:\Windows\wininit.ini
2015-04-22 16:52 - 2012-10-01 03:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-16 19:12 - 2012-08-05 07:31 - 00000000 ____D () C:\Users\Donna
2015-04-15 10:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 10:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 09:32 - 2014-12-11 00:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 09:32 - 2014-05-06 17:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 09:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 09:13 - 2011-12-25 04:06 - 00855446 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 09:05 - 2013-07-11 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 08:40 - 2012-08-11 12:18 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 08:39 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-14 22:47 - 2013-02-10 12:28 - 00312320 ___SH () C:\Users\Donna\Documents\Thumbs.db
2015-04-14 13:58 - 2012-08-20 10:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 13:58 - 2012-08-20 10:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 13:58 - 2011-10-15 01:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 09:37 - 2014-05-22 10:20 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-05-22 10:20 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-05-22 10:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 14:26 - 2012-08-09 13:44 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2013-09-08 23:58 - 2014-12-29 19:31 - 0000000 _____ () C:\Users\Donna\AppData\Roaming\bitlord_log.txt
2014-03-26 23:17 - 2014-12-03 14:05 - 0002395 _____ () C:\Users\Donna\AppData\Roaming\SAS7_000.DAT
2012-09-03 18:15 - 2012-09-03 18:15 - 0000236 _____ () C:\Users\Donna\AppData\Local\LaunchHomeCenter.log
2014-12-29 19:32 - 2014-12-29 19:32 - 0000218 _____ () C:\Users\Donna\AppData\Local\recently-used.xbel
2014-03-27 18:41 - 2014-03-27 18:41 - 0007609 _____ () C:\Users\Donna\AppData\Local\Resmon.ResmonCfg
2012-08-05 20:01 - 2012-08-05 20:01 - 0017408 _____ () C:\Users\Donna\AppData\Local\WebpageIcons.db

Files to move or delete:
====================
C:\Users\Donna\EM-K61A-33000-DLM-SR.exe
C:\Users\Donna\EM-K61A-33000.exe

Some content of TEMP:
====================
C:\Users\Donna\AppData\Local\Temp\Quarantine.exe
C:\Users\Donna\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 01:43

==================== End Of Log ============================

 

Okay Jurgen, now what do we do?

 

Donna



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 09 May 2015 - 12:23 AM

Hi,
the new Addition.txt is missing. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 FrankenstienPC

FrankenstienPC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:04 PM

Posted 09 May 2015 - 12:35 AM

Hmm There's an addition.txt there.



#10 FrankenstienPC

FrankenstienPC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:04 PM

Posted 09 May 2015 - 12:42 AM

ARRGGGH! I posted the same one twice, I see that now.  I'm sorry!

Here's the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Donna at 2015-05-09 00:00:22
Running from C:\Users\Donna\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3329493992-913906160-3006372120-500 - Administrator - Disabled)
Donna (S-1-5-21-3329493992-913906160-3006372120-1001 - Administrator - Enabled) => C:\Users\Donna
Guest (S-1-5-21-3329493992-913906160-3006372120-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3329493992-913906160-3006372120-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Amazing Bubbles 3D 1.2 (HKLM-x32\...\Amazing Bubbles 3D_is1) (Version:  - Rixane Interactive)
AMD Catalyst Install Manager (HKLM\...\{F37A899E-1745-52F5-658F-9A4DA4D46BB7}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.102 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
BD_3D Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.5913 - CyberLink Corp.)
Beats Updater (HKLM-x32\...\{DB050B26-820C-485F-94EA-536B47C2530B}) (Version: 1.1.93.0 - Beats Electronics, LLC)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4FCF716C-CEB4-499D-AFB8-A5375105EC2A}) (Version: 0.9.17.9138 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bradford Persistent Agent (HKLM-x32\...\{97FBB5BD-BCAD-4075-B87B-DD1DB9A70AB6}) (Version: 2.2.8.2 - Bradford Networks)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy - Pizza Party (x32 Version: 2.2.0.97 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\{67ea7aa0-ae09-4050-a01a-26e212b3d0d0}) (Version: 6.4.104.5108 - Grammarly)
Grammarly for Microsoft® Office Suite (x32 Version: 6.4.104.5108 - Grammarly) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HWiNFO64 Version 4.38 (HKLM\...\HWiNFO64_is1) (Version: 4.38 - Martin Malík - REALiX)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
New 7 Wonders 3D Screensaver v. 1.1 (HKLM-x32\...\New 7 Wonders 3D Screensaver_is1) (Version:  - new7wonders.com)
NOOK Study (HKLM-x32\...\NOOK Study) (Version: 2.1.2.28770 - Barnesandnoble.com)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Paltalk Messenger  10.4 (HKLM-x32\...\Paltalk Messenger) (Version: 10.4.0 - AVM Software Inc.)
PeaZip 5.4.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sim AQUARIUM 2 (HKLM-x32\...\Sim AQUARIUM 2_is1) (Version: 2.6d - Digital Illusions Software)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Super Mario World Screensaver (HKLM-x32\...\Super Mario World Screensaver) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1164 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Katy Perry's Sweet Treats (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TuneClone 2.20 (HKLM\...\TuneClone_is1) (Version:  - TuneClone.com)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Ultima Online Classic Client (HKLM-x32\...\Ultima Online Classic) (Version:  - Electronic Arts)
Ultima Online Enhanced Client (HKLM-x32\...\Ultima Online Enhanced) (Version:  - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-3329493992-913906160-3006372120-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
UO Auto-Map 9.0.0 (HKLM-x32\...\UO Auto-Map) (Version: 9.0.0 - UOAM)
UOAssist (HKLM-x32\...\UOAssist) (Version:  - )
UOCartographer 0.9 (HKLM-x32\...\UOCartographer 0.9) (Version:  - UOCartographer.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Driver Package - Beats Electronics, LLC (libusb0) Beats Devices  (06/24/2014 1.1.1.0) (HKLM\...\F8B39E2BA074C56762575C7A73506B5AA5ECD5ED) (Version: 06/24/2014 1.1.1.0 - Beats Electronics, LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Worlds of Ultima - The Savage Empire (HKLM-x32\...\GOGPACKWORLDSOFULTIMASAVAGE_is1) (Version: 2.0.0.26 - GOG.com)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3329493992-913906160-3006372120-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-04-2015 21:07:12 Scheduled Checkpoint
02-05-2015 11:49:27 Scheduled Checkpoint
03-05-2015 23:29:42 Removed BlueStacks Notification Center
08-05-2015 01:21:43 Installed Adblock Plus for IE (32-bit and 64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-05-07 00:31 - 00000824 ____R C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1B032E9A-30EE-4FAB-BDD1-8BC2F72443BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {23F60746-7A7E-4C19-9D77-C7A4C5452259} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {27B21A15-25EE-4849-8CE4-D6D7C6797051} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {35E17E70-CD59-46E7-A965-9F826758FC4A} - System32\Tasks\{28D1CCB3-81BE-4DB3-9831-652F9124091F} => pcalua.exe -a "C:\Users\Donna\Downloads\Bradford Persistent Agent.exe" -d C:\Users\Donna\Downloads
Task: {465DBA2D-5C53-4172-9831-BCA28F43766B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4D1C69DC-8617-46A1-8C53-55290C4333E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-16] (Google Inc.)
Task: {625C43C2-3F5C-4600-BADD-F0F73AE53770} - System32\Tasks\{EA35B241-8B86-4415-B614-931B08C1EB9A} => C:\Program Files (x86)\Electronic Arts\Ultima Online Classic\UO.exe [2012-02-27] (Bioware, an EA Studio)
Task: {6E57B879-CC0E-4A30-BFE3-4F16FBE78A08} - System32\Tasks\{48FD321F-CC42-4B02-8C56-A8FC66376C48} => pcalua.exe -a C:\Users\Donna\Downloads\screensaverx2\screensaverx\screensaver\ultimate_babesavers.exe
Task: {776238D6-2C7B-4F26-8425-5A72D982D690} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {83ECD43E-30A4-4C16-8368-1A29AB9C9593} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {8602CAA7-F7C1-4719-A89F-5C1F8138BB83} - System32\Tasks\HPCeeScheduleForDonna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {87E418BF-4F08-439E-9D65-08D67DACFF14} - System32\Tasks\{9843A2D6-DCF7-45F5-913B-C70037DE7848} => C:\Program Files (x86)\Electronic Arts\Ultima Online Classic\UO.exe [2012-02-27] (Bioware, an EA Studio)
Task: {8D872BBE-41F5-46FE-AF66-AE4B764C9F42} - System32\Tasks\{EA9945E9-09FC-4891-90DC-ADC83DE7E5B1} => pcalua.exe -a C:\Users\Donna\Downloads\screensaverx2\screensaverx\screensaver\amazingbubbles3d_dc.exe -d C:\Users\Donna\Downloads\screensaverx2\screensaverx\screensaver
Task: {8F0A8D25-6591-4EAE-A869-62F5298D58A4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink)
Task: {968EECEF-7C76-46B1-B39C-059FECABC493} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9D5CD078-4A90-4831-AD9E-FE2F79D80A9F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {9FF2AB17-1B7B-49E3-99B9-226AE77EAC39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9FF8B192-76AD-4640-9185-0ABA1974D0A6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {AAE2D2AE-E032-4AB2-876D-110A5C17D619} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {AEB8318B-F51A-4EE1-B00E-16FF973BD50B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AF69D4C7-36A8-4BB5-BFAB-74E3D89C7C51} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {CA98CEF6-CE97-4F7D-83A4-6A5AD6A4326E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {CF5F33B2-9DA9-436C-9652-D647F1F4F539} - System32\Tasks\{F39CFBC0-3C05-4D04-858D-CE971F2E2FB7} => C:\Program Files (x86)\Electronic Arts\Ultima Online Classic\UO.exe [2012-02-27] (Bioware, an EA Studio)
Task: {E25B5B2D-A444-47D7-AE69-B6485BAC8E1B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {EE868EE4-D2E6-457A-B49A-2E91F5399B94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDonna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2012-12-19 15:32 - 2012-12-19 15:32 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-17 18:39 - 2012-10-17 18:39 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-17 18:39 - 2012-10-17 18:39 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-12-19 15:32 - 2012-12-19 15:32 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-11 17:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-19 01:13 - 2015-01-27 10:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2014-11-18 01:05 - 2014-11-18 01:05 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-09-24 14:02 - 2014-09-24 14:02 - 00081056 _____ () C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B174FAE
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3329493992-913906160-3006372120-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Donna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk => C:\Windows\pss\Amazon Unbox.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Donna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2013 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2013 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Donna^Start Menu^Programs^Startup^OneNote 2013 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2013 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Donna^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Donna^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DNS7reminder => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
MSCONFIG\startupreg: DownloadManager => "c:\Program Files (x86)\Download Manager\Download Manager\DownloadManager.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office2010\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SkyDrive => "C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TuneClone => C:\Program Files\TuneClone\TuneClone.exe /silence

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{F463F9A5-14B5-4963-AD62-E106671621B5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{EEB35DCF-F8EC-4ADF-AC93-6DF48813EFA5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{307E7DC6-3FE4-4787-884E-55A29CBF151F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{72D11655-39F0-4D69-A19D-54B0DDF75587}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{111B79AA-B511-4655-B3BB-03F1627F8A1D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D37322CE-74DD-46D2-A71E-782F2C83E146}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9C152CDE-5413-4B4C-B8EE-ECB3A0656758}] => (Allow) LPort=2869
FirewallRules: [{F77CFD0A-A9B6-4448-B8A1-7FA5479E4D7B}] => (Allow) LPort=1900
FirewallRules: [{7988778C-60AB-474D-967B-017FF3174204}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AF66DDF2-FA61-4016-BBA7-9F7FDEFA8165}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{516ECF22-1E9D-447F-B749-C526F8ADDC50}] => (Allow) C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E9546CBA-A5DB-4D30-BAEE-2D04778F888F}] => (Allow) C:\Users\Donna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5812089D-8647-4151-B0B7-C883AEDEDAA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D29BB3CE-ACE8-4A19-994C-7C267AB3EE3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1BEE89C4-C2AD-43AC-8A5D-812F1E4488B4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{84C97035-A5E9-458F-A1BA-679A3DA6D6F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66E12395-C8A2-42BA-8AA6-2F2A36BF8D6A}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{BFB5B6A1-3DE5-4B14-B63F-F7EBB9725548}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{F9CA5AFF-BDC7-413E-8E7A-788177CD1BB7}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{17A38368-BBE2-4A0B-92D8-2C61BEF6E668}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{ADF8DCED-BD87-4E11-B072-8445C353AFB4}] => (Allow) LPort=5353
FirewallRules: [{F8EF40EF-CB79-4CB4-9104-05930973DF05}] => (Allow) LPort=9322
FirewallRules: [{A3528B68-8204-4584-BEEA-A8C38E5040ED}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{374705D1-D23D-40E2-AF02-35EBEEF7E9CE}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exe
FirewallRules: [UDP Query User{255D0A80-3E96-4B73-9345-0159D6367590}C:\program files (x86)\electronic arts\ultima online classic\client.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online classic\client.exe
FirewallRules: [TCP Query User{6C6D90E8-CF76-4823-9902-A31B8780C0D7}C:\program files (x86)\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [UDP Query User{CCD35A0D-7BBE-40DD-9504-E742AB619091}C:\program files (x86)\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\program files (x86)\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [TCP Query User{B42E21C2-142B-4493-99AE-0B1E281FE567}C:\program files (x86)\eclipse-sdk32\eclipse\eclipse.exe] => (Allow) C:\program files (x86)\eclipse-sdk32\eclipse\eclipse.exe
FirewallRules: [UDP Query User{AE230C57-EEEA-4161-8FD2-FD122F1474F3}C:\program files (x86)\eclipse-sdk32\eclipse\eclipse.exe] => (Allow) C:\program files (x86)\eclipse-sdk32\eclipse\eclipse.exe
FirewallRules: [TCP Query User{8C48B881-89F8-46FD-92BB-1A92F06A11D1}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [UDP Query User{EDCD234C-D2A1-4CA4-BEFA-7793C31784F9}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe
FirewallRules: [{E284B3F8-D3F3-4294-95C8-955529F04A2F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{BBC8AFB0-9A4D-4F53-90A6-C76DBD3374BF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{0295E748-88F0-4278-91B1-139583EA6BE3}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{87467451-D2D6-4624-8C86-07DBD51BD116}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{02CAA021-A332-47DC-BE94-B3AA0A1607FF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{FE947EFE-BEBF-45C1-A9A8-015E21FDB087}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{A14F547D-7A01-430B-BADA-D657D724ADD4}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{95D4E39C-F2B4-485F-A551-CCEBA830B83B}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{D36FC650-5858-4FF6-B045-CCF112F03172}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{AE897871-AF3D-4657-A155-FBE76645FC59}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{369FAAEB-0F11-4EA3-99E4-5CB3ACF2B938}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{01865C06-B8A5-425D-B836-6E1313E1C452}] => (Allow) C:\NOOKstudy\NOOKStudy.exe
FirewallRules: [{0F1B0B93-5178-4A10-A00E-D62A77990F0C}] => (Allow) C:\NOOKstudy\NOOKStudy.exe
FirewallRules: [TCP Query User{B4619D48-9E7B-4962-B255-DF92C6BFC3A1}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{2546AFBF-3503-482A-ACF5-8B72A36BAF12}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{30E0C0A7-99C7-4222-81D3-39B6568FC06C}] => (Allow) C:\Program Files (x86)\Microsoft Office2010\Office14\ONENOTE.EXE
FirewallRules: [{98093FC5-B80B-497D-920D-A0469322CCC4}] => (Allow) C:\Program Files (x86)\Microsoft Office2010\Office14\ONENOTE.EXE
FirewallRules: [{0D4B3C09-B21D-4AB0-80EF-128C3F4D33B0}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{66F11A80-1EB6-4071-9CAA-8EE61DD850E5}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{2D8ABF84-5868-4799-AA52-4721F33173B5}] => (Allow) LPort=51001
FirewallRules: [{49BE0B6B-AB31-4B14-B623-6AE1F8256228}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{28C0B5F9-FE79-4DF3-A35A-261A5E722E83}] => (Allow) LPort=51001
FirewallRules: [{72578B38-8ED4-47F1-89F9-4D65FE448561}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{4AD61C69-0B01-4F31-B9D9-3515162474AE}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{6CB11C3C-9752-4F1A-970A-CDBA6FC3B035}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\WolframCDFPlayer.exe
FirewallRules: [{685F2902-75DB-43A9-8E4D-50E06D617836}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\WolframCDFPlayer.exe
FirewallRules: [{B8149224-55DB-4E0F-955D-B4A3C96BCF14}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\math.exe
FirewallRules: [{E946F0F8-DF8A-4D65-8BB1-6BB7C25C20B2}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\math.exe
FirewallRules: [TCP Query User{6C6F6C75-9BC5-414B-B012-A7B9BFC3CD73}C:\program files (x86)\uoam\uoam.exe] => (Allow) C:\program files (x86)\uoam\uoam.exe
FirewallRules: [UDP Query User{7C6FDF29-564D-49D3-B727-4F73933FA576}C:\program files (x86)\uoam\uoam.exe] => (Allow) C:\program files (x86)\uoam\uoam.exe
FirewallRules: [TCP Query User{26344BDE-BE0F-46A4-B1FD-1D09FF04457B}C:\program files (x86)\uoam\uoam_locked.exe] => (Allow) C:\program files (x86)\uoam\uoam_locked.exe
FirewallRules: [UDP Query User{DB6FA017-8128-4096-9CA3-536588407440}C:\program files (x86)\uoam\uoam_locked.exe] => (Allow) C:\program files (x86)\uoam\uoam_locked.exe
FirewallRules: [{2E40D100-9B5C-4BE3-B999-6E3063B1BAD5}] => (Allow) LPort=9322
FirewallRules: [{FB1D2788-160B-4D19-8D45-BDDE3FB8DA85}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{1D7944CA-01D5-4A3C-A43D-E809F879E6AC}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{4A8DD8F4-B95E-4C3D-B73F-1BE6B6D01662}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{5AE6AC7A-0E6B-4085-A891-C8A8CAD580C4}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{6FADFF9C-D5CC-4FE6-BE50-D88F4890EE5C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{2A0954A3-82FE-4485-800D-41885E120756}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{E964B2E7-115F-4C42-A396-CFDFA7ACDF80}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{9C262D9D-D467-468B-A02D-267FBDBB8201}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{D2619BD6-C06F-4B56-903A-2BCD230A96EA}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{48AA8E0A-B7D5-44A2-8F94-6A87459059E5}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{CF4FD5F0-6EBD-48CE-A9D4-6AF1C8FF5AB9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{611BF06F-6168-4914-8FFF-BB7AB9A3625C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8F9410DD-783F-4722-8364-9D6F3A5DD608}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{701D7699-8750-4DE3-B9CB-59B984EF9627}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{4FA81580-7088-4463-BFBF-0F1A9F150B67}] => (Allow) C:\Program Files (x86)\Origin Games\Ultima 8\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{F3C4521A-4A87-4AD8-9107-C8E1CF2FC3DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ADCAE321-5DAC-48B9-91F8-8C6BFEF4E2D5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2015 08:39:08 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/08/2015 08:37:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 08:36:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 65.1.168.192.in-addr.arpa. PTR Methos.local.

Error: (05/08/2015 08:36:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 65.1.168.192.in-addr.arpa. PTR Methos-2.local.

Error: (05/08/2015 05:35:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/08/2015 04:46:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 65.1.168.192.in-addr.arpa. PTR Methos.local.

Error: (05/08/2015 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 65.1.168.192.in-addr.arpa. PTR Methos-2.local.

Error: (05/08/2015 04:22:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: atidxx32.dll, version: 8.17.10.395, time stamp: 0x4e723f15
Exception code: 0xc0000005
Fault offset: 0x00006961
Faulting process id: 0x3d30
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (05/08/2015 03:20:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adblockplusie-1.4.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3c14

Start Time: 01d089673af9ef0b

Termination Time: 0

Application Path: C:\Users\Donna\AppData\Local\Temp\is-GLSGN.tmp\adblockplusie-1.4.tmp

Report Id:

System errors:
=============
Error: (05/08/2015 09:27:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RzKLService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/08/2015 09:00:59 PM) (Source: DCOM) (EventID: 10016) (User: Methos)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}MethosDonnaS-1-5-21-3329493992-913906160-3006372120-1001LocalHost (Using LRPC)

Error: (05/08/2015 09:00:59 PM) (Source: DCOM) (EventID: 10016) (User: Methos)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}MethosDonnaS-1-5-21-3329493992-913906160-3006372120-1001LocalHost (Using LRPC)

Error: (05/08/2015 08:39:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
3178864drv

Error: (05/08/2015 08:39:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (05/08/2015 08:38:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (05/08/2015 08:37:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (05/08/2015 08:36:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/08/2015 08:36:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BNPagent service.

Error: (05/08/2015 08:32:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%109

Microsoft Office Sessions:
=========================
Error: (05/08/2015 08:39:08 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (05/08/2015 08:37:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 08:36:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 65.1.168.192.in-addr.arpa. PTR Methos.local.

Error: (05/08/2015 08:36:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 65.1.168.192.in-addr.arpa. PTR Methos-2.local.

Error: (05/08/2015 05:35:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (05/08/2015 04:46:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/08/2015 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   14 65.1.168.192.in-addr.arpa. PTR Methos.local.

Error: (05/08/2015 04:44:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.65:5353   16 65.1.168.192.in-addr.arpa. PTR Methos-2.local.

Error: (05/08/2015 04:22:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1772855024724atidxx32.dll8.17.10.3954e723f15c0000005000069613d3001d0896a5f144a84C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dllb7d89741-f563-11e4-b015-9cb70d721049

Error: (05/08/2015 03:20:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: adblockplusie-1.4.tmp51.1052.0.03c1401d089673af9ef0b0C:\Users\Donna\AppData\Local\Temp\is-GLSGN.tmp\adblockplusie-1.4.tmp

CodeIntegrity Errors:
===================================
  Date: 2015-03-26 03:27:50.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:55:14.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:42:51.633
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:42:47.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:04:51.426
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 02:02:55.510
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 01:44:16.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 01:44:09.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 01:38:37.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-26 01:38:17.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 3561.41 MB
Available physical RAM: 1714.9 MB
Total Pagefile: 7121 MB
Available Pagefile: 4512.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.51 GB) (Free:244.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:20.08 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive h: (My Passport) (Fixed) (Total:931.48 GB) (Free:460.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 895A24CC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

sorry about that. :blush: 
 



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 09 May 2015 - 01:09 AM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 FrankenstienPC

FrankenstienPC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:04 PM

Posted 09 May 2015 - 07:18 PM

okay here is the log of ESET:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4ed9af749863f54591aae7900c207d87
# engine=23771
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-09 11:09:13
# local_time=2015-05-09 06:09:13 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1302 16777213 100 100 0 58680183 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 46498217 182756403 0 0
# scanned=348005
# found=7
# cleaned=0
# scan_time=30357
sh=CD11241C8A02AC9EC73A4A3BD701FB9C37538DBA ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Donna\AppData\Local\Downloaded Installations\{263E1DB9-E7C3-4F3E-AC28-9A519AD52AC8}\The Weather Channel App.msi"
sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Donna\Documents\ccsetup400.exe"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Donna\Documents\ccsetup407.exe"
sh=9FFE733FFA9E48BDE9F2D399822DA9FE5284CF55 ft=1 fh=6e56d9f8aef3b200 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI1B02.tmp"
sh=69F1638BF9FF8713FE8FB27F139E651DDEEAA4A5 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="H:\METHOS\Backup Set 2014-09-21 190001\Backup Files 2014-09-21 190001\Backup files 1.zip"
sh=0C20A10330DA58640511AE480D3596169E844A1F ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="H:\METHOS\Backup Set 2014-09-21 190001\Backup Files 2014-09-21 190001\Backup files 4.zip"
sh=6A7810C24B7083769A2D5225AA1FFAFFDE680D8A ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.SearchSuite.V potentially unwanted application" ac=I fn="H:\METHOS\Backup Set 2014-09-21 190001\Backup Files 2014-09-21 190001\Backup files 5.zip"
 

 

You been so helpful Jurgen.  Thank you.  Now on to the next step. :smilers:



#13 FrankenstienPC

FrankenstienPC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:04 PM

Posted 10 May 2015 - 02:19 AM

:hello:  :bounce:  :bananas: :bubbles:  :luke:  :warrior:  :guitar:  :horse:  :dance:  :whistle:  Hi Jurgen



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:04 PM

Posted 10 May 2015 - 04:21 AM

Hi there,
this is looking very good. No more active malware or adware has been found.

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    AlternateDataStreams: C:\ProgramData\Temp:0B174FAE
    AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
    AlternateDataStreams: C:\ProgramData\Temp:430C6D84
    AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
    BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 FrankenstienPC

FrankenstienPC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:04 PM

Posted 10 May 2015 - 06:22 AM

Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Donna at 2015-05-10 06:08:16 Run:1
Running from C:\Users\Donna\Desktop
Loaded Profiles: Donna (Available profiles: Donna & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
AlternateDataStreams: C:\ProgramData\Temp:0B174FAE
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
EmptyTemp:
*****************

Processes closed successfully.
C:\ProgramData\Temp => ":0B174FAE" ADS removed successfully.
C:\ProgramData\Temp => ":0FF263E8" ADS removed successfully.
C:\ProgramData\Temp => ":430C6D84" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{53707962-6F74-2D53-2644-206D7942484F} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => Key not found.
EmptyTemp: => Removed 314.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 06:08:32 ====

Okay Jurgen, what next?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users