TechSpot

Malware Removal

By Annette Ritchey
Oct 24, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-10-2015
    Ran by Scott (administrator) on SCOTT-HP (24-10-2015 11:33:44)
    Running from C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2KCE6TD
    Loaded Profiles: Scott (Available Profiles: Scott)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1688552 2015-10-20] (Bitdefender)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1416096 2015-10-13] (Bitdefender)
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\MountPoints2: {1efed613-6778-11e3-97f3-78acc0b234b4} - J:\mri.exe
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\MountPoints2: {641edd17-7a88-11e0-95dd-78acc0b234b4} - "J:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\MountPoints2: {78ffdc1c-0b80-11e3-ab6f-78acc0b234b4} - J:\LGAutoRun.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{88D6FDC8-C028-4379-A05F-5AA6C23B289B}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://srch-us10.hpwis.com/
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://srch-us10.hpwis.com/
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://srch-us10.hpwis.com/
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {4F8000CD-1FCD-4335-9B32-1015CC6CE2F7} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&I=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B6DA48CD-2D18-4459-BD8E-B01AA12CF8EE}&mid=7848e3bba93147ccac14a9e58656dd47-077c5738d1be2d7f41c1aa52f67fb2d73e11d89a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pit&pr=fr&d=2015-10-20 10:14:08&v=4.1.8.599&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-09-21] (Bitdefender)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-09-21] (Bitdefender)
    Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> No Name - {8D1223B9-9E7B-44C1-92C0-5D0DDDA38686} - No File
    Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
    DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} hxxp://74.95.137.254:88/webrec.cab
    DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\2ZG9qDU7.default
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
    FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Scott\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Extension: Avira Browser Safety - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\2ZG9qDU7.default\Extensions\abs@avira.com [2015-10-11] [not signed]
    FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff [2015-10-20] [not signed]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-10-20] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-10] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-10-20] [not signed]
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Norton Security Toolbar) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-09-17]
    CHR Extension: (Norton Identity Safe) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-28]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
    R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [823840 2015-09-22] (Bitdefender)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [124488 2015-09-29] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1572168 2015-10-14] (Bitdefender)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-05-28] (BitDefender)
    R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-05-29] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-05-28] (BitDefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
    S4 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
    R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [270248 2015-10-08] (Bitdefender)
    S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-08-05] (Belcarra Technologies) [File not signed]
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
    S3 cpuz134; \??\C:\Users\Scott\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-24 11:33 - 2015-10-24 11:33 - 00000000 ____D C:\FRST
    2015-10-22 05:18 - 2015-10-22 05:18 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-22 05:18 - 2015-10-22 05:18 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-21 22:29 - 2015-10-21 22:31 - 00000148 _____ C:\Windows\Reimage.ini
    2015-10-21 21:34 - 2015-10-21 21:35 - 00000000 ___HD C:\ProgramData\CanonIJScan
    2015-10-21 21:27 - 2015-10-21 21:30 - 00000000 ___HD C:\ProgramData\CanonIJMIG
    2015-10-21 21:26 - 2015-10-21 21:26 - 00002079 _____ C:\Users\Public\Desktop\Canon My Image Garden.lnk
    2015-10-21 21:19 - 2015-10-21 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
    2015-10-21 21:19 - 2015-10-21 21:19 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
    2015-10-21 21:19 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLL.dll
    2015-10-21 21:19 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLU.dll
    2015-10-21 21:19 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\SysWOW64\CNC176BD.TBL
    2015-10-21 21:19 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
    2015-10-21 21:18 - 2015-10-21 21:19 - 00000000 ___HD C:\Program Files\CanonBJ
    2015-10-21 21:18 - 2015-10-21 21:18 - 00000000 ____D C:\Windows\system32\STRING
    2015-10-21 21:18 - 2012-07-31 08:48 - 00359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
    2015-10-21 21:18 - 2012-07-31 08:48 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
    2015-10-21 21:18 - 2012-07-31 08:47 - 00366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
    2015-10-21 21:15 - 2015-10-21 21:22 - 00000000 ____D C:\Program Files (x86)\Canon
    2015-10-21 21:15 - 2015-10-21 21:15 - 00000000 ___HD C:\ProgramData\CanonIJETV
    2015-10-21 20:13 - 2015-10-21 21:34 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Canon
    2015-10-21 09:07 - 2015-10-21 09:07 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-10-21 09:05 - 2015-10-23 18:03 - 00010210 _____ C:\Windows\PFRO.log
    2015-10-21 09:04 - 2015-10-24 11:20 - 00000392 _____ C:\Windows\setupact.log
    2015-10-21 09:04 - 2015-10-21 09:04 - 00000000 _____ C:\Windows\setuperr.log
    2015-10-21 09:03 - 2015-10-21 09:06 - 00352336 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-10-21 08:56 - 2015-10-21 08:56 - 00096162 _____ C:\Users\Scott\Documents\cc_20151021_085626.regbackup.reg
    2015-10-21 08:52 - 2015-10-21 08:52 - 00102496 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-10-21 08:46 - 2015-10-21 08:46 - 00024809 _____ C:\ProgramData\1445431590.bdinstall.bin
    2015-10-21 08:31 - 2015-10-21 08:31 - 00397511 _____ C:\ProgramData\1445430452.bdinstall.bin
    2015-10-21 08:31 - 2015-10-21 08:31 - 00000385 _____ C:\Windows\system32\user_gensett.xml
    2015-10-21 08:31 - 2015-10-21 08:31 - 00000385 _____ C:\Users\Scott\AppData\Roaminguser_gensett.xml
    2015-10-21 08:30 - 2015-10-21 08:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
    2015-10-21 08:30 - 2015-10-21 08:30 - 00002128 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
    2015-10-21 08:30 - 2015-10-21 08:30 - 00000684 ____H C:\bdr-cf01
    2015-10-21 08:30 - 2015-10-21 08:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2015-10-21 08:30 - 2015-10-21 08:30 - 00000000 ____D C:\ProgramData\BDLogging
    2015-10-21 08:30 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
    2015-10-21 08:29 - 2015-10-21 08:31 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bitdefender
    2015-10-21 08:29 - 2015-10-21 08:30 - 00253404 ____H C:\bdr-ld01
    2015-10-21 08:29 - 2015-10-21 08:30 - 00009216 ____H C:\bdr-ld01.mbr
    2015-10-21 08:29 - 2015-10-08 12:31 - 00270248 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
    2015-10-21 08:29 - 2015-05-29 09:50 - 00271272 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
    2015-10-21 08:29 - 2015-05-28 14:21 - 00747120 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
    2015-10-21 08:29 - 2015-05-28 13:37 - 01369288 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
    2015-10-21 08:29 - 2015-05-27 17:02 - 49626058 ____H C:\bdr-im01.gz
    2015-10-21 08:29 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
    2015-10-21 08:29 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
    2015-10-21 08:27 - 2015-10-21 09:01 - 00000000 ____D C:\ProgramData\Bitdefender
    2015-10-21 08:27 - 2015-10-21 08:27 - 00000000 ____D C:\Program Files\Bitdefender
    2015-10-21 08:27 - 2015-06-02 15:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32
     
  2. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    \Drivers\trufos.sys
    2015-10-21 08:27 - 2015-04-29 14:32 - 00160032 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
    2015-10-21 08:08 - 2015-10-21 08:08 - 00000000 ___RD C:\Users\Scott\Documents\Slides
    2015-10-20 22:26 - 2015-10-20 22:26 - 00000000 ____D C:\Users\Scott\AppData\Roaming\QuickScan
    2015-10-20 22:25 - 2015-10-21 08:27 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2015-10-20 22:17 - 2015-10-20 22:17 - 00005942 _____ C:\Users\Scott\AppData\LocalLow\wbkE18A.tmp
    2015-10-20 20:56 - 2015-10-24 11:21 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2015-10-20 20:56 - 2015-10-20 20:56 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2015-10-20 10:15 - 2015-10-21 07:26 - 00001318 _____ C:\Windows\SysWOW64\debug.log
    2015-10-20 10:14 - 2015-10-20 10:14 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
    2015-10-20 10:14 - 2015-10-20 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-10-20 10:09 - 2015-10-20 10:09 - 00000000 ____D C:\Users\Scott\AppData\Roaming\AVG
    2015-10-20 10:08 - 2015-10-20 10:08 - 00000000 ____D C:\Users\Scott\AppData\Roaming\TuneUp Software
    2015-10-20 10:04 - 2015-10-20 21:11 - 00000000 ____D C:\ProgramData\Avg
    2015-10-20 10:02 - 2015-10-20 21:11 - 00000000 ____D C:\Users\Scott\AppData\Local\Avg
    2015-10-20 10:02 - 2015-10-20 21:11 - 00000000 ____D C:\ProgramData\MFAData
    2015-10-20 10:02 - 2015-10-20 21:07 - 00000000 ____D C:\Users\Scott\AppData\Local\AvgSetupLog
    2015-10-20 10:02 - 2015-10-20 10:02 - 00000000 ____D C:\Users\Scott\AppData\Local\MFAData
    2015-10-20 10:02 - 2015-10-20 10:02 - 00000000 ____D C:\Users\Scott\AppData\Local\Avg2015
    2015-10-15 10:22 - 2015-09-18 15:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-10-15 10:22 - 2015-09-18 15:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-10-15 10:22 - 2015-09-18 15:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-10-15 10:22 - 2015-09-18 15:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-10-15 10:22 - 2015-09-18 15:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-10-15 10:22 - 2015-09-18 15:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-10-15 10:22 - 2015-09-18 15:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-10-15 04:25 - 2015-10-15 04:25 - 00000000 ____D C:\092337879e3a523d6c7d
    2015-10-14 11:33 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-10-14 11:33 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-10-14 11:33 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-10-14 11:33 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-10-14 11:32 - 2015-09-25 14:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-10-14 11:32 - 2015-09-25 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-10-14 11:32 - 2015-09-25 14:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-10-14 11:32 - 2015-09-25 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-10-14 11:32 - 2015-09-25 13:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-10-14 11:32 - 2015-09-25 13:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-10-14 11:32 - 2015-09-25 13:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-10-14 11:32 - 2015-09-25 13:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-10-14 11:32 - 2015-09-25 13:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-14 11:32 - 2015-09-18 15:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-10-14 11:32 - 2015-09-18 14:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-10-14 11:32 - 2015-09-16 00:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-10-14 11:32 - 2015-09-16 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-10-14 11:32 - 2015-09-16 00:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-10-14 11:32 - 2015-09-16 00:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-10-14 11:32 - 2015-09-16 00:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-10-14 11:32 - 2015-09-16 00:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-10-14 11:32 - 2015-09-16 00:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-10-14 11:32 - 2015-09-16 00:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-10-14 11:32 - 2015-09-16 00:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-10-14 11:32 - 2015-09-16 00:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-10-14 11:32 - 2015-09-16 00:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-10-14 11:32 - 2015-09-16 00:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-10-14 11:32 - 2015-09-16 00:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-10-14 11:32 - 2015-09-16 00:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-10-14 11:32 - 2015-09-16 00:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-10-14 11:32 - 2015-09-16 00:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-10-14 11:32 - 2015-09-16 00:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-10-14 11:32 - 2015-09-16 00:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-10-14 11:32 - 2015-09-15 23:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-10-14 11:32 - 2015-09-15 23:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-10-14 11:32 - 2015-09-15 23:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-10-14 11:32 - 2015-09-15 23:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-10-14 11:32 - 2015-09-15 23:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-10-14 11:32 - 2015-09-15 23:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-10-14 11:32 - 2015-09-15 23:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-10-14 11:32 - 2015-09-15 23:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-10-14 11:32 - 2015-09-15 23:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-10-14 11:32 - 2015-09-15 23:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-10-14 11:32 - 2015-09-15 23:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-10-14 11:32 - 2015-09-15 23:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-10-14 11:32 - 2015-09-15 23:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-10-14 11:32 - 2015-09-15 23:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-10-14 11:32 - 2015-09-15 23:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-10-14 11:32 - 2015-09-15 23:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-10-14 11:32 - 2015-09-15 23:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-10-14 11:32 - 2015-09-15 23:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-10-14 11:32 - 2015-09-15 23:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-10-14 11:32 - 2015-09-15 23:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-10-14 11:32 - 2015-09-15 23:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-10-14 11:32 - 2015-09-15 23:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-10-14 11:32 - 2015-09-15 23:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-10-14 11:32 - 2015-09-15 23:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-10-14 11:32 - 2015-09-15 23:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-10-14 11:32 - 2015-09-15 23:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-10-14 11:32 - 2015-09-15 23:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-10-14 11:32 - 2015-09-15 23:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-10-14 11:32 - 2015-09-15 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-10-14 11:32 - 2015-09-15 23:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-10-14 11:32 - 2015-09-15 23:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-10-14 11:32 - 2015-09-15 23:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-10-14 11:32 - 2015-09-15 23:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-10-14 11:32 - 2015-09-15 23:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-10-14 11:32 - 2015-09-15 22:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-10-14 11:32 - 2015-09-15 22:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-10-14 11:32 - 2015-09-15 22:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-10-14 11:32 - 2015-09-15 22:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-10-14 11:32 - 2015-09-15 22:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-10-14 11:32 - 2015-09-15 22:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-10-14 11:32 - 2015-09-15 22:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-10-14 11:32 - 2015-09-15 22:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-10-14 11:32 - 2015-09-15 22:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-10-14 11:32 - 2015-09-15 22:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-10-14 11:31 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-10-14 11:31 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-10-14 11:31 - 2015-09-28 23:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-10-14 11:31 - 2015-09-28 23:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-10-14 11:31 - 2015-09-28 23:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-10-14 11:31 - 2015-09-28 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-10-14 11:31 - 2015-09-28 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-10-14 11:31 - 2015-09-28 23:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-10-14 11:31 - 2015-09-28 23:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-10-14 11:31 - 2015-09-28 23:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-10-14 11:31 - 2015-09-28 23:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-10-14 11:31 - 2015-09-28 23:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-10-14 11:31 - 2015-09-28 23:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-10-14 11:31 - 2015-09-28 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-10-14 11:31 - 2015-09-28 22:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-10-14 11:31 - 2015-09-28 22:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-10-14 11:31 - 2015-09-28 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-10-14 11:31 - 2015-09-28 22:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-10-14 11:31 - 2015-09-28 22:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-10-14 11:31 - 2015-09-28 22:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-10-14 11:31 - 2015-09-28 22:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-10-14 11:31 - 2015-09-28 22:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-10-14 11:31 - 2015-09-28 22:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 21:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-10-14 11:31 - 2015-09-28 21:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-10-14 11:31 - 2015-09-28 21:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-10-14 11:31 - 2015-09-28 21:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-10-14 11:31 - 2015-09-28 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-10-14 11:31 - 2015-09-28 21:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 21:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 21:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 21:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-15 14:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-10-14 11:31 - 2015-09-15 14:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-10-14 11:31 - 2015-09-15 14:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-10-14 11:31 - 2015-09-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-10-14 11:31 - 2015-09-15 13:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-10-14 11:31 - 2015-09-15 13:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-10-14 11:31 - 2015-09-15 13:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-10-14 11:31 - 2015-09-15 13:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-10-14 11:30 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-10-14 11:30 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-10-14 11:30 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-10-14 11:30 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-10-14 11:30 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-10-14 11:30 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-10-14 11:30 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-10-14 11:30 - 2015-07-18 09:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-10-12 12:04 - 2015-10-12 12:04 - 00000000 ____D C:\Users\Scott\AppData\LocalLow\Avira
    2015-10-11 08:56 - 2015-10-11 08:56 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Mozilla
    2015-10-11 08:52 - 2015-10-21 07:22 - 00000000 ____D C:\Program Files (x86)\Avira
    2015-10-11 08:50 - 2015-10-11 08:50 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-10-10 17:34 - 2015-10-10 21:11 - 00000000 ____D C:\Users\Scott\Documents\Adobe
    2015-10-10 17:28 - 2015-10-21 07:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-10-10 17:24 - 2015-10-11 08:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Google
    2015-10-10 17:22 - 2015-10-21 07:45 - 00000000 ___RD C:\Users\Scott\Creative Cloud Files
    2015-10-10 17:21 - 2015-10-11 09:47 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-10-10 17:15 - 2015-10-21 07:44 - 00000000 ____D C:\ProgramData\Adobe
    2015-10-10 17:14 - 2015-10-21 07:45 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-10-10 17:12 - 2015-10-22 05:17 - 00000000 ____D C:\Users\Scott\AppData\Local\Adobe
    2015-10-10 16:57 - 2015-10-10 16:57 - 00000000 ___RD C:\Users\Scott\Documents\RocketLifeNetwork
    2015-10-10 16:57 - 2015-10-10 16:57 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Visan

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-24 11:31 - 2011-04-02 21:38 - 01218105 _____ C:\Windows\WindowsUpdate.log
    2015-10-24 11:31 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-24 11:31 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-24 11:27 - 2011-05-21 20:47 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF579200-1948-40CD-879E-208CD9C3F40D}
    2015-10-24 11:21 - 2011-10-12 11:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-24 11:20 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-24 11:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-10-24 10:44 - 2011-10-12 11:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-23 17:04 - 2011-05-10 16:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\SoftGrid Client
    2015-10-23 06:49 - 2011-04-02 21:59 - 00000000 ____D C:\ProgramData\PDFC
    2015-10-21 21:54 - 2011-06-06 18:27 - 00000000 ____D C:\Users\Scott\AppData\Local\CrashDumps
    2015-10-21 21:37 - 2009-09-11 10:25 - 00000000 ____D C:\Users\Scott\Documents\My Scans
    2015-10-21 21:19 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
    2015-10-21 09:06 - 2015-07-21 03:27 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForScott.job
    2015-10-21 09:06 - 2012-06-27 13:37 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForSCOTT-HP$.job
    2015-10-21 09:02 - 2011-05-08 12:29 - 00000000 ____D C:\Users\Scott
    2015-10-21 08:45 - 2012-10-29 11:16 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSCOTT-HP$
    2015-10-21 08:45 - 2011-05-13 15:10 - 00003258 _____ C:\Windows\System32\Tasks\{EE735459-49D2-4FAD-9105-AFB2586B55F9}
    2015-10-21 08:23 - 2015-07-21 03:27 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForScott
    2015-10-21 08:14 - 2011-05-08 16:51 - 00000000 ____D C:\ProgramData\Recovery
    2015-10-21 08:13 - 2012-04-12 09:18 - 00000000 ____D C:\Program Files (x86)\School Zone
    2015-10-21 08:09 - 2011-10-12 11:31 - 00000000 ____D C:\Program Files\Google
    2015-10-21 08:09 - 2011-10-12 11:31 - 00000000 ____D C:\Program Files (x86)\Google
    2015-10-21 08:06 - 2012-10-19 12:02 - 00000000 ____D C:\Program Files\iTunes
    2015-10-21 08:05 - 2012-10-19 12:02 - 00000000 ____D C:\Program Files\iPod
    2015-10-21 08:05 - 2012-10-19 12:02 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-10-21 08:02 - 2011-10-12 11:31 - 00000000 ____D C:\Users\Scott\AppData\Local\Google
    2015-10-21 08:01 - 2012-07-05 17:27 - 00000000 ____D C:\Windows\en
    2015-10-21 07:57 - 2011-04-02 21:38 - 00000000 ____D C:\ProgramData\Hewlett-Packard
    2015-10-21 07:57 - 2011-04-02 21:37 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2015-10-21 07:53 - 2011-10-14 11:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2015-10-21 07:50 - 2011-06-19 22:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2015-10-21 07:45 - 2011-05-09 11:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe
    2015-10-21 07:37 - 2011-11-20 18:54 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2015-10-21 07:35 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-10-21 07:35 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-10-21 07:34 - 2011-06-08 14:05 - 00000000 ____D C:\Users\Scott\AppData\Local\Unity
    2015-10-21 07:30 - 2011-04-02 21:59 - 00000000 ____D C:\ProgramData\Symantec
    2015-10-21 07:29 - 2011-08-13 12:37 - 00000000 ____D C:\Program Files (x86)\LeapFrog
    2015-10-21 07:29 - 2011-04-02 22:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
    2015-10-20 22:04 - 2012-07-11 18:27 - 00000000 ____D C:\Windows\Minidump
    2015-10-20 21:40 - 2012-11-21 08:03 - 00001945 _____ C:\Windows\epplauncher.mif
    2015-10-20 21:11 - 2015-06-10 03:34 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-10-16 03:48 - 2014-12-11 04:21 - 00000000 ____D C:\Windows\system32\appraiser
    2015-10-16 03:48 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-10-16 03:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-10-15 04:25 - 2013-08-24 03:01 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-15 04:25 - 2011-05-08 13:18 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-11 09:39 - 2009-07-14 03:45 - 00000000 ____D C:\Windows\ShellNew
    2015-10-10 21:54 - 2011-05-09 11:48 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2015-10-10 21:41 - 2011-04-02 22:11 - 00000000 ____D C:\ProgramData\Norton
    2015-10-10 21:34 - 2015-07-31 04:57 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2015-10-10 17:02 - 2014-04-21 08:39 - 00021134 _____ C:\Windows\SysWOW64\TEST.log
    2015-10-09 13:04 - 2011-05-09 11:38 - 00000000 ___DC C:\Users\Scott\AppData\Local\MigWiz
    2015-10-09 13:04 - 2009-07-24 15:22 - 00000000 ____D C:\Windows\Panther
    2015-10-08 16:49 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
    2015-10-08 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-10-06 05:44 - 2009-08-29 14:14 - 00000000 ____D C:\BOOKKEEPER BACKUP
    2015-09-24 11:15 - 2009-08-29 14:15 - 00813568 ___SH C:\Users\Scott\Documents\Thumbs.db

    ==================== Files in the root of some directories =======

    2015-10-21 08:31 - 2015-10-21 08:31 - 0397511 _____ () C:\ProgramData\1445430452.bdinstall.bin
    2015-10-21 08:46 - 2015-10-21 08:46 - 0024809 _____ () C:\ProgramData\1445431590.bdinstall.bin
    2011-05-10 13:56 - 2013-12-17 21:28 - 0002253 _____ () C:\ProgramData\hpzinstall.log

    Some files in TEMP:
    ====================
    C:\Users\Scott\AppData\Local\Temp\avg-6f3cf779-34f4-4600-ba03-5e432a27a90a.exe
    C:\Users\Scott\AppData\Local\Temp\MSETUP4.EXE
    C:\Users\Scott\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\Scott\AppData\Local\Temp\uninstall.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-21 12:43

    ==================== End of FRST.txt ============================
     
  3. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-10-2015
    Ran by Scott (2015-10-24 11:34:44)
    Running from C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2KCE6TD
    Windows 7 Home Premium Service Pack 1 (X64) (2011-05-08 16:29:38)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1500130686-4110971754-1691798755-500 - Administrator - Disabled)
    Guest (S-1-5-21-1500130686-4110971754-1691798755-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-1500130686-4110971754-1691798755-1002 - Limited - Enabled)
    Scott (S-1-5-21-1500130686-4110971754-1691798755-1000 - Administrator - Enabled) => C:\Users\Scott

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
    AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.33 - Avanquest Software)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.19.1099 - Bitdefender)
    Bitdefender Internet Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.20.1143 - Bitdefender)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bookkeeper (HKLM-x32\...\{7FBAE9CB-00F7-4893-A6E0-760AEC273897}) (Version: 11.0.0.0 - Avanquest North America Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    C309a (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
    Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
    ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fax (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Hallmark Card Studio 2010 Deluxe (HKLM-x32\...\{601BE80D-247B-4084-94C7-7A54369DB7A2}) (Version: 11.0.0.30 - Creative Home)
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Photosmart C309a All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{A9B54408-EF50-4821-B8A2-F597A657112A}) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PS_AIO_05_C309_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
    UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2015-10-24 11:21 - 00000954 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {3F7F7E92-C58B-4ECD-B5D5-D5776821025B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {43C296C4-ECBE-48DD-BED0-C548FAA9CD58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {6C72CED1-FC55-4C80-AC75-F634F3500176} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {6E3DA7E5-7576-4E3D-8421-380ED3DBEDA3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
    Task: {74930BE7-0227-41BD-8A1E-328C9353D875} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {8D7476BD-4299-4FDA-AB6B-5F45AC7940BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
    Task: {9A9E932F-C59B-4022-A791-3B50778864B0} - System32\Tasks\HPCeeScheduleForScott => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {9F12D2E0-039F-45F9-8940-A0D647F91E6A} - \Iledroipsouik -> No File <==== ATTENTION
    Task: {A4539E25-565B-44DF-BED1-74D03A014F34} - \PROPCCleanerSoftware_Popup -> No File <==== ATTENTION
    Task: {A5A7E200-3A80-4977-A635-23C192A6C94F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {B9AB5F79-4611-440A-BD7D-8C2813159990} - System32\Tasks\{EE735459-49D2-4FAD-9105-AFB2586B55F9} => pcalua.exe -a "C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXD767E4\file[1].exe" -d C:\Users\Scott\Desktop
    Task: {C61FA338-EF84-4FA4-9CEF-A1FBDF39FEFD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {D134D1B0-D3B9-41F9-89DD-A0EAF32A03D4} - \PROPCCleanerSoftware_Start -> No File <==== ATTENTION
    Task: {D4A3AA61-225E-49F0-B871-7262AFBD3959} - System32\Tasks\HPCeeScheduleForSCOTT-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {EC019AF6-A248-436A-806D-AA766A96AA2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {F64281E5-B473-469F-9D19-437B59C37537} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2015-07-27] (Symantec Corporation)
    Task: {F76B6493-73FB-4A26-857D-3FAED0800F7E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForSCOTT-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForScott.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-21 08:29 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
    2015-10-21 08:29 - 2015-09-04 17:39 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
    2015-10-21 08:29 - 2015-09-04 17:39 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
    2015-10-21 08:29 - 2015-09-04 17:39 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
    2015-10-21 08:29 - 2015-09-04 17:39 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\123simsen.com -> www.123simsen.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\123topsearch.com -> www.123topsearch.com

    There are 5776 more restricted sites.

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{0FE2429B-69F3-4BCC-819A-3A89700686F9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{0DEA65B2-4ED8-48D5-B730-418A004F1CBA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
    FirewallRules: [{7B04CA62-690A-40C1-BBEA-E712B64110BC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
    FirewallRules: [{23C12F7F-B687-4BEF-8B11-ABC606806578}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
    FirewallRules: [{2965F148-E0DC-44F6-9C11-FA88F6FE6061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{FC6AD014-F130-40B1-B5F2-A2D68FB055C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{5AA09B1C-FE86-4881-82E4-DAEE24E6FB51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{9CA9C79A-A87D-4A22-B6C7-A621FE299402}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{FA03571F-EBC5-4475-8F62-07A9B0EAF2C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{2DC84114-81F4-4A0B-A611-393B17935490}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{F3C5F75D-8BC6-4934-AE00-496D7A6F63B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{CB7592CD-15C4-4CD1-BB64-B748C7A1BBD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{E981130F-868D-45EB-BC86-97D536F0A759}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{58685E22-1D4A-44B4-AF5C-095877190BE3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{781D2165-182D-4269-B382-90F90427B58A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{AA39E120-FA6F-407A-AC16-39CFC7ABBB0A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{6181EB7A-D0AE-44BD-B874-91CB2506A2D0}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{69B0A38E-2051-46AF-AA38-F8D25B177127}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{93827F41-4FAD-4470-94B4-5ACE0EA03488}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{ABD8A6A0-54EF-4C03-A3FB-DD76A5AE09E2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{8608C9E9-637C-4994-AD59-D848AEE69F1C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{13381E36-0737-4FFE-A323-406FEA8C4191}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{FE7D4DB4-AD95-4F0A-999F-9AF4D91670CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{CDF834C3-A7A8-4FEB-86D2-EC939A0263F5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{C06C903F-FBD9-4544-8434-187E5C64003F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{A3842A20-E0D7-4A3E-A0E3-222C7A4EEEEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{953CDAD0-F52F-4C55-AAC2-01C3E4CEB126}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{34F7F62F-73F8-43B8-A798-A4DCC4CA597B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{4601F3AE-44AF-4072-8C3E-D04AC9D7E5ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/23/2015 05:39:47 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/23/2015 05:39:46 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/23/2015 05:39:46 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/23/2015 05:39:46 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/23/2015 05:39:46 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/22/2015 02:12:06 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AitStatic.exe, version: 10.0.10004.0, time stamp: 0x54c65a8b
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.19018, time stamp: 0x560a0094
    Exception code: 0xc000000d
    Fault offset: 0x000000000000b3dd
    Faulting process id: 0x1f04
    Faulting application start time: 0xAitStatic.exe0
    Faulting application path: AitStatic.exe1
    Faulting module path: AitStatic.exe2
    Report Id: AitStatic.exe3

    Error: (10/22/2015 01:43:42 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (10/21/2015 10:16:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program bookkeeper.exe version 11.0.0.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1510

    Start Time: 01d10c6cf5dd3028

    Termination Time: 20

    Application Path: C:\Program Files (x86)\MySoftware\Bookkeeper\bookkeeper.exe

    Report Id:

    Error: (10/21/2015 09:54:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: bookkeeper.exe, version: 11.0.0.5, time stamp: 0x49a4deac
    Faulting module name: PBVM110.dll, version: 11.2.0.8739, time stamp: 0x49a4e10f
    Exception code: 0xc0000005
    Fault offset: 0x00160f04
    Faulting process id: 0x12d8
    Faulting application start time: 0xbookkeeper.exe0
    Faulting application path: bookkeeper.exe1
    Faulting module path: bookkeeper.exe2
    Report Id: bookkeeper.exe3

    Error: (10/21/2015 08:21:10 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    System errors:
    =============
    Error: (10/24/2015 11:22:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

    Error: (10/24/2015 11:21:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (10/24/2015 11:20:16 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:17:35 AM on ‎10/‎24/‎2015 was unexpected.

    Error: (10/24/2015 11:17:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Application Experience service failed to start due to the following error:
    %%1053

    Error: (10/24/2015 11:17:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

    Error: (10/24/2015 11:17:33 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

    Error: (10/24/2015 11:17:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Application Experience service failed to start due to the following error:
    %%1053

    Error: (10/24/2015 11:17:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

    Error: (10/24/2015 11:16:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Application Experience service failed to start due to the following error:
    %%1053

    Error: (10/24/2015 11:16:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) II X4 640 Processor
    Percentage of memory in use: 51%
    Total physical RAM: 5887.29 MB
    Available physical RAM: 2853.01 MB
    Total Virtual: 11772.78 MB
    Available Virtual: 8542.16 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:918.52 GB) (Free:739.14 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.51 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 2EC37612)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=918.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  4. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    I am having many problems with my computer- My internet connection drops and when I try to go on internet it takes a couple mins before my home screen will even come up. I have found many things running in task manager that don't seem right (but I really am not sure what to do) I don't want to stop them if they are something I need. I have run different adware programs and I have deleted most of them but Malware and Bitdefender. I am not sure if I can have these two running at same time? My computer is running extremely slow! Any help is GREATLY appreciated! Thank you in advance!
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    [​IMG] FRST reports:
    Did you disable system restore for whatever reason?

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  6. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    I disabled the system restore because my crazy friend that has no idea what they are doing told me too because the virus could be on that?!?! I really don't know I just tried it but I am so thankful you are helping me! I will update you as soon as I do the above steps! Thank you again!!
     
  7. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    RogueKiller V10.11.2.0 [Oct 20 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Scott [Administrator]
    Started from : C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6788LR4T\RogueKiller.exe
    Mode : Delete -- Date : 10/24/2015 21:44:21

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 8 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\MRI_DISABLED | {EF99BD32-C1FB-11D2-892F-0090271D4F88} : C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://srch-us10.hpwis.com/ -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://srch-us10.hpwis.com/ -> Not selected
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Bar : http://srch-us10.hpwis.com/ -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://srch-us10.hpwis.com/ -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://srch-us10.hpwis.com/ -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://srch-us10.hpwis.com/ -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://srch-us10.hpwis.com/ -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Not selected

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST310005 28AS SATA Disk Device +++++
    --- User ---
    [MBR] 0d4bd00befdc4b65951771f22eacf7a0
    [BSP] db1ff44735807851c9acc08066f63c2a : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 940560 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1926473728 | Size: 13207 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: HP Photosmart C309a USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  8. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/24/2015
    Scan Time: 9:49 PM
    Logfile: scan log.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.10.24.07
    Rootkit Database: v2015.10.23.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Scott

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 377402
    Time Elapsed: 28 min, 11 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.eShield, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.eshield.extension_host, Quarantined, [07c082d8b7d450e6c76d12a831d27e82],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-enable system restore.
    We'll clean restore points if necessary.
     
  10. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    # AdwCleaner v5.014 - Logfile created 24/10/2015 at 22:38:23
    # Updated 18/10/2015 by Xplode
    # Database : 2015-10-18.5 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Scott - SCOTT-HP
    # Running from : C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J1D4ZELB\adwcleaner_5.014.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\SearchProtect
    [-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
    [-] Folder Deleted : C:\Users\Scott\AppData\Local\SwvUpdater
    [-] Folder Deleted : C:\Users\Scott\AppData\LocalLow\Conduit
    [-] Folder Deleted : C:\Users\Scott\AppData\LocalLow\HPAppData
    [-] Folder Deleted : C:\Users\Scott\AppData\LocalLow\Toolbar4
    [-] Folder Deleted : C:\Users\Scott\AppData\Roaming\Strongvault
    [-] Folder Deleted : C:\Users\Scott\AppData\Roaming\Yahoo!\Companion

    ***** [ Files ] *****

    [-] File Deleted : C:\END
    [-] File Deleted : C:\Windows\Reimage.ini

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
    [!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    [!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    [!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    [!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    [-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
    [-] Key Deleted : HKCU\Software\Reimage
    [-] Key Deleted : HKCU\Software\Avg Secure Update
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\BetterSurf Plus V1
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [!] Key Not Deleted : [x64] HKCU\Software\Reimage
    [!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update
    [!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
    [!] Key Not Deleted : [x64] HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
    [!] Key Not Deleted : HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\AppDataLow\Software\Conduit
    [!] Key Not Deleted : HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\AppDataLow\Software\Yahoo\Companion
    [!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F8000CD-1FCD-4335-9B32-1015CC6CE2F7}
    [!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    [!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    [!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F8000CD-1FCD-4335-9B32-1015CC6CE2F7}
    [!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [!] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    [!] Key Not Deleted : HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    [!] Key Not Deleted : HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4F8000CD-1FCD-4335-9B32-1015CC6CE2F7}
    [!] Key Not Deleted : HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

    ***** [ Web browsers ] *****

    [-] [C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
    [-] [C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : klibnahbojhkanfgaglnlalfkgpcppfi

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15032 bytes] ##########
     
  11. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.4 (09.28.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Scott on Sat 10/24/2015 at 22:45:06.12
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8D1223B9-9E7B-44C1-92C0-5D0DDDA38686}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



    ~~~ Files

    Successfully deleted: [File] C:\ProgramData\1445430452.bdinstall.bin
    Successfully deleted: [File] C:\ProgramData\1445431590.bdinstall.bin



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{040D45B1-4F8D-449D-A93A-7EDB1253726A}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{08F33C25-3F54-4CFD-9944-CF2E935ADEE8}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{0BFAA59D-4443-4352-A461-98C0C0886ADF}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{14F2263B-4F24-4267-92BC-0896F54433F0}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{1E609D09-70C2-49FC-B0EF-F353FC623EFA}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{277D1B4A-A804-4C7F-BF04-69041D922A41}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{3275A86E-335D-45B9-900E-667168DB4793}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{35ABBB6C-636F-4E43-94FE-7C52CC4E5694}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{3E91B663-5463-43BD-8D5F-282C42462E62}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{416B2BAF-4D63-4F83-BC76-7FDE268DC681}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{555582F2-22D3-4AFE-A20C-0969BE4B285D}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{5A4624B3-88E1-4EC9-8058-A7EDBF95610A}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{5C08ECD7-62BE-42BD-A12F-79DC028D4972}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{5DD2FAAF-BDD7-4426-9CEE-A84F7DB12D63}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{71A8D12C-2666-4548-A044-9679D9723016}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{83F1895E-D500-4AC9-A0C9-87239EEAEDFF}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{8EAFF3E4-5180-4150-932A-011159D8EC8C}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{98D91B24-F297-45EA-A7EE-954087051BA4}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{A3699686-51D2-4735-96CC-2620B4BB3269}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{B0C987CE-C0CA-449A-8576-E9C74F4DF3CB}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{B2B4A6A6-E2C2-4F67-ABEA-16E5908E5856}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{B3071B01-286F-4C84-8181-C0E2BF2F123B}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{B683ECD4-4A4E-448E-ADFD-56B68D233F8A}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{BAC0C842-FE74-4900-9EFA-2B93AD95FC7A}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{BE8E1A84-3678-49E3-A49C-3200F9EB9D3B}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{BFE07378-8E8E-4CD6-BF5E-E1784E550B79}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{CABB6C79-1536-44F3-9CA6-1A206A6CE6F6}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{DA37BFEF-60E2-4817-B07F-914C61DFAFCE}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{E0834EAA-BA2F-41EA-A9F8-B7DC29FB068B}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{E2B8518E-9C6B-4240-BA83-5733025D6A80}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{E6E67A1A-DED5-4FB5-A41D-31D9C0C91CC7}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{E918DB88-0D8B-42E7-8413-DC3E5D1E5D9A}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{E9BF84D3-FF09-4E12-9BC9-CCE05F71DA39}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{F3919FB2-04EA-4193-ADF9-5144FC492A87}
    Successfully deleted: [Empty Folder] C:\Users\Scott\Appdata\Local\{FD7D1DFE-A54E-4CF1-A19C-7753CDBFE953}
    Successfully deleted: [Folder] C:\ai_recyclebin
    Successfully deleted: [Folder] C:\ProgramData\strongvault online backup
    Successfully deleted: [Folder] C:\Users\Scott\Appdata\Local\strongvault online backup
    Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin



    ~~~ Chrome


    [C:\Users\Scott\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\Scott\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\Scott\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\Scott\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 10/24/2015 at 22:51:32.87
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  12. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    I have the little pop up you get when you are downloading something and it says Do I want to open or save dvtp_src.js from cdn.doubleverify.com
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    That's part of the infection.
    What browser do you use?

    Did you re-enable system restore?

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    I went to re-enable system restore but it was already done?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK.
     
  16. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    I use Internet Explorer
     
  17. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    ComboFix 15-10-23.01 - Scott 10/24/2015 23:41:14.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4230 [GMT -4:00]
    Running from: c:\users\Scott\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
    FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
    SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1445741490.bdinstall.bin
    c:\users\Scott\Documents\~WRD1750.tmp
    c:\users\Scott\Documents\~WRL0002.tmp
    c:\users\Scott\Documents\~WRL0048.tmp
    c:\users\Scott\Documents\~WRL3572.tmp
    c:\users\Scott\WINDOWS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-09-25 to 2015-10-25 )))))))))))))))))))))))))))))))
    .
    .
    2015-10-25 03:48 . 2015-10-25 03:48 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-10-25 02:36 . 2015-10-25 02:38 -------- d-----w- C:\AdwCleaner
    2015-10-25 01:49 . 2015-10-25 03:37 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-10-25 01:48 . 2015-10-05 13:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-10-25 01:48 . 2015-10-05 13:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-10-25 01:48 . 2015-10-05 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-10-25 01:48 . 2015-10-25 01:48 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-10-25 01:36 . 2015-10-25 01:36 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-10-25 01:36 . 2015-10-25 01:49 -------- d-----w- c:\programdata\RogueKiller
    2015-10-24 15:48 . 2015-10-24 15:48 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-10-24 15:47 . 2015-10-24 15:47 -------- d-----w- c:\users\Scott\.oracle_jre_usage
    2015-10-24 15:47 . 2015-10-24 15:47 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-10-24 15:47 . 2015-10-24 15:48 -------- d-----w- c:\programdata\Oracle
    2015-10-24 15:47 . 2015-10-24 15:47 -------- d-----w- c:\program files (x86)\Java
    2015-10-24 15:33 . 2015-10-24 15:35 -------- d-----w- C:\FRST
    2015-10-22 09:18 . 2015-10-22 09:18 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-10-22 09:18 . 2015-10-22 09:18 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-10-22 01:34 . 2015-10-22 01:35 -------- d--h--w- c:\programdata\CanonIJScan
    2015-10-22 01:27 . 2015-10-22 01:30 -------- d--h--w- c:\programdata\CanonIJMIG
    2015-10-22 01:19 . 2015-10-22 01:19 -------- d-----w- c:\programdata\Canon IJ Network Tool
    2015-10-22 01:19 . 2008-08-25 22:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
    2015-10-22 01:19 . 2012-09-21 13:33 321024 ----a-w- c:\windows\SysWow64\CNC_BLL.dll
    2015-10-22 01:19 . 2012-05-25 13:21 103936 ----a-w- c:\windows\SysWow64\CNC_BLU.dll
    2015-10-22 01:18 . 2015-10-22 01:19 -------- d--h--w- c:\program files\CanonBJ
    2015-10-22 01:18 . 2015-10-22 01:18 -------- d-----w- c:\windows\system32\STRING
    2015-10-22 01:18 . 2012-07-31 12:48 39424 ----a-w- c:\windows\system32\CNMN6UI.DLL
    2015-10-22 01:18 . 2012-07-31 12:48 359936 ----a-w- c:\windows\system32\CNMN6PPM.DLL
    2015-10-22 01:18 . 2012-07-31 12:47 366592 ----a-w- c:\windows\SysWow64\CNMNPPM.DLL
    2015-10-22 01:15 . 2015-10-22 01:15 -------- d--h--w- c:\programdata\CanonIJETV
    2015-10-22 01:15 . 2015-10-22 01:22 -------- d-----w- c:\program files (x86)\Canon
    2015-10-22 00:13 . 2015-10-22 01:34 -------- d-----w- c:\users\Scott\AppData\Roaming\Canon
    2015-10-21 12:30 . 2015-10-21 12:30 -------- d-----w- c:\programdata\BDLogging
    2015-10-21 12:30 . 2007-04-11 15:11 511328 ----a-w- c:\windows\capicom.dll
    2015-10-21 12:29 . 2012-04-17 18:34 76944 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
    2015-10-21 12:29 . 2015-05-29 13:50 271272 ----a-w- c:\windows\system32\drivers\avchv.sys
    2015-10-21 12:29 . 2015-05-28 18:21 747120 ----a-w- c:\windows\system32\drivers\avckf.sys
    2015-10-21 12:29 . 2015-05-28 17:37 1369288 ----a-w- c:\windows\system32\drivers\avc3.sys
    2015-10-21 12:29 . 2015-10-08 16:31 270248 ----a-w- c:\windows\system32\drivers\ignis.sys
    2015-10-21 12:29 . 2015-10-21 12:31 -------- d-----w- c:\users\Scott\AppData\Roaming\Bitdefender
    2015-10-21 12:29 . 2013-08-13 17:38 3271472 ---ha-w- C:\bdr-bz01
    2015-10-21 12:27 . 2015-10-21 13:01 -------- d-----w- c:\programdata\Bitdefender
    2015-10-21 12:27 . 2015-10-21 12:27 -------- d-----w- c:\program files\Bitdefender
    2015-10-21 12:27 . 2015-06-02 19:21 477272 ----a-w- c:\windows\system32\drivers\trufos.sys
    2015-10-21 12:27 . 2015-04-29 18:32 160032 ----a-w- c:\windows\system32\drivers\gzflt.sys
    2015-10-21 11:24 . 2015-10-20 08:33 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26C2AD88-0565-4050-912F-BE6659DA2F43}\mpengine.dll
    2015-10-21 02:26 . 2015-10-21 02:26 -------- d-----w- c:\users\Scott\AppData\Roaming\QuickScan
    2015-10-21 02:25 . 2015-10-21 12:27 -------- d-----w- c:\program files\Common Files\Bitdefender
    2015-10-21 00:56 . 2015-10-25 02:51 -------- d-----w- c:\program files\Bitdefender Agent
    2015-10-21 00:56 . 2015-10-21 00:56 -------- d-----w- c:\programdata\Bitdefender Agent
    2015-10-20 14:09 . 2015-10-20 14:09 -------- d-----w- c:\users\Scott\AppData\Roaming\AVG
    2015-10-20 14:08 . 2015-10-20 14:08 -------- d-----w- c:\users\Scott\AppData\Roaming\TuneUp Software
    2015-10-20 14:04 . 2015-10-21 01:11 -------- d-----w- c:\programdata\Avg
    2015-10-20 14:02 . 2015-10-21 01:11 -------- d-----w- c:\users\Scott\AppData\Local\Avg
    2015-10-20 14:02 . 2015-10-21 01:11 -------- d-----w- c:\programdata\MFAData
    2015-10-20 14:02 . 2015-10-20 14:02 -------- d--h--w- c:\programdata\Common Files
    2015-10-20 14:02 . 2015-10-20 14:02 -------- d-----w- c:\users\Scott\AppData\Local\MFAData
    2015-10-15 14:22 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
    2015-10-15 14:22 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
    2015-10-15 14:22 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
    2015-10-15 14:22 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
    2015-10-15 14:22 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
    2015-10-15 14:22 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
    2015-10-15 14:22 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
    2015-10-15 08:25 . 2015-10-15 08:25 -------- d-----w- C:\092337879e3a523d6c7d
    2015-10-14 15:33 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
    2015-10-14 15:33 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2015-10-14 15:33 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
    2015-10-14 15:33 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
    2015-10-14 15:33 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
    2015-10-14 15:33 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
    2015-10-14 15:33 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
    2015-10-14 15:33 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
    2015-10-14 15:33 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
    2015-10-14 15:33 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
    2015-10-14 15:31 . 2015-09-29 03:16 5569472 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-10-14 15:30 . 2015-10-01 18:00 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
    2015-10-11 12:52 . 2015-10-21 11:22 -------- d-----w- c:\program files (x86)\Avira
    2015-10-11 12:50 . 2015-10-11 12:50 -------- d-----w- c:\programdata\Malwarebytes
    2015-10-10 21:28 . 2015-10-21 11:43 -------- d-----w- c:\program files\Common Files\Adobe
    2015-10-10 21:22 . 2015-10-21 11:45 -------- d-----r- c:\users\Scott\Creative Cloud Files
    2015-10-10 21:21 . 2015-10-11 13:47 -------- d-----w- c:\programdata\boost_interprocess
    2015-10-10 21:14 . 2015-10-21 11:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2015-10-10 21:12 . 2015-10-22 09:17 -------- d-----w- c:\users\Scott\AppData\Local\Adobe
    2015-10-10 20:57 . 2015-10-10 20:57 -------- d-----w- c:\users\Scott\AppData\Roaming\Visan
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-10-15 08:25 . 2011-05-08 17:18 143481208 ----a-w- c:\windows\system32\MRT.exe
    2015-09-29 02:58 . 2015-10-14 15:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-09-02 03:04 . 2015-09-09 00:44 41984 ----a-w- c:\windows\system32\lpk.dll
    2015-09-02 03:04 . 2015-09-09 00:44 100864 ----a-w- c:\windows\system32\fontsub.dll
    2015-09-02 03:04 . 2015-09-09 00:44 14336 ----a-w- c:\windows\system32\dciman32.dll
    2015-09-02 03:04 . 2015-09-09 00:44 46080 ----a-w- c:\windows\system32\atmlib.dll
    2015-09-02 02:48 . 2015-09-09 00:44 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2015-09-02 02:48 . 2015-09-09 00:44 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2015-09-02 02:48 . 2015-09-09 00:44 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-09-02 02:47 . 2015-09-09 00:44 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2015-09-02 01:51 . 2015-09-09 00:44 3209216 ----a-w- c:\windows\system32\win32k.sys
    2015-09-02 01:47 . 2015-09-09 00:44 372736 ----a-w- c:\windows\system32\atmfd.dll
    2015-09-02 01:33 . 2015-09-09 00:44 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-08-27 18:18 . 2015-09-09 00:44 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2015-08-27 18:18 . 2015-09-09 00:44 1887232 ----a-w- c:\windows\system32\msxml3.dll
    2015-08-27 18:13 . 2015-09-09 00:44 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2015-08-27 18:13 . 2015-09-09 00:44 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-08-27 17:58 . 2015-09-09 00:44 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
    2015-08-27 17:58 . 2015-09-09 00:44 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
    2015-08-27 17:51 . 2015-09-09 00:44 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
    2015-08-27 17:51 . 2015-09-09 00:44 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2015-08-05 17:56 . 2015-09-09 00:46 1110016 ----a-w- c:\windows\system32\schedsvc.dll
    2015-08-05 17:56 . 2015-09-09 00:46 24576 ----a-w- c:\windows\system32\jnwmon.dll
    2015-08-05 17:56 . 2015-09-09 00:46 275456 ----a-w- c:\windows\system32\InkEd.dll
    2015-08-05 17:40 . 2015-09-09 00:46 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
    2015-07-30 18:06 . 2015-08-13 19:41 1648128 ----a-w- c:\windows\system32\DWrite.dll
    2015-07-30 18:06 . 2015-08-13 19:41 1180160 ----a-w- c:\windows\system32\FntCache.dll
    2015-07-30 18:06 . 2015-08-13 19:41 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2015-07-30 17:57 . 2015-08-13 19:41 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
    2015-07-30 17:57 . 2015-08-13 19:41 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2015-07-30 13:13 . 2015-08-14 07:17 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-30 13:13 . 2015-08-14 07:17 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2016\bdwtxag.exe" [2015-10-13 1416096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-08-31 452272]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 21:50 54576 ----a-w- c:\program files (x86)\Hp\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2008-07-22 22:33 150528 ----a-w- c:\program files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
    2010-09-28 15:09 664600 ----a-w- c:\program files (x86)\PDF Complete\pdfsty.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2010-05-12 04:44 102400 ----a-w- c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    R2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    R2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    R3 cpuz134;cpuz134;c:\users\Scott\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Scott\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    R4 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
    S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
    S0 ignis;ignis Service;c:\windows\system32\DRIVERS\ignis.sys;c:\windows\SYSNATIVE\DRIVERS\ignis.sys [x]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
    S2 ProductAgentService;Product Agent Service;c:\program files\Bitdefender Agent\ProductAgentService.exe;c:\program files\Bitdefender Agent\ProductAgentService.exe [x]
    S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2016\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2016\updatesrv.exe [x]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
    S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-10-24 15:43 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 09:32]
    .
    2015-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 09:32]
    .
    2015-10-21 c:\windows\Tasks\HPCeeScheduleForSCOTT-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
    .
    2015-10-21 c:\windows\Tasks\HPCeeScheduleForScott.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Bdagent"="c:\program files\Bitdefender\Bitdefender 2016\bdagent.exe" [2015-10-20 1688552]
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://74.95.137.254:88/webrec.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
    MSConfigStartUp-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    MSConfigStartUp-iTunesHelper - c:\program files (x86)\iTunes\iTunesHelper.exe
    MSConfigStartUp-Monitor - c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    MSConfigStartUp-Norton Online Backup - c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    MSConfigStartUp-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe
    MSConfigStartUp-SMessaging - c:\users\Scott\AppData\Local\Strongvault Online Backup\SMessaging.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.19"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-10-24 23:50:50
    ComboFix-quarantined-files.txt 2015-10-25 03:50
    .
    Pre-Run: 791,701,016,576 bytes free
    Post-Run: 791,794,307,072 bytes free
    .
    - - End Of File - - 95957E4001F660BD45DDF729FD5E6837
    ACAF8519868A42F9524C3D276BE70B51
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  19. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
    Ran by Scott (2015-10-26 05:43:58)
    Running from C:\Users\Scott\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-05-08 16:29:38)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1500130686-4110971754-1691798755-500 - Administrator - Disabled)
    Guest (S-1-5-21-1500130686-4110971754-1691798755-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-1500130686-4110971754-1691798755-1002 - Limited - Enabled)
    Scott (S-1-5-21-1500130686-4110971754-1691798755-1000 - Administrator - Enabled) => C:\Users\Scott

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
    AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.33 - Avanquest Software)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.19.1099 - Bitdefender)
    Bitdefender Internet Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.20.1143 - Bitdefender)
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bookkeeper (HKLM-x32\...\{7FBAE9CB-00F7-4893-A6E0-760AEC273897}) (Version: 11.0.0.0 - Avanquest North America Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    C309a (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
    Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
    ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fax (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Hallmark Card Studio 2010 Deluxe (HKLM-x32\...\{601BE80D-247B-4084-94C7-7A54369DB7A2}) (Version: 11.0.0.30 - Creative Home)
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Photosmart C309a All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{A9B54408-EF50-4821-B8A2-F597A657112A}) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
    Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PS_AIO_05_C309_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
    UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    24-10-2015 12:08:26 OTL Restore Point - 10/24/2015 12:08:26 PM
    24-10-2015 22:45:11 JRT Pre-Junkware Removal

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2015-10-26 05:35 - 00000031 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {3F7F7E92-C58B-4ECD-B5D5-D5776821025B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {43C296C4-ECBE-48DD-BED0-C548FAA9CD58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {6C72CED1-FC55-4C80-AC75-F634F3500176} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
    Task: {6E3DA7E5-7576-4E3D-8421-380ED3DBEDA3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
    Task: {74930BE7-0227-41BD-8A1E-328C9353D875} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
    Task: {8D7476BD-4299-4FDA-AB6B-5F45AC7940BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
    Task: {9A9E932F-C59B-4022-A791-3B50778864B0} - System32\Tasks\HPCeeScheduleForScott => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {9F12D2E0-039F-45F9-8940-A0D647F91E6A} - \Iledroipsouik -> No File <==== ATTENTION
    Task: {A4539E25-565B-44DF-BED1-74D03A014F34} - \PROPCCleanerSoftware_Popup -> No File <==== ATTENTION
    Task: {A5A7E200-3A80-4977-A635-23C192A6C94F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
    Task: {B9AB5F79-4611-440A-BD7D-8C2813159990} - System32\Tasks\{EE735459-49D2-4FAD-9105-AFB2586B55F9} => pcalua.exe -a "C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXD767E4\file[1].exe" -d C:\Users\Scott\Desktop
    Task: {C61FA338-EF84-4FA4-9CEF-A1FBDF39FEFD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {D134D1B0-D3B9-41F9-89DD-A0EAF32A03D4} - \PROPCCleanerSoftware_Start -> No File <==== ATTENTION
    Task: {D4A3AA61-225E-49F0-B871-7262AFBD3959} - System32\Tasks\HPCeeScheduleForSCOTT-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {EC019AF6-A248-436A-806D-AA766A96AA2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {F64281E5-B473-469F-9D19-437B59C37537} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2015-07-27] (Symantec Corporation)
    Task: {F76B6493-73FB-4A26-857D-3FAED0800F7E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForSCOTT-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForScott.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-21 08:29 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
    2015-10-21 08:29 - 2015-09-04 17:39 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpbr.mdl
    2015-10-21 08:29 - 2015-09-04 17:39 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpdsp.mdl
    2015-10-21 08:29 - 2015-09-04 17:39 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttpph.mdl
    2015-10-21 08:29 - 2015-09-04 17:39 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_001_001\ashttprbl.mdl

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Scott\Desktop\ComboFix.exe:BDU
    AlternateDataStreams: C:\Users\Scott\Desktop\FRST64.exe:BDU
    AlternateDataStreams: C:\Users\Scott\Downloads\OTL.exe:BDU

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\123simsen.com -> www.123simsen.com
    IE restricted site: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\123topsearch.com -> www.123topsearch.com

    There are 5774 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    MSCONFIG\startupreg: NCPluginUpdater => "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{0FE2429B-69F3-4BCC-819A-3A89700686F9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{0DEA65B2-4ED8-48D5-B730-418A004F1CBA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
    FirewallRules: [{7B04CA62-690A-40C1-BBEA-E712B64110BC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
    FirewallRules: [{23C12F7F-B687-4BEF-8B11-ABC606806578}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
    FirewallRules: [{2965F148-E0DC-44F6-9C11-FA88F6FE6061}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{FC6AD014-F130-40B1-B5F2-A2D68FB055C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
    FirewallRules: [{5AA09B1C-FE86-4881-82E4-DAEE24E6FB51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{9CA9C79A-A87D-4A22-B6C7-A621FE299402}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{FA03571F-EBC5-4475-8F62-07A9B0EAF2C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
    FirewallRules: [{2DC84114-81F4-4A0B-A611-393B17935490}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
    FirewallRules: [{F3C5F75D-8BC6-4934-AE00-496D7A6F63B7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{CB7592CD-15C4-4CD1-BB64-B748C7A1BBD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{E981130F-868D-45EB-BC86-97D536F0A759}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{58685E22-1D4A-44B4-AF5C-095877190BE3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
    FirewallRules: [{781D2165-182D-4269-B382-90F90427B58A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{AA39E120-FA6F-407A-AC16-39CFC7ABBB0A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{6181EB7A-D0AE-44BD-B874-91CB2506A2D0}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{69B0A38E-2051-46AF-AA38-F8D25B177127}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{93827F41-4FAD-4470-94B4-5ACE0EA03488}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{ABD8A6A0-54EF-4C03-A3FB-DD76A5AE09E2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
    FirewallRules: [{8608C9E9-637C-4994-AD59-D848AEE69F1C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
    FirewallRules: [{13381E36-0737-4FFE-A323-406FEA8C4191}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{FE7D4DB4-AD95-4F0A-999F-9AF4D91670CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{CDF834C3-A7A8-4FEB-86D2-EC939A0263F5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{C06C903F-FBD9-4544-8434-187E5C64003F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{A3842A20-E0D7-4A3E-A0E3-222C7A4EEEEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{953CDAD0-F52F-4C55-AAC2-01C3E4CEB126}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{34F7F62F-73F8-43B8-A798-A4DCC4CA597B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{DD976939-01B1-4661-B1A1-80657FBAF363}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/23/2015 05:39:47 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/23/2015 05:39:46 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/23/2015 05:39:46 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/23/2015 05:39:46 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/23/2015 05:39:46 PM) (Source: SPP) (EventID: 16388) (User: )
    Description: Failed to delete shadow copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy2 on volume \\?\Volume{5c9a61bf-5da4-11e0-9fbb-806e6f6e6963}\.

    VSS error: The specified object was not found. (0x80042308)

    User action
    Retry the deletion or examine the event log for related VSS entries.

    Error: (10/22/2015 02:12:06 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AitStatic.exe, version: 10.0.10004.0, time stamp: 0x54c65a8b
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.19018, time stamp: 0x560a0094
    Exception code: 0xc000000d
    Fault offset: 0x000000000000b3dd
    Faulting process id: 0x1f04
    Faulting application start time: 0xAitStatic.exe0
    Faulting application path: AitStatic.exe1
    Faulting module path: AitStatic.exe2
    Report Id: AitStatic.exe3

    Error: (10/22/2015 01:43:42 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (10/21/2015 10:16:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program bookkeeper.exe version 11.0.0.5 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1510

    Start Time: 01d10c6cf5dd3028

    Termination Time: 20

    Application Path: C:\Program Files (x86)\MySoftware\Bookkeeper\bookkeeper.exe

    Report Id:

    Error: (10/21/2015 09:54:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: bookkeeper.exe, version: 11.0.0.5, time stamp: 0x49a4deac
    Faulting module name: PBVM110.dll, version: 11.2.0.8739, time stamp: 0x49a4e10f
    Exception code: 0xc0000005
    Fault offset: 0x00160f04
    Faulting process id: 0x12d8
    Faulting application start time: 0xbookkeeper.exe0
    Faulting application path: bookkeeper.exe1
    Faulting module path: bookkeeper.exe2
    Report Id: bookkeeper.exe3

    Error: (10/21/2015 08:21:10 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    System errors:
    =============
    Error: (10/26/2015 05:36:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

    Error: (10/26/2015 05:36:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (10/25/2015 12:25:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

    Error: (10/25/2015 12:25:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (10/25/2015 12:11:26 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

    Error: (10/24/2015 11:48:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (10/24/2015 11:44:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (10/24/2015 11:39:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/24/2015 11:39:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/24/2015 10:48:31 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
    %%1056


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) II X4 640 Processor
    Percentage of memory in use: 39%
    Total physical RAM: 5887.29 MB
    Available physical RAM: 3540.47 MB
    Total Virtual: 11772.78 MB
    Available Virtual: 9720.78 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:918.52 GB) (Free:737.39 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.51 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 2EC37612)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=918.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  20. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
    Ran by Scott (administrator) on SCOTT-HP (26-10-2015 05:42:24)
    Running from C:\Users\Scott\Desktop
    Loaded Profiles: Scott (Available Profiles: Scott)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\downloader.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1688552 2015-10-20] (Bitdefender)
    HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1416096 2015-10-13] (Bitdefender)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{88D6FDC8-C028-4379-A05F-5AA6C23B289B}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://srch-us10.hpwis.com/
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-09-21] (Bitdefender)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-09-21] (Bitdefender)
    Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
    DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} hxxp://74.95.137.254:88/webrec.cab
    DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\2ZG9qDU7.default
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
    FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Scott\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Extension: Avira Browser Safety - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\2ZG9qDU7.default\Extensions\abs@avira.com [2015-10-11] [not signed]
    FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff [2015-10-20] [not signed]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-10-20] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-10] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-10-20] [not signed]
    FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
    FF HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Norton Security Toolbar) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-09-17]
    CHR Extension: (Norton Identity Safe) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-28]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
    R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [823840 2015-09-22] (Bitdefender)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [124488 2015-09-29] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1572168 2015-10-14] (Bitdefender)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-05-28] (BitDefender)
    R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-05-29] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-05-28] (BitDefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
    S4 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
    R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [270248 2015-10-08] (Bitdefender)
    S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-08-05] (Belcarra Technologies) [File not signed]
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-24] ()
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
    S3 cpuz134; \??\C:\Users\Scott\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-26 05:41 - 2015-10-26 05:42 - 02197504 _____ (Farbar) C:\Users\Scott\Desktop\FRST64.exe
    2015-10-24 23:50 - 2015-10-24 23:50 - 00025806 _____ C:\ComboFix.txt
    2015-10-24 23:39 - 2015-10-24 23:50 - 00000000 ____D C:\Qoobox
    2015-10-24 23:39 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-10-24 23:39 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-10-24 23:39 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-10-24 23:39 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-10-24 23:39 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-10-24 23:39 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2015-10-24 23:39 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2015-10-24 23:39 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2015-10-24 23:38 - 2015-10-24 23:49 - 00000000 ____D C:\Windows\erdnt
    2015-10-24 23:12 - 2015-10-24 23:12 - 05637412 ____R (Swearware) C:\Users\Scott\Desktop\ComboFix.exe
    2015-10-24 22:51 - 2015-10-24 22:51 - 00005504 _____ C:\Users\Scott\Desktop\JRT.txt
    2015-10-24 22:36 - 2015-10-24 22:38 - 00000000 ____D C:\AdwCleaner
    2015-10-24 21:49 - 2015-10-25 00:11 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-10-24 21:49 - 2015-10-24 21:49 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-10-24 21:48 - 2015-10-24 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-24 21:48 - 2015-10-24 21:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-24 21:48 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-10-24 21:48 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-10-24 21:48 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2015-10-24 21:36 - 2015-10-24 21:49 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-10-24 21:36 - 2015-10-24 21:36 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-10-24 12:27 - 2015-10-24 12:27 - 00102984 _____ C:\Users\Scott\Downloads\OTL2.Txt
    2015-10-24 12:27 - 2015-10-24 12:27 - 00079146 _____ C:\Users\Scott\Downloads\Extras2.Txt
    2015-10-24 12:26 - 2015-10-24 12:26 - 00079146 _____ C:\Users\Scott\Downloads\Extras.Txt
    2015-10-24 12:23 - 2015-10-24 12:23 - 00102984 _____ C:\Users\Scott\Downloads\OTL.Txt
    2015-10-24 12:00 - 2015-10-24 12:00 - 00602112 _____ (OldTimer Tools) C:\Users\Scott\Downloads\OTL.exe
    2015-10-24 11:47 - 2015-10-24 11:48 - 00000000 ____D C:\ProgramData\Oracle
    2015-10-24 11:47 - 2015-10-24 11:47 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-10-24 11:47 - 2015-10-24 11:47 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Sun
    2015-10-24 11:47 - 2015-10-24 11:47 - 00000000 ____D C:\Users\Scott\AppData\LocalLow\Sun
    2015-10-24 11:47 - 2015-10-24 11:47 - 00000000 ____D C:\Users\Scott\.oracle_jre_usage
    2015-10-24 11:47 - 2015-10-24 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-10-24 11:47 - 2015-10-24 11:47 - 00000000 ____D C:\Program Files (x86)\Java
    2015-10-24 11:46 - 2015-10-24 11:46 - 00000000 ____D C:\Users\Scott\AppData\LocalLow\Oracle
    2015-10-24 11:43 - 2015-10-26 05:43 - 00016409 _____ C:\Users\Scott\Desktop\FRST.txt
    2015-10-24 11:43 - 2015-10-24 11:43 - 00033383 _____ C:\Users\Scott\Desktop\Addition.txt
    2015-10-24 11:33 - 2015-10-26 05:42 - 00000000 ____D C:\FRST
    2015-10-22 05:18 - 2015-10-22 05:18 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-10-22 05:18 - 2015-10-22 05:18 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-21 21:34 - 2015-10-21 21:35 - 00000000 ___HD C:\ProgramData\CanonIJScan
    2015-10-21 21:27 - 2015-10-21 21:30 - 00000000 ___HD C:\ProgramData\CanonIJMIG
    2015-10-21 21:26 - 2015-10-21 21:26 - 00002079 _____ C:\Users\Public\Desktop\Canon My Image Garden.lnk
    2015-10-21 21:19 - 2015-10-21 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
    2015-10-21 21:19 - 2015-10-21 21:19 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
    2015-10-21 21:19 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLL.dll
    2015-10-21 21:19 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLU.dll
    2015-10-21 21:19 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\SysWOW64\CNC176BD.TBL
    2015-10-21 21:19 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
    2015-10-21 21:18 - 2015-10-21 21:19 - 00000000 ___HD C:\Program Files\CanonBJ
    2015-10-21 21:18 - 2015-10-21 21:18 - 00000000 ____D C:\Windows\system32\STRING
    2015-10-21 21:18 - 2012-07-31 08:48 - 00359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
    2015-10-21 21:18 - 2012-07-31 08:48 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
    2015-10-21 21:18 - 2012-07-31 08:47 - 00366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
    2015-10-21 21:15 - 2015-10-21 21:22 - 00000000 ____D C:\Program Files (x86)\Canon
    2015-10-21 21:15 - 2015-10-21 21:15 - 00000000 ___HD C:\ProgramData\CanonIJETV
    2015-10-21 20:13 - 2015-10-21 21:34 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Canon
    2015-10-21 09:07 - 2015-10-21 09:07 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
    2015-10-21 09:05 - 2015-10-25 12:22 - 00011148 _____ C:\Windows\PFRO.log
    2015-10-21 09:04 - 2015-10-26 05:34 - 00000616 _____ C:\Windows\setupact.log
    2015-10-21 09:04 - 2015-10-21 09:04 - 00000000 _____ C:\Windows\setuperr.log
    2015-10-21 09:03 - 2015-10-21 09:06 - 00352336 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-10-21 08:56 - 2015-10-21 08:56 - 00096162 _____ C:\Users\Scott\Documents\cc_20151021_085626.regbackup.reg
    2015-10-21 08:52 - 2015-10-21 08:52 - 00102496 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-10-21 08:31 - 2015-10-21 08:31 - 00000385 _____ C:\Windows\system32\user_gensett.xml
    2015-10-21 08:31 - 2015-10-21 08:31 - 00000385 _____ C:\Users\Scott\AppData\Roaminguser_gensett.xml
    2015-10-21 08:30 - 2015-10-21 08:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
    2015-10-21 08:30 - 2015-10-21 08:30 - 00002128 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
    2015-10-21 08:30 - 2015-10-21 08:30 - 00000684 ____H C:\bdr-cf01
    2015-10-21 08:30 - 2015-10-21 08:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2015-10-21 08:30 - 2015-10-21 08:30 - 00000000 ____D C:\ProgramData\BDLogging
    2015-10-21 08:30 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
    2015-10-21 08:29 - 2015-10-21 08:31 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bitdefender
    2015-10-21 08:29 - 2015-10-21 08:30 - 00253404 ____H C:\bdr-ld01
    2015-10-21 08:29 - 2015-10-21 08:30 - 00009216 ____H C:\bdr-ld01.mbr
    2015-10-21 08:29 - 2015-10-08 12:31 - 00270248 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
    2015-10-21 08:29 - 2015-05-29 09:50 - 00271272 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
    2015-10-21 08:29 - 2015-05-28 14:21 - 00747120 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
    2015-10-21 08:29 - 2015-05-28 13:37 - 01369288 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
    2015-10-21 08:29 - 2015-05-27 17:02 - 49626058 ____H C:\bdr-im01.gz
    2015-10-21 08:29 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
    2015-10-21 08:29 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
    2015-10-21 08:27 - 2015-10-21 09:01 - 00000000 ____D C:\ProgramData\Bitdefender
    2015-10-21 08:27 - 2015-10-21 08:27 - 00000000 ____D C:\Program Files\Bitdefender
    2015-10-21 08:27 - 2015-06-02 15:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
    2015-10-21 08:27 - 2015-04-29 14:32 - 00160032 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
    2015-10-21 08:08 - 2015-10-21 08:08 - 00000000 ___RD C:\Users\Scott\Documents\Slides
    2015-10-20 22:26 - 2015-10-20 22:26 - 00000000 ____D C:\Users\Scott\AppData\Roaming\QuickScan
    2015-10-20 22:25 - 2015-10-21 08:27 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2015-10-20 22:17 - 2015-10-20 22:17 - 00005942 _____ C:\Users\Scott\AppData\LocalLow\wbkE18A.tmp
    2015-10-20 20:56 - 2015-10-26 05:35 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2015-10-20 20:56 - 2015-10-20 20:56 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2015-10-20 10:15 - 2015-10-21 07:26 - 00001318 _____ C:\Windows\SysWOW64\debug.log
    2015-10-20 10:14 - 2015-10-20 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-10-20 10:09 - 2015-10-20 10:09 - 00000000 ____D C:\Users\Scott\AppData\Roaming\AVG
    2015-10-20 10:08 - 2015-10-20 10:08 - 00000000 ____D C:\Users\Scott\AppData\Roaming\TuneUp Software
    2015-10-20 10:04 - 2015-10-20 21:11 - 00000000 ____D C:\ProgramData\Avg
    2015-10-20 10:02 - 2015-10-20 21:11 - 00000000 ____D C:\Users\Scott\AppData\Local\Avg
    2015-10-20 10:02 - 2015-10-20 21:11 - 00000000 ____D C:\ProgramData\MFAData
    2015-10-20 10:02 - 2015-10-20 21:07 - 00000000 ____D C:\Users\Scott\AppData\Local\AvgSetupLog
    2015-10-20 10:02 - 2015-10-20 10:02 - 00000000 ____D C:\Users\Scott\AppData\Local\MFAData
    2015-10-20 10:02 - 2015-10-20 10:02 - 00000000 ____D C:\Users\Scott\AppData\Local\Avg2015
    2015-10-15 10:22 - 2015-09-18 15:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-10-15 10:22 - 2015-09-18 15:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-10-15 10:22 - 2015-09-18 15:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-10-15 10:22 - 2015-09-18 15:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-10-15 10:22 - 2015-09-18 15:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-10-15 10:22 - 2015-09-18 15:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-10-15 10:22 - 2015-09-18 15:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-10-15 04:25 - 2015-10-15 04:25 - 00000000 ____D C:\092337879e3a523d6c7d
    2015-10-14 11:33 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-10-14 11:33 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-10-14 11:33 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-10-14 11:33 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-10-14 11:32 - 2015-09-25 14:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-10-14 11:32 - 2015-09-25 14:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-10-14 11:32 - 2015-09-25 14:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-10-14 11:32 - 2015-09-25 14:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-10-14 11:32 - 2015-09-25 14:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-10-14 11:32 - 2015-09-25 13:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-10-14 11:32 - 2015-09-25 13:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-10-14 11:32 - 2015-09-25 13:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-10-14 11:32 - 2015-09-25 13:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-10-14 11:32 - 2015-09-25 13:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-10-14 11:32 - 2015-09-18 15:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-10-14 11:32 - 2015-09-18 14:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-10-14 11:32 - 2015-09-16 00:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-10-14 11:32 - 2015-09-16 00:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-10-14 11:32 - 2015-09-16 00:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-10-14 11:32 - 2015-09-16 00:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-10-14 11:32 - 2015-09-16 00:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-10-14 11:32 - 2015-09-16 00:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-10-14 11:32 - 2015-09-16 00:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-10-14 11:32 - 2015-09-16 00:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-10-14 11:32 - 2015-09-16 00:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-10-14 11:32 - 2015-09-16 00:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-10-14 11:32 - 2015-09-16 00:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-10-14 11:32 - 2015-09-16 00:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-10-14 11:32 - 2015-09-16 00:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-10-14 11:32 - 2015-09-16 00:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-10-14 11:32 - 2015-09-16 00:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-10-14 11:32 - 2015-09-16 00:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-10-14 11:32 - 2015-09-16 00:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-10-14 11:32 - 2015-09-16 00:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-10-14 11:32 - 2015-09-15 23:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-10-14 11:32 - 2015-09-15 23:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-10-14 11:32 - 2015-09-15 23:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-10-14 11:32 - 2015-09-15 23:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-10-14 11:32 - 2015-09-15 23:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-10-14 11:32 - 2015-09-15 23:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-10-14 11:32 - 2015-09-15 23:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-10-14 11:32 - 2015-09-15 23:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-10-14 11:32 - 2015-09-15 23:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-10-14 11:32 - 2015-09-15 23:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-10-14 11:32 - 2015-09-15 23:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-10-14 11:32 - 2015-09-15 23:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-10-14 11:32 - 2015-09-15 23:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-10-14 11:32 - 2015-09-15 23:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-10-14 11:32 - 2015-09-15 23:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-10-14 11:32 - 2015-09-15 23:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-10-14 11:32 - 2015-09-15 23:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-10-14 11:32 - 2015-09-15 23:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-10-14 11:32 - 2015-09-15 23:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-10-14 11:32 - 2015-09-15 23:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-10-14 11:32 - 2015-09-15 23:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-10-14 11:32 - 2015-09-15 23:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-10-14 11:32 - 2015-09-15 23:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-10-14 11:32 - 2015-09-15 23:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-10-14 11:32 - 2015-09-15 23:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-10-14 11:32 - 2015-09-15 23:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-10-14 11:32 - 2015-09-15 23:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-10-14 11:32 - 2015-09-15 23:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-10-14 11:32 - 2015-09-15 23:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-10-14 11:32 - 2015-09-15 23:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-10-14 11:32 - 2015-09-15 23:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-10-14 11:32 - 2015-09-15 23:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-10-14 11:32 - 2015-09-15 23:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-10-14 11:32 - 2015-09-15 23:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-10-14 11:32 - 2015-09-15 22:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-10-14 11:32 - 2015-09-15 22:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-10-14 11:32 - 2015-09-15 22:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-10-14 11:32 - 2015-09-15 22:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-10-14 11:32 - 2015-09-15 22:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-10-14 11:32 - 2015-09-15 22:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-10-14 11:32 - 2015-09-15 22:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-10-14 11:32 - 2015-09-15 22:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-10-14 11:32 - 2015-09-15 22:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-10-14 11:32 - 2015-09-15 22:32 - 00710144 _____ (Microsoft Corporation)
     
  21. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    C:\Windows\SysWOW64\ieapfltr.dll
    2015-10-14 11:31 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-10-14 11:31 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-10-14 11:31 - 2015-09-28 23:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-10-14 11:31 - 2015-09-28 23:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-10-14 11:31 - 2015-09-28 23:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-10-14 11:31 - 2015-09-28 23:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-10-14 11:31 - 2015-09-28 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-10-14 11:31 - 2015-09-28 23:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-10-14 11:31 - 2015-09-28 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-10-14 11:31 - 2015-09-28 23:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-10-14 11:31 - 2015-09-28 23:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-10-14 11:31 - 2015-09-28 23:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-10-14 11:31 - 2015-09-28 23:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-10-14 11:31 - 2015-09-28 23:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-10-14 11:31 - 2015-09-28 23:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-10-14 11:31 - 2015-09-28 22:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-10-14 11:31 - 2015-09-28 22:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-10-14 11:31 - 2015-09-28 22:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-10-14 11:31 - 2015-09-28 22:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-10-14 11:31 - 2015-09-28 22:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-10-14 11:31 - 2015-09-28 22:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-10-14 11:31 - 2015-09-28 22:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-10-14 11:31 - 2015-09-28 22:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-10-14 11:31 - 2015-09-28 22:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-10-14 11:31 - 2015-09-28 22:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-10-14 11:31 - 2015-09-28 22:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 21:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-10-14 11:31 - 2015-09-28 21:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-10-14 11:31 - 2015-09-28 21:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-10-14 11:31 - 2015-09-28 21:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-10-14 11:31 - 2015-09-28 21:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-10-14 11:31 - 2015-09-28 21:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 21:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 21:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-28 21:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-10-14 11:31 - 2015-09-15 14:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-10-14 11:31 - 2015-09-15 14:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-10-14 11:31 - 2015-09-15 14:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-10-14 11:31 - 2015-09-15 14:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-10-14 11:31 - 2015-09-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-10-14 11:31 - 2015-09-15 13:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-10-14 11:31 - 2015-09-15 13:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-10-14 11:31 - 2015-09-15 13:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-10-14 11:31 - 2015-09-15 13:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-10-14 11:30 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-10-14 11:30 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-10-14 11:30 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-10-14 11:30 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-10-14 11:30 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-10-14 11:30 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-10-14 11:30 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-10-14 11:30 - 2015-07-18 09:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-10-14 11:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-10-12 12:04 - 2015-10-12 12:04 - 00000000 ____D C:\Users\Scott\AppData\LocalLow\Avira
    2015-10-11 08:56 - 2015-10-11 08:56 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Mozilla
    2015-10-11 08:52 - 2015-10-21 07:22 - 00000000 ____D C:\Program Files (x86)\Avira
    2015-10-11 08:50 - 2015-10-11 08:50 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-10-10 17:34 - 2015-10-10 21:11 - 00000000 ____D C:\Users\Scott\Documents\Adobe
    2015-10-10 17:28 - 2015-10-21 07:43 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-10-10 17:24 - 2015-10-11 08:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Google
    2015-10-10 17:22 - 2015-10-21 07:45 - 00000000 ___RD C:\Users\Scott\Creative Cloud Files
    2015-10-10 17:21 - 2015-10-11 09:47 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-10-10 17:15 - 2015-10-21 07:44 - 00000000 ____D C:\ProgramData\Adobe
    2015-10-10 17:14 - 2015-10-21 07:45 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-10-10 17:12 - 2015-10-22 05:17 - 00000000 ____D C:\Users\Scott\AppData\Local\Adobe
    2015-10-10 16:57 - 2015-10-10 16:57 - 00000000 ___RD C:\Users\Scott\Documents\RocketLifeNetwork
    2015-10-10 16:57 - 2015-10-10 16:57 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Visan
     
  22. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-26 05:43 - 2011-10-12 11:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-26 05:43 - 2011-04-02 21:38 - 01335252 _____ C:\Windows\WindowsUpdate.log
    2015-10-26 05:38 - 2011-05-21 20:47 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF579200-1948-40CD-879E-208CD9C3F40D}
    2015-10-26 05:35 - 2011-10-12 11:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-26 05:34 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-25 13:15 - 2011-05-10 16:27 - 00000000 ____D C:\Users\Scott\AppData\Roaming\SoftGrid Client
    2015-10-25 13:15 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-25 13:15 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-25 00:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2015-10-24 23:50 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
    2015-10-24 23:48 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
    2015-10-24 23:47 - 2011-05-08 12:29 - 00000000 ____D C:\Users\Scott
    2015-10-24 23:20 - 2011-06-14 13:34 - 00000000 ____D C:\Users\Scott\AppData\Temp
    2015-10-24 22:38 - 2011-05-10 14:08 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Yahoo!
    2015-10-23 06:49 - 2011-04-02 21:59 - 00000000 ____D C:\ProgramData\PDFC
    2015-10-21 21:54 - 2011-06-06 18:27 - 00000000 ____D C:\Users\Scott\AppData\Local\CrashDumps
    2015-10-21 21:37 - 2009-09-11 10:25 - 00000000 ____D C:\Users\Scott\Documents\My Scans
    2015-10-21 21:19 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
    2015-10-21 09:06 - 2015-07-21 03:27 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForScott.job
    2015-10-21 09:06 - 2012-06-27 13:37 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForSCOTT-HP$.job
    2015-10-21 08:45 - 2012-10-29 11:16 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSCOTT-HP$
    2015-10-21 08:45 - 2011-05-13 15:10 - 00003258 _____ C:\Windows\System32\Tasks\{EE735459-49D2-4FAD-9105-AFB2586B55F9}
    2015-10-21 08:23 - 2015-07-21 03:27 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForScott
    2015-10-21 08:14 - 2011-05-08 16:51 - 00000000 ____D C:\ProgramData\Recovery
    2015-10-21 08:13 - 2012-04-12 09:18 - 00000000 ____D C:\Program Files (x86)\School Zone
    2015-10-21 08:09 - 2011-10-12 11:31 - 00000000 ____D C:\Program Files\Google
    2015-10-21 08:09 - 2011-10-12 11:31 - 00000000 ____D C:\Program Files (x86)\Google
    2015-10-21 08:06 - 2012-10-19 12:02 - 00000000 ____D C:\Program Files\iTunes
    2015-10-21 08:05 - 2012-10-19 12:02 - 00000000 ____D C:\Program Files\iPod
    2015-10-21 08:05 - 2012-10-19 12:02 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-10-21 08:02 - 2011-10-12 11:31 - 00000000 ____D C:\Users\Scott\AppData\Local\Google
    2015-10-21 08:01 - 2012-07-05 17:27 - 00000000 ____D C:\Windows\en
    2015-10-21 07:57 - 2011-04-02 21:38 - 00000000 ____D C:\ProgramData\Hewlett-Packard
    2015-10-21 07:57 - 2011-04-02 21:37 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2015-10-21 07:53 - 2011-10-14 11:33 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2015-10-21 07:50 - 2011-06-19 22:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2015-10-21 07:45 - 2011-05-09 11:51 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Adobe
    2015-10-21 07:37 - 2011-11-20 18:54 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2015-10-21 07:35 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-10-21 07:35 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-10-21 07:34 - 2011-06-08 14:05 - 00000000 ____D C:\Users\Scott\AppData\Local\Unity
    2015-10-21 07:30 - 2011-04-02 21:59 - 00000000 ____D C:\ProgramData\Symantec
    2015-10-21 07:29 - 2011-08-13 12:37 - 00000000 ____D C:\Program Files (x86)\LeapFrog
    2015-10-21 07:29 - 2011-04-02 22:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
    2015-10-20 22:04 - 2012-07-11 18:27 - 00000000 ____D C:\Windows\Minidump
    2015-10-20 21:40 - 2012-11-21 08:03 - 00001945 _____ C:\Windows\epplauncher.mif
    2015-10-20 21:11 - 2015-06-10 03:34 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-10-16 03:48 - 2014-12-11 04:21 - 00000000 ____D C:\Windows\system32\appraiser
    2015-10-16 03:48 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-10-16 03:37 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2015-10-15 04:25 - 2013-08-24 03:01 - 00000000 ____D C:\Windows\system32\MRT
    2015-10-15 04:25 - 2011-05-08 13:18 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-10-11 09:39 - 2009-07-14 03:45 - 00000000 ____D C:\Windows\ShellNew
    2015-10-10 21:54 - 2011-05-09 11:48 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
    2015-10-10 21:41 - 2011-04-02 22:11 - 00000000 ____D C:\ProgramData\Norton
    2015-10-10 21:34 - 2015-07-31 04:57 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2015-10-10 17:02 - 2014-04-21 08:39 - 00021134 _____ C:\Windows\SysWOW64\TEST.log
    2015-10-09 13:04 - 2011-05-09 11:38 - 00000000 ___DC C:\Users\Scott\AppData\Local\MigWiz
    2015-10-09 13:04 - 2009-07-24 15:22 - 00000000 ____D C:\Windows\Panther
    2015-10-08 16:49 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
    2015-10-08 03:00 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2015-10-06 05:44 - 2009-08-29 14:14 - 00000000 ____D C:\BOOKKEEPER BACKUP

    ==================== Files in the root of some directories =======

    2011-05-10 13:56 - 2013-12-17 21:28 - 0002253 _____ () C:\ProgramData\hpzinstall.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-21 12:43

    ==================== End of FRST.txt ============================
     
  23. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    Users shortcut scan result (x64) Version:25-10-2015 02
    Ran by Scott (2015-10-26 05:45:35)
    Running from C:\Users\Scott\Desktop
    Boot Mode: Normal

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)



    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Operating Specifications.lnk -> C:\swsetup\HP Documentation\WW\OPS\624353-SJ2.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Safety and Comfort Guide.lnk -> C:\swsetup\HP Documentation\EN\SCG\417893-003.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Safety and Regulatory Information.lnk -> C:\swsetup\HP Documentation\EN\SRI\418213-402.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides\Upgrading and Servicing Guide.lnk -> C:\swsetup\HP Documentation\EN\USG\537486-001.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Disc Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\CDCreator.exe (CyberLink)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager\Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete\PDF Complete.lnk -> C:\Program Files (x86)\PDF Complete\pdfvista.exe (PDF Complete Inc)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\HP support information.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Information\HPSysInfo.exe (Hewlett-Packard Development Company, L.P.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools\HP Vision Diagnostics Disc Creation.lnk -> C:\Program Files\Hewlett-Packard\HP Vision Hardware Diagnostics\DiscCreation\disccreation.exe (Hewlett-Packard)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Skype.lnk -> C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe (Skype Technologies S.A.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySoftware\Bookkeeper\Bookkeeper User's Guide.lnk -> C:\Program Files (x86)\MySoftware\Bookkeeper\bookkeeper.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySoftware\Bookkeeper\Bookkeeper.lnk -> C:\Program Files (x86)\MySoftware\Bookkeeper\bookkeeper.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center\Microsoft Mouse and Keyboard Center.lnk -> c:\Windows\Installer\{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}\DeviceCenter.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling\LabelPrint.lnk -> C:\Program Files (x86)\Cyberlink\LabelPrint\LabelPrint.exe (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Solution Center.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\Hp\HP Software Update\hpwucli.exe (Hewlett-Packard)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\hpDST.lnk -> C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe (Hewlett-Packard Company)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C309a series\Help.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\help\aio52.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C309a series\Product Support Website.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\HP Photosmart C309a series\help\HP Product Support Website.url ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C309a series\Readme.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\help\PS_AIO_05_C309_readme\readme.html ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Smart Web Printing\HP Smart Web Printing Help.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\Help\hpsmartprint.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential 3.5\HP Photosmart Essential 3.5.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart DVD.lnk -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart Photo.lnk -> C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart Video.lnk -> C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart.lnk -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hallmark\Event Planner 2010.lnk -> C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\SHORTCUT_EP_3190D92A30664FA7847D17E0404C2F43.exe (Acresso Software Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hallmark\Hallmark Card Studio 2010 Deluxe.lnk -> C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\NewShortcut1_4E35EE0BF0FD4D6EB628322E236BC232.exe (Acresso Software Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Image Garden\My Image Garden.lnk -> C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe (CANON INC.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Scan Utility\IJ Scan Utility.lnk -> C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (CANON INC.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Tool\IJ Network Tool.lnk -> C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNPUT.EXE (CANON INC.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Scanner Selector EX\IJ Network Scanner Selector EX.lnk -> C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016\Bitdefender 2016.lnk -> C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe (Bitdefender)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016\Bitdefender Safepay.lnk -> C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\obk.exe (Bitdefender)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016\Repair or Uninstall.lnk -> C:\Program Files\Common Files\Bitdefender\SetupInformation\{09FE2C2E-BB0D-4848-A706-AA244FA25FEA}\installer.exe (Bitdefender)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Hewlett-Packard\Recovery\Links\RM.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk -> C:\Users\Scott\AppData\Local\HuluDesktop\HuluDesktop.exe (No File)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Public\Downloads\Norton\{N360203036-SHPD-FSD33017}\Documents - Shortcut.lnk -> C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms ()
    Shortcut: C:\Users\Public\Desktop\Bitdefender 2016.lnk -> C:\Program Files\Bitdefender\Bitdefender 2016\seccenter.exe (Bitdefender)
    Shortcut: C:\Users\Public\Desktop\Bookkeeper.lnk -> C:\Program Files (x86)\MySoftware\Bookkeeper\bookkeeper.exe ()
    Shortcut: C:\Users\Public\Desktop\Canon My Image Garden.lnk -> C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe (CANON INC.)
    Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    Shortcut: C:\Users\Public\Desktop\Hallmark Card Studio 2010 Deluxe.lnk -> C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\NewShortcut3_2EF556BD880143F8AFB44BE91BA43AD6.exe (Acresso Software Inc.)
    Shortcut: C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
    Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
    Shortcut: C:\Users\Scott\Links\Desktop.lnk -> C:\Users\Scott\Desktop ()
    Shortcut: C:\Users\Scott\Links\Downloads.lnk -> C:\Users\Scott\Downloads ()
    Shortcut: C:\Users\Scott\Documents\scan0001 - Copy.pdf - Shortcut.lnk -> C:\Users\Scott\Documents\My Scans\2013-02 (Feb)\scan0001 - Copy.pdf ()
    Shortcut: C:\Users\Scott\Documents\Slides\Norton 360.lnk -> C:\Program Files (x86)\Norton 360\Engine64\20.6.0.27\uistub.exe (No File)
    Shortcut: C:\Users\Scott\Documents\Slides\Pencil-Pal Kindergarten.lnk -> C:\Program Files (x86)\School Zone\Pencil-Pal Kindergarten\AutoPlay.exe (No File)
    Shortcut: C:\Users\Scott\Documents\My Scans\2014-07 (Jul)\scan0001.pdf - Shortcut.lnk -> C:\Users\Scott\Documents\My Scans\2014-07 (Jul)\scan0001.pdf ()
    Shortcut: C:\Users\Scott\Documents\My Scans\2013-02 (Feb)\scan0001 - Copy.pdf - Shortcut.lnk -> C:\Users\Scott\Documents\My Scans\2013-02 (Feb)\scan0001 - Copy.pdf ()
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk -> C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe (Hewlett-Packard Company)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\HP Photosmart Essential 3.5.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqpse.exe (Hewlett-Packard Development Co. L.P.)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)


    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=hp_softwarestore&pf=cndt&locale=en_us&bd=all&c=111


    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySoftware\Bookkeeper\Online Accounting Tutorials.lnk -> C:\Windows\hh.exe (Microsoft Corporation) -> C:\Program Files (x86)\MySoftware\Bookkeeper\Bookkeeper.chm::/Welcome.01.12.html#1027817
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab about
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab update
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C309a series\Add A Device.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\{A9B54408-EF50-4821-B8A2-F597A657112A}\hpzstub.exe (Hewlett-Packard) -> -addadevice
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C309a series\Product Registration.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqwrg.exe (Hewlett-Packard Company) -> "HP Photosmart C309a series"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C309a series\Uninstall.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\{A9B54408-EF50-4821-B8A2-F597A657112A}\setup\hpzscr40.exe (Hewlett-Packard) -> -datfile hposcr35.dat -onestop -forcereboot
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photosmart Essential 3.5\Uninstall HP Photosmart Essential 3.5.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\photosmartessential\hpzscr01.exe (Hewlett-Packard) -> -datfile hpqbud13.dat
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP MediaSmart\HP MediaSmart Music.lnk -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe (CyberLink Corp.) -> /MS
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\- HP Game Console -.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\HP Game Console\GameConsole-wt.exe" /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Agatha Christie - Peril at End House.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WIRE.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blasterball 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WIRE.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bounce Symphony.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bounce Symphony\bounce-WIRE.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Build-a-lot 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Build-a-lot 2\Buildalot2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Cake Mania.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WIRE.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dora's World Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Escape Rosecliff Island.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Escape Rosecliff Island\EscapeRosecliffIsland-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farm Frenzy.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy\Farm Frenzy-WIRE.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE\Fate-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Final Drive Nitro.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Final Drive Nitro\Racing-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Heroes of Hellas 2 - Olympia.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Heroes of Hellas 2 - Olympia\hoh2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from HP Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mystery P.I. - The London Caper.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The London Caper\MysteryPILondon-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies\Plants vs. Zombies-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Families.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Families\Virtual Families-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Advanced.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Dashboard
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Wizard.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Wizard
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start CCC
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Restart Runtime.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) -> Restart
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fdf91770-af7e-4c8d-bfd2-b40f6a1b7481}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fac60ee0-3e65-46c0-862e-52d1e16fa6d1}\PlayTasks\0\Farm Frenzy.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Farm Frenzy\Farm Frenzy-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f64371e9-e863-40ab-8ecd-dbd1e79683bf}\PlayTasks\0\Plants vs. Zombies.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies\Plants vs. Zombies-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f41abb66-f415-4c77-a2ae-917b23460332}\PlayTasks\0\FATE.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\FATE\Fate-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e5541345-a785-4e1e-906e-5bf6068ba4c0}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{dcf8c30f-84f6-4475-829d-2dea8d873786}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{ca09659c-b1d0-44d1-9556-34a098c464ad}\PlayTasks\0\Jewel Quest Solitaire 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\JQSolitaire2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c44af186-ce1f-41b7-94d3-def66a94aeeb}\PlayTasks\0\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b16ffd95-0431-4509-96f5-9fe2ff5ccf1b}\PlayTasks\0\Virtual Families.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Families\Virtual Families-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9d36fecf-a272-4632-a018-906223216b09}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9c57dc32-44bf-4dad-8cce-4d334f4f725a}\PlayTasks\0\Dora's World Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9b9b12f2-7e8f-4fe3-8365-8998b415574d}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9a3546c9-c2c2-4959-a9b9-a47e8c7e990c}\PlayTasks\0\Escape Rosecliff Island.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Escape Rosecliff Island\EscapeRosecliffIsland-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{96bf90fe-65f5-4f95-897f-3a4a21a2f8dc}\PlayTasks\0\Mystery P.I. - The London Caper.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Mystery P.I. - The London Caper\MysteryPILondon-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{961391a5-faff-4656-b639-9469eafbd166}\PlayTasks\0\Agatha Christie - Peril at End House.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{93c5e4ca-9d35-4bd8-95b1-c7327601d483}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{8dde8af6-a947-49ea-8858-e46765d3acb9}\PlayTasks\0\Bounce Symphony.lnk -> C:\Program Files
     
  24. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bounce Symphony\bounce-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{7bb9e3fe-6efc-40ae-9cbb-ec98bca6e8ec}\PlayTasks\0\Heroes of Hellas 2 - Olympia.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Heroes of Hellas 2 - Olympia\hoh2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{7b3b2cd8-870b-4735-b686-7895f269f110}\PlayTasks\0\Final Drive Nitro.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Final Drive Nitro\Racing-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5fe74c0f-3b4e-4d19-ba1a-45d1ca676438}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{58081f22-f467-440d-b45a-d1207a716bdd}\PlayTasks\0\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4f4fa136-6ede-454c-9495-620e06dcb70f}\PlayTasks\0\Cake Mania.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4c62c261-4bc4-4df9-9107-4f91e6a38018}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1cd10db5-fd52-412c-8f5d-106e71b1c9bd}\PlayTasks\0\Build-a-lot 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Build-a-lot 2\Buildalot2-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{119eedc1-0c64-4f7d-a42f-15559b86ea74}\PlayTasks\0\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{060c286e-7b14-4bf4-9936-205028416ca7}\PlayTasks\0\Blasterball 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe ( ) -> "C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WT.exe" /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Apps.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallApp
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\DelRP.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /DelRP
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Driver.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /ReinstallDriver
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\Report.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /RecoveryReport
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\Recovery\Links\RMC.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery\RecoveryMgr.exe (CyberLink) -> /CDCreator
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\HP Setup\launchreg.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\RunOnceHPTCS.exe () -> MODE=Registration
    ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\base\launch_base.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
    ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> hxxp://java.com/help
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> hxxp://java.com/
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
    InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=en_us&bd=all&c=104
    InternetURL: C:\Users\Default\Favorites\HP\HP Download Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hp_softwarestore&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cndt&locale=en_US&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\eReaders\HP Barnes & Noble Desktop eReader.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=barnes_n_noble&tp=iefavs&pf=cndt&locale=en_us&bd=all&c=104
    InternetURL: C:\Users\Default\Favorites\HP\eReaders\Kobo.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=kobo&tp=iefavs&pf=cndt&locale=en_US&bd=all&c=111
    InternetURL: C:\Users\Default\Favorites\HP\eReaders\Zinio Reader 4.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=zinio&tp=iefavs&pf=cndt&locale=en_US&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\36 pills - genuine medications at best prices.url -> hxxp://36pills.com/
    InternetURL: C:\Users\Scott\Favorites\8-step Viruses-Spyware-Malware Preliminary Removal Instructions Help! - TechSpot Forums.url -> hxxp://www.techspot.com/community/topics/8-step-viruses-spyware-malware-preliminary-removal-instructions-help.156951/
    InternetURL: C:\Users\Scott\Favorites\About the Hanley Center.url -> hxxp://www.hanleycenter.org/about/
    InternetURL: C:\Users\Scott\Favorites\animal-info.co.za - Common Marmoset.url -> hxxp://www.animal-info.co.za/common-marmoset.html
    InternetURL: C:\Users\Scott\Favorites\Applications.url -> hxxp://myfwc.com/license/wildlife/captive-wildlife/applications/
    InternetURL: C:\Users\Scott\Favorites\AT&T Wireless Service, AT&T Cell Phone Plan Discounts for Labor Union Members - Union Plus.url -> hxxp://www.unionplus.org/cell-phone-wireless/att-wireless
    InternetURL: C:\Users\Scott\Favorites\AVON Representative KATIE TWOMBLY serving the Stuart, FL area.url -> hxxp://ktwombly.avonrepresentative.com/?CUST_ID=0&SECURITY_TOKEN=&BRAND_ID=0&setlang=1
    InternetURL: C:\Users\Scott\Favorites\Barbie - Games, Videos & Fun Activities For Girls Online Barbie.url -> hxxp://www.barbie.com/
    InternetURL: C:\Users\Scott\Favorites\Behavioral Health of the Palm Beaches Alcohol and drug recovery starts here..url -> hxxp://www.bhpalmbeach.com/
    InternetURL: C:\Users\Scott\Favorites\Bids - Onvia DemandStar.url -> hxxp://www.demandstar.com/supplier/bids/agency_inc/bid_list.asp?f=search&mi=10113
    InternetURL: C:\Users\Scott\Favorites\bids.url -> hxxp://ap3server.martin.fl.us:7778/portal/page?_pageid=356,3891495&_dad=portal&_schema=PORTAL&mx=9&mn=1&bc=&bt=&dp=&bs=&ss=
    InternetURL: C:\Users\Scott\Favorites\Birthday Party Games For Kids.url -> hxxp://www.amazingmoms.com/htm/partygames.htm
    InternetURL: C:\Users\Scott\Favorites\Browsing Store - WZ Flower Pot Spectator.url -> hxxp://www.dollmarket.com/browse.cfm/wz-flower-pot-spectator/4,43158.html
    InternetURL: C:\Users\Scott\Favorites\Ccbbvghhhhhhjjjjjjjuuuuuuhuuuuuuuuuyuuuujbn njiijj - Google Searchiujiiikl m.url -> hxxp://www.google.com/search?q=Ccbbvghhhhhhjjjjjjjuuuuuuhuuuuuuuuuyuuuujbn+njiijj&ie=UTF-8&oe=UTF-8&hl=en&client=safari
    InternetURL: C:\Users\Scott\Favorites\checks.url -> hxxps://www.deluxeforms.com/csm101?dbfmktop=5074067&dbfregion=6703048&dbfpageId=1588208&dbforderhandle=8672116&dbftamera=49083976643007&dbfsection=129850553546778117962036
    InternetURL: C:\Users\Scott\Favorites\Cheer Music Machine - Welcome.url -> hxxp://www.cheermusicmachine.com/
    InternetURL: C:\Users\Scott\Favorites\City Bids.url -> hxxp://cityofstuart.us/index.php/bids
    InternetURL: C:\Users\Scott\Favorites\Club Penguin.url -> hxxp://www.clubpenguin.com/
    InternetURL: C:\Users\Scott\Favorites\Common Marmoset - My feeding schedule.url -> hxxp://www.primatecare.com/mfoodex.htm
    InternetURL: C:\Users\Scott\Favorites\Common Marmoset - Wikipedia, the free encyclopedia.url -> hxxp://en.wikipedia.org/wiki/Common_Marmoset
    InternetURL: C:\Users\Scott\Favorites\Common Marmoset Husbandry.url -> hxxp://www.scribd.com/doc/58606173/Common-Marmoset-Husbandry
    InternetURL: C:\Users\Scott\Favorites\Curious George . On the Job PBS KIDS.url -> hxxp://pbskids.org/cgi-registry/curiousgeorge/on_the_job.pl
    InternetURL: C:\Users\Scott\Favorites\Doc McStuffins - Online Activities and Fun Disney Junior.url -> hxxp://disney.go.com/disneyjunior/doc-mcstuffins
    InternetURL: C:\Users\Scott\Favorites\eviction.url -> hxxp://clerk-web.martin.fl.us/ClerkWeb/courts/landlordTenant.htm
    InternetURL: C:\Users\Scott\Favorites\FCAT Explorer.url -> hxxp://www.fcatexplorer.com/
    InternetURL: C:\Users\Scott\Favorites\FCAT.url -> hxxp://www.okaloosa.k12.fl.us/south/shared_pages/standardized_test_practice.htm
    InternetURL: C:\Users\Scott\Favorites\Florida Department of Children and Families.url -> hxxp://www.myflorida.com/accessflorida/
    InternetURL: C:\Users\Scott\Favorites\FLUID -- Florida Unemployment Internet Direct Claims.url -> hxxps://www2.myflorida.com/flccid/
    InternetURL: C:\Users\Scott\Favorites\Fox29 WFLX TV, West Palm Beach, Florida- - Home.url -> hxxp://www.wflx.com/
    InternetURL: C:\Users\Scott\Favorites\Games . Sesame Street PBS KIDS.url -> hxxp://pbskids.org/sesame/elmo.html
    InternetURL: C:\Users\Scott\Favorites\http--atv.disney.go.com-disneychannel-media-suitelife-images-games_border.jpg.url -> hxxp://atv.disney.go.com/disneychannel/media/suitelife/images/games_border.jpg
    InternetURL: C:\Users\Scott\Favorites\http--www.choicegoldcredit.com-faq.aspx.url -> hxxp://www.choicegoldcredit.com/faq.aspx
    InternetURL: C:\Users\Scott\Favorites\http--www.fisher-price.com-uk-interactv-pdf-user_manual.pdf.url -> hxxp://www.fisher-price.com/uk/interactv/pdf/user_manual.pdf
    InternetURL: C:\Users\Scott\Favorites\http--www.scavengerhuntsforkids.com-Colortreasurehunt.rtf.url -> hxxp://www.scavengerhuntsforkids.com/Colortreasurehunt.rtf
    InternetURL: C:\Users\Scott\Favorites\Initial Skills Review.url -> hxxp://flisr.winlearning.com/default.aspx?key=125cb76a-e24f-4c92-842d-40a49a994cda
    InternetURL: C:\Users\Scott\Favorites\Jail Inmate Search.url -> hxxp://198.136.35.4/jailinmatesearch/jailinmatesearch.asp
    InternetURL: C:\Users\Scott\Favorites\jason.url -> hxxp://www.tcpalm.com/news/2011/jan/12/unemployed-martin-man-made-up-to-1500-daily-in/
    InternetURL: C:\Users\Scott\Favorites\Malware Removal - TechSpot Forums#post-1505098#post-1505098#post-1505098#post-1505098#post-1505098.url -> hxxp://www.techspot.com/community/topics/malware-removal.220487/
    InternetURL: C:\Users\Scott\Favorites\Marmoset.url -> hxxp://www.marmosetmom.com/MonkeyFacts.html
    InternetURL: C:\Users\Scott\Favorites\Mars XIII.url -> hxxp://www.elliotttech.com/math/MooreTrad/math/Mars/MarsXIII/MarsXIII.htm
    InternetURL: C:\Users\Scott\Favorites\Martin County Fire Rescue Scanner .url -> hxxp://www.martin.fl.us/web_docs/its/web/scanner/esdcad.html
    InternetURL: C:\Users\Scott\Favorites\Martin County Official Records Public Search.url -> hxxp://clerk-web.martin.fl.us/
    InternetURL: C:\Users\Scott\Favorites\Martin County Property Appraiser.url -> hxxp://www.pa.martin.fl.us/
    InternetURL: C:\Users\Scott\Favorites\Martin County School District - District Landing Page.url -> hxxp://martinschools.org/?sessionid=64ef26ea13d5047ad18ac237c08b55f1&t
    InternetURL: C:\Users\Scott\Favorites\MARTIN COUNTY.url -> hxxp://www.sheriff.martin.fl.us/cad/new_bookings.html
    InternetURL: C:\Users\Scott\Favorites\mathsuperstar.url -> hxxp://mathresources.anderson5.net/Sunshine%20Math/Grade%203%20Sunshine%20Math.pdf
    InternetURL: C:\Users\Scott\Favorites\monkey needs.url -> hxxp://monkeyneeds.homestead.com/index.html
    InternetURL: C:\Users\Scott\Favorites\monkey.url -> hxxp://www.monkeymatters.com/
    InternetURL: C:\Users\Scott\Favorites\MSN.com.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=IStart
    InternetURL: C:\Users\Scott\Favorites\My Coke Rewards - Home.url -> hxxp://www.mycokerewards.com/home.do
    InternetURL: C:\Users\Scott\Favorites\Nick Jr Games.url -> hxxp://www.nickjr.com/games/index.jhtml
    InternetURL: C:\Users\Scott\Favorites\Nick Jr. Phone.url -> hxxp://www.nickjr.com/kids-games/nick-jr-phone.html
    InternetURL: C:\Users\Scott\Favorites\Numbers With Face.url -> hxxp://www.nickjr.com/kids-games/numbers-with-face.html
    InternetURL: C:\Users\Scott\Favorites\Play Gunk Busters - Bigfoot PresentsMeteor the Monster Truck.url -> hxxp://www.meteorthemonstertruck.com/game/gunk_busters
    InternetURL: C:\Users\Scott\Favorites\Products - Official Checks & Forms for MySoftware by Avanquest Publishing USA, Inc..url -> hxxps://mysoftwareforms.com/store/store/comersus_listCategoriesAndProducts.asp?idCategory=63&idParentCategory=51
    InternetURL: C:\Users\Scott\Favorites\PROPERTY APPRAISER.url -> hxxp://fl-martin-appraiser.governmax.org/propertymax/rover30.asp?sid=FF1E0237B6284645AFB246B49CC140CD
    InternetURL: C:\Users\Scott\Favorites\Racing Games Formula Cartoon Cartoon Network.url -> hxxp://www.formulacartoon.com/games/formula-cartoon/index.html?atclk_gp=gp_thumbnailCardNo1
    InternetURL: C:\Users\Scott\Favorites\Radio Station Guide.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
    InternetURL: C:\Users\Scott\Favorites\Reading Scavenger Hunts.url -> hxxp://www.scavengerhuntsforkids.com/READINGINSIDE.html
    InternetURL: C:\Users\Scott\Favorites\Recipes & Cookbooks – Food, Cooking Recipes from BettyCrocker.Com.url -> hxxp://www.bettycrocker.com/
    InternetURL: C:\Users\Scott\Favorites\Revenge - ABC.com.url -> hxxp://beta.abc.go.com/shows/revenge
    InternetURL: C:\Users\Scott\Favorites\SHERIFF.url -> hxxp://www.sheriff.martin.fl.us/
    InternetURL: C:\Users\Scott\Favorites\SHOP.YOURDECKAPPEAL.COM.url -> hxxp://shop.yourdeckappeal.com/
    InternetURL: C:\Users\Scott\Favorites\Southeast Florida counties index.url -> hxxp://www.floridacountiesmap.com/southeast.shtml
    InternetURL: C:\Users\Scott\Favorites\SpellingCity.com Home Page.url -> hxxp://www.spellingcity.com/
    InternetURL: C:\Users\Scott\Favorites\SpongeBob.com SpongeBob SquarePants Episodes, Games, & Pictures.url -> hxxp://spongebob.nick.com/
    InternetURL: C:\Users\Scott\Favorites\Super Mini Puzzle Heroes Multiplayer Play Kids Games Nick Games.url -> hxxp://www.nick.com/games/super-mini-puzzle-heroes.html
    InternetURL: C:\Users\Scott\Favorites\Superstar Math Moore County Schools, NC.url -> hxxp://www.elliotttech.com/math/MooreTrad/
    InternetURL: C:\Users\Scott\Favorites\Team Umizoomi Umizoomi Math Games & Activities Umizoomi Episodes Nick Jr..url -> hxxp://www.nickjr.com/kids/team-umizoomi/
    InternetURL: C:\Users\Scott\Favorites\The Florida Lottery.url -> hxxp://www.flalottery.com/

    InternetURL: C:\Users\Scott\Favorites\The laboratory primate - Google Books.url -> hxxp://books.google.com/books?id=nCZHS0A1_lsC&pg=PA2063&lpg=PA2063&dq=how+much+do+marmosets+eat,+as+an+adult,+per+day&source=bl&ots=aUvklgzdnA&sig=W3l_pxj7cvzuVeby6Nfdd-xiIRA&hl=en&ei=WkaBTZvzH8eJ0QH0m6WKCQ&sa=X&oi=book_result&ct=result&resnum=2&ved=0CB4Q6AEwAQ
    InternetURL: C:\Users\Scott\Favorites\The Official WhitePages - Find People for Free.url -> hxxp://www.whitepages.com/
    InternetURL: C:\Users\Scott\Favorites\The School Signup Plan.url -> hxxp://www.coverleaf.com/schools
    InternetURL: C:\Users\Scott\Favorites\The Suite Life of Zack & Cody - Disney Channel.url -> hxxp://tv.disney.go.com/disneychannel/suitelife/
    InternetURL: C:\Users\Scott\Favorites\TumbleBook View Online.url -> hxxp://www.tumblebooks.com/library/asp/full_book.asp?ProductID=2490
    InternetURL: C:\Users\Scott\Favorites\Virus Removal Archives - FreeAntivirusRocks.url -> hxxp://freeantivirusrocks.com/virus-removal/
    InternetURL: C:\Users\Scott\Favorites\WiLD 95.5 -- WEST PALM BEACH.url -> hxxp://www.wild955.com/main.html
    InternetURL: C:\Users\Scott\Favorites\Wizard101 Free Online Multiplayer Family Game.url -> hxxps://www.wizard101.com/start?utm_campaign=disp_mmotraffic&utm_source=mmolife.925&utm_medium=display
    InternetURL: C:\Users\Scott\Favorites\www.minipets.co.za - Marmoset Monkeys.url -> hxxp://www.minipets.co.za/content/view/47/138/
    InternetURL: C:\Users\Scott\Favorites\YouTube - Black Eyed Peas ))) Boom Boom Pow [Clean] Lyrics Included.url -> hxxp://www.youtube.com/watch?v=0cKnTLrDbcw
    InternetURL: C:\Users\Scott\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
    InternetURL: C:\Users\Scott\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
    InternetURL: C:\Users\Scott\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
    InternetURL: C:\Users\Scott\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
    InternetURL: C:\Users\Scott\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
    InternetURL: C:\Users\Scott\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
    InternetURL: C:\Users\Scott\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
    InternetURL: C:\Users\Scott\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
    InternetURL: C:\Users\Scott\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
    InternetURL: C:\Users\Scott\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\Free Hotmail.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\IE Add-on site (1).url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\IE site on Microsoft.com (1).url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\Microsoft At Home (1).url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\Microsoft At Work (1).url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\Microsoft Store (1).url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
    InternetURL: C:\Users\Scott\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
    InternetURL: C:\Users\Scott\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
    InternetURL: C:\Users\Scott\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
    InternetURL: C:\Users\Scott\Favorites\Links\Curious George HOME.url -> hxxp://pbskids.org/curiousgeorge/
    InternetURL: C:\Users\Scott\Favorites\Links\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=myhpgames&tp=iefavbar&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
    InternetURL: C:\Users\Scott\Favorites\Links\Trix Silly Channel (2).url -> hxxp://sillychannel.com/
    InternetURL: C:\Users\Scott\Favorites\Links\Trix Silly Channel (3).url -> hxxp://sillychannel.com/
    InternetURL: C:\Users\Scott\Favorites\Links\Trix Silly Channel (4).url -> hxxp://sillychannel.com/
    InternetURL: C:\Users\Scott\Favorites\Links\Trix Silly Channel.url -> hxxp://sillychannel.com/
    InternetURL: C:\Users\Scott\Favorites\Links\Web Slice Gallery (1).url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
    InternetURL: C:\Users\Scott\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
    InternetURL: C:\Users\Scott\Favorites\HP's Recommended Web Sites\Yahoo! Best of the Web.url -> hxxp://us.rd.yahoo.com/p/hpq/browser/*hxxp://ps.hpq.yahoo.com
    InternetURL: C:\Users\Scott\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\America Online.url -> hxxp://www.aol.com/
    InternetURL: C:\Users\Scott\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\CompuServe.url -> hxxp://www.compuserve.com/
    InternetURL: C:\Users\Scott\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\EarthLink Dial-up.url -> hxxp://www.earthlink.com/
    InternetURL: C:\Users\Scott\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Get High-Speed Internet.url -> hxxp://www.broadbandcompass.com/search/display?partnerID=hp&channelID=hpdesktopsp04
    InternetURL: C:\Users\Scott\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\MSN.url -> hxxp://www.msn.com/
    InternetURL: C:\Users\Scott\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cndt&locale=en_us&bd=all&c=104
    InternetURL: C:\Users\Scott\Favorites\HP\HP Download Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hp_softwarestore&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cndt&locale=en_US&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cndt&locale=en_us&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\eReaders\HP Barnes & Noble Desktop eReader.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=barnes_n_noble&tp=iefavs&pf=cndt&locale=en_us&bd=all&c=104
    InternetURL: C:\Users\Scott\Favorites\HP\eReaders\Kobo.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=kobo&tp=iefavs&pf=cndt&locale=en_US&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\HP\eReaders\Zinio Reader 4.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=zinio&tp=iefavs&pf=cndt&locale=en_US&bd=all&c=111
    InternetURL: C:\Users\Scott\Favorites\Financial Links\MSN CarPoint.url -> hxxp://moneycentral.msn.com/money/2002/redir.asp?mcrid=146
    InternetURL: C:\Users\Scott\Favorites\Financial Links\MSN Home.url -> hxxp://moneycentral.msn.com/money/2002/redir.asp?mcrid=212
    InternetURL: C:\Users\Scott\Favorites\Financial Links\MSN HomeAdvisor.url -> hxxp://moneycentral.msn.com/money/2002/redir.asp?mcrid=281
    InternetURL: C:\Users\Scott\Favorites\Financial Links\MSN Hotmail.url -> hxxp://moneycentral.msn.com/money/2002/redir.asp?mcrid=518
    InternetURL: C:\Users\Scott\Favorites\Financial Links\MSN Money.url -> hxxp://moneycentral.msn.com/money/2002/redir.asp?mcrid=214
    InternetURL: C:\Users\Scott\Favorites\Financial Links\MSN People & Chat.url -> hxxp://moneycentral.msn.com/money/2002/redir.asp?mcrid=217
    InternetURL: C:\Users\Scott\Favorites\Financial Links\MSN Shopping.url -> hxxp://moneycentral.msn.com/money/2002/redir.asp?mcrid=145
    InternetURL: C:\Users\Scott\Favorites\Financial Links\MSN Web Search.url -> hxxp://moneycentral.msn.com/money/2002/redir.asp?mcrid=216

    ==================== End of Shortcut.txt =============================
     
  25. Annette Ritchey

    Annette Ritchey TS Member Topic Starter Posts: 37

    I posted this other txt file that popped up- shortcut- Im not sure if you needed it- I don't remember it giving me that last time. I did have my internet open when it first started- I hope I didn't mess the whole thing up? I didn't want to stop it and mess anything up so I wanted to let you know what happened right away- please let me know if I should re run it or if it is ok? I did not hit fix- should I? I wanted to say thank you for helping me still- this crazy malware doesn't want to leave my computer!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...