• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

Multiple running processes of ie and Chrome using up serious memory and causing program lockups

LadyGreenWitch

I'll get you my pretty, and your little log too!
iHF Regular
#1
:(Hey Guys, (and Gals if there are any ;)),

Alright, I admit that my arrogance has kept me from coming for help earlier. At first I thought it was a simple issue of too many programs running, programs kept locking up. Then I started to notice that while on ie, (I know, I know :angel: ), that there would be too many iexplore.exe processes running, and one of them was pulling in over 2M K in memory. When I would try to end the process it wouldn't allow it. In fact, I had to disconnect from the internet completely, then boot into Safe Mode before it would let go.

I also have noticed that sometimes when I have not started Chrome, 7-12 chrome.exe*32 processes would just decide to be running from 50,000 K to 100,000 K, each, these however will close.

I have run sfc, Avast, Spybot, TrendMicro, and RogueKiller, not necessarily in that order. The problem appeared to be a file using RealPlayer as a front. I thought I had taken care of it, but while trying to resolve a different issue on this site (not relevant to the issues I am talking about), the locking up has become worse, I have been locked out of help sites, including this one, and while the main ie issue has not returned in the same manner, there is always one too many processes, and it is always running too high a memory usage.

I've been out of the game too long, I've used DDS but never OTL, or aswMBR, so I am turning over my ego and laptop into your capable hands. Attached please find the requested files. As this situation has been going on for quite some time, I have maximized the information I am giving you. I hope that this is not a problem in identifying any issues that may be apparent in the data. I await your replies.

TTFN,

LGW
 

Attachments

Malnutrition

Still Hungry
iHF Master Craftsman
#2
Before you start please remove Search & Destroy from your machine.


We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.


  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.



Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.





Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.





When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"




A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, again save it to the desktop.
Please copy and paste the contents of this file in your next post.

Second thing that we will need is an Adware Cleaner Log.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:AdwCleaner[s1].txt as well.
Third step, we will need a Rogue Killer Log.

Download Rogue Killer and save it to your Desktop, you will need the version compatible with your machine.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.



  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.


Fourth step is a log from Farbar Scan & Recovery Tool.

Please download and save FRST 64bit or FRST 32 bit to your Desktop.


CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.



  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

LadyGreenWitch

I'll get you my pretty, and your little log too!
iHF Regular
#3
Hey Mal, may I call you Mal? I am happy to comply with all of your instructions. However, I am curious as to why you want me to remove Spybot? Please understand that while I have been out of the loop for quite some time, I still consider myself a tech, and it isn't necessary to give me a blow by blow for most programs, like you would a newb., unless your instructions differ from the norm. Thank you so much for helping me with this. I will have what you have requested ASAP.

TTFN,

LGW

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Teresa's Laptop (administrator) on TERESAS on 28-04-2015 17:33:01
Running from C:\Users\Teresa's Laptop\Desktop\Computer Cleaning Tools\Cleaning Programs
Loaded Profiles: Teresa's Laptop (Available profiles: Teresa's Laptop)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\A6100\A6100.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\wbaagent.exe
() C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\agentrcv.exe
() C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\wbatimer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
() C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Thong Nguyen) C:\Program Files (x86)\PowerMenu\PowerMenu.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Comodo Firewall] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1612504 2013-11-11] (COMODO)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-03-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-21] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-06-27] (Google Inc.)
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\Run: [GoogleChromeAutoLaunch_4F9448D3A50A613C334938D034AFD2C5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\Run: [FreeDesktopTimer] => C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe [623616 2013-01-26] ()
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe [960688 2015-02-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\MountPoints2: {a46ff84d-093f-11e3-9488-14feb59e107b} - H:\LaunchU3.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR A6100 Genie.lnk [2014-06-01]
ShortcutTarget: NETGEAR A6100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe (Realtek Semiconductor Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-21]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Teresa's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk.disabled [2014-05-01]
ShortcutTarget: Dropbox.lnk.disabled -> C:\Users\Teresa's Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Teresa's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk [2012-10-29]
ShortcutTarget: PowerMenu.lnk -> C:\Program Files (x86)\PowerMenu\PowerMenu.exe (Thong Nguyen)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-03-24] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3797571617-2345687493-384676197-1002 -> DefaultScope {308E2198-6783-485E-B21F-4C1529619369} URL = http://www.google.com/search?q={sea...x?}&startPage={startPage}&rlz=1I7GZAG_enUS438
SearchScopes: HKU\S-1-5-21-3797571617-2345687493-384676197-1002 -> OldDefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
SearchScopes: HKU\S-1-5-21-3797571617-2345687493-384676197-1002 -> {308E2198-6783-485E-B21F-4C1529619369} URL = http://www.google.com/search?q={sea...x?}&startPage={startPage}&rlz=1I7GZAG_enUS438
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-13] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-24] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-13] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-24] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-13] (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2012-04-26] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3797571617-2345687493-384676197-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{42018084-A013-4F62-9B18-C7BC70C477EC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7ACF87CE-E134-4E74-9ECC-5771258C5BAC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{836920ED-60BD-414C-A692-62A8663A1B06}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{EDD98A01-3A14-4257-90AD-04DC320B86C2}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-01-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-01-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.1.13 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-01-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.1.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll [2012-01-11] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-21] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-3797571617-2345687493-384676197-1002: @mozilla.zeniko.ch/PDFLite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012-04-25]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2012-11-16]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-02]
CHR Extension: (Google Docs) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-02]
CHR Extension: (Google Drive) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-02]
CHR Extension: (YouTube) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-02]
CHR Extension: (Google Cast) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-09-02]
CHR Extension: (Adblock Plus) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-29]
CHR Extension: (Google Search) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-02]
CHR Extension: (ShopAtHome.com) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-09-14]
CHR Extension: (Google Sheets) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-02]
CHR Extension: (No Name) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-25]
CHR Extension: (Avast Online Security) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
CHR Extension: (AllCast Receiver) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjbljnpdahefgnopeohlaeohgkiidnoe [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-02]
CHR Extension: (Gmail) - C:\Users\Teresa's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-24] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-18] (Avast Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-10-11] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-19] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-10-18] (Macrovision Europe Ltd.) [File not signed]
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-10-11] (Comodo Security Solutions, Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
U2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-21] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 Realtek8723AU; C:\Program Files (x86)\NETGEAR\A6100\RtlService.exe [45784 2013-07-02] (Realtek Semiconductor Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WBA_Agent_Client_Service; C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\wbaagent.exe [81920 2009-02-04] () [File not signed]
R2 WBA_Agent_Receiver; C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\agentrcv.exe [81920 2009-02-04] () [File not signed]
R2 WBA_Scheduler; C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\wbatimer.exe [69632 2010-08-05] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 A6100; C:\Windows\System32\DRIVERS\A6100.sys [2944216 2013-07-08] (Realtek Semiconductor Corporation )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-28] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [709144 2013-11-14] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48872 2013-09-24] (COMODO)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-09-24] (COMODO)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-18] (Avast Software)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\A6100.sys 6EE6314B85A177D5B9153F6247D0F57E
C:\Windows\System32\DRIVERS\Accelern.sys E0065CBF1A25C015C218457D2CD522B9
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys B5B4C90E9F52DA8586F1E5461AD90A5D
C:\Windows\system32\drivers\aswMonFlt.sys 300CB8E510855189CAD0B72FFB5590CB
C:\Windows\system32\drivers\aswRdr2.sys 6D37D8DB30D086739507C5F6E542656A
C:\Windows\System32\Drivers\aswRvrt.sys 07E32DFCA422A2920482D762D01957EC
C:\Windows\system32\drivers\aswSnx.sys 3B4AC2DBFC86F7247C1FF1FAF2860530
C:\Windows\system32\drivers\aswSP.sys B1368BE5F6BA529E0886F4DA2361BD2D
C:\Windows\system32\drivers\aswStm.sys 6E53278ECCFFBC2ACC2A5006745ED4BB
C:\Windows\System32\Drivers\aswVmm.sys 91782404718C6352C26B3242BAC3F0F1
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys E34DF9613C8D24C5CB6F8DF8D74E5586
C:\Windows\System32\DRIVERS\cmdguard.sys D8E4A9A691BBA24EE242A1FDDF6EBAA1
C:\Windows\System32\DRIVERS\cmdhlp.sys F6B424B925B67C306BAA85AC79F7A5CC
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\DRIVERS\htcnprot.sys B8B1B284362E1D8135112573395D5DA5
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys CCFA835960E35F30D28A868E0B3B8722
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 66DC0CE2D1867B8178EAA0E11930DBD7
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\DRIVERS\inspect.sys 7D3B8880385ACFA47174847983C4A7FA
C:\Windows\System32\drivers\RTKVHD64.sys 8FED6428FDE53D7F4C105095F22524BE
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 063C09DB965E3DFD6F4F08416F6DB8F5
C:\Windows\System32\Drivers\ksecpkg.sys 1FA627E63195BF3BF636BFEF0D7190D4
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LEqdUsb.Sys ED7EC050CD6C20E1A93A4DAFB7EFD14D
C:\Windows\System32\DRIVERS\LHidEqd.Sys 3267BC698E29474A8381E68904EB0390
C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETwNs64.sys 5D262402B0634C998F8CBCEAD7DD8676
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\DRIVERS\NuidFltr.sys 96ACBF3DDC38A52FEE115F577F36568F
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 0EBC9D13CD96C15B1B18D8678A609E4B
C:\Windows\System32\DRIVERS\nusb3xhc.sys 7BDEC000D56D485021D9C1E63C2F81CA
C:\Windows\System32\drivers\nvhda64v.sys 554964B900AE2954B8B589B6287034AC
C:\Windows\System32\DRIVERS\nvkflt.sys 88F31550395CD97ED68168239A947941
C:\Windows\System32\DRIVERS\nvlddmkm.sys E71E299FF15390E585BACF2C18F55078
C:\Windows\System32\DRIVERS\nvpciflt.sys FCC3A3F875C8CF258F71BE2F2CAA2355
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\System32\DRIVERS\qicflt.sys 0928BD20273625622722FE1DE5BBDE57
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\stdcfltn.sys 92E7F6666633D2DD91D527503DAA7BE0
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys CD74DB141650A8E131F30250381E5A77
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 16:14 - 2015-04-28 16:14 - 00000814 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-04-28 16:14 - 2015-04-28 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-04-28 16:14 - 2015-04-28 16:14 - 00000000 ____D () C:\Program Files\RogueKiller
2015-04-28 16:13 - 2015-04-28 16:13 - 18877984 _____ (Adlice Software ) C:\Users\Teresa's Laptop\Downloads\setup.exe
2015-04-28 16:06 - 2015-03-24 15:46 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw1386.tmp
2015-04-28 16:06 - 2015-03-24 15:46 - 00271200 _____ () C:\Windows\system32\Drivers\asw14A0.tmp
2015-04-28 16:06 - 2015-03-24 15:46 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw1617.tmp
2015-04-28 16:06 - 2015-03-24 15:46 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswA7D.tmp
2015-04-28 16:06 - 2015-03-24 15:46 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw11BF.tmp
2015-04-28 16:06 - 2015-03-24 15:46 - 00065736 _____ () C:\Windows\system32\Drivers\asw122E.tmp
2015-04-28 16:06 - 2015-03-24 15:46 - 00029168 _____ () C:\Windows\system32\Drivers\aswED2.tmp
2015-04-28 16:06 - 2015-03-18 11:48 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\asw3C8.tmp
2015-04-28 16:05 - 2015-04-28 16:05 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-28 16:05 - 2015-04-28 16:05 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-23 01:07 - 2015-04-23 01:05 - 00450688 ____R () C:\Windows\system32\Drivers\etc\hosts.20150423-010758.backup
2015-04-21 18:01 - 2015-04-21 18:02 - 00000056 _____ () C:\Users\Teresa's Laptop\Desktop\Theo's Amtrak GR #.txt
2015-04-19 00:05 - 2015-04-23 00:44 - 00001028 _____ () C:\Windows\PFRO.log
2015-04-18 17:02 - 2015-04-18 17:03 - 00003376 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797571617-2345687493-384676197-500
2015-04-18 17:02 - 2015-04-18 17:03 - 00003258 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797571617-2345687493-384676197-500
2015-04-18 17:02 - 2015-04-18 17:02 - 00000000 ____D () C:\Users\Administrator.TERESAS.000
2015-04-18 16:57 - 2015-04-23 00:45 - 00000168 _____ () C:\Windows\setupact.log
2015-04-18 16:57 - 2015-04-18 16:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-18 16:55 - 2015-04-23 01:01 - 00000000 ____D () C:\Users\TEMP.TERESAS.001
2015-04-18 16:55 - 2015-04-18 16:55 - 00000258 __RSH () C:\Users\Administrator.TERESAS\ntuser.pol
2015-04-18 16:55 - 2015-04-18 16:55 - 00000000 ____D () C:\Users\Administrator.TERESAS
2015-04-18 16:55 - 2012-09-21 08:03 - 00000000 ____D () C:\Users\TEMP.TERESAS.001\AppData\Roaming\TuneUp Software
2015-04-18 16:55 - 2012-09-21 08:03 - 00000000 ____D () C:\Users\Administrator.TERESAS\AppData\Roaming\TuneUp Software
2015-04-18 16:55 - 2012-09-13 18:10 - 00000000 ____D () C:\Users\TEMP.TERESAS.001\AppData\Roaming\Macromedia
2015-04-18 16:55 - 2012-09-13 18:10 - 00000000 ____D () C:\Users\Administrator.TERESAS\AppData\Roaming\Macromedia
2015-04-18 16:55 - 2011-10-02 03:00 - 00000000 ____D () C:\Users\TEMP.TERESAS.001\AppData\Local\Microsoft Help
2015-04-18 16:55 - 2011-10-02 03:00 - 00000000 ____D () C:\Users\Administrator.TERESAS\AppData\Local\Microsoft Help
2015-04-18 16:55 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\TEMP.TERESAS.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-18 16:55 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Administrator.TERESAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-18 16:55 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\TEMP.TERESAS.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-18 16:55 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Administrator.TERESAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-16 18:14 - 2015-04-25 19:18 - 00000179 _____ () C:\Users\Teresa's Laptop\Desktop\fax.com cancel.txt
2015-04-15 23:17 - 2015-04-15 23:17 - 00002035 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-04-15 23:16 - 2015-04-15 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-04-15 23:13 - 2015-04-15 23:16 - 00000000 ____D () C:\Program Files (x86)\HRBlock2014
2015-04-15 23:10 - 2015-04-15 23:10 - 51834280 _____ (HRB Technology, LLC.) C:\Users\Teresa's Laptop\Downloads\HRBlock_Premium+Efile+State.exe
2015-04-15 03:47 - 2015-04-15 03:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-14 22:44 - 2015-03-24 20:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 22:44 - 2015-03-24 20:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 22:44 - 2015-03-24 20:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 22:44 - 2015-03-24 20:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 22:44 - 2015-03-24 20:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 22:44 - 2015-03-24 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 22:44 - 2015-03-24 20:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 22:44 - 2015-03-24 20:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 22:44 - 2015-03-24 20:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 22:44 - 2015-03-24 20:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 22:44 - 2015-03-24 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 22:44 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 22:44 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 22:44 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 22:44 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 22:44 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 22:44 - 2015-03-22 20:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 22:44 - 2015-03-22 20:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 22:44 - 2015-03-22 20:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 22:44 - 2015-03-22 20:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 22:44 - 2015-03-22 20:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 22:44 - 2015-03-22 20:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 22:44 - 2015-03-22 20:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 22:44 - 2015-03-22 20:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 22:43 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 22:43 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 22:43 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 22:43 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 22:43 - 2015-03-04 22:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 22:43 - 2015-03-04 21:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 22:42 - 2015-03-16 22:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 22:42 - 2015-03-16 22:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 22:42 - 2015-03-16 22:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 22:42 - 2015-03-16 22:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 22:42 - 2015-03-16 22:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 22:42 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 22:42 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 22:42 - 2015-03-16 21:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 22:41 - 2015-03-16 22:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 22:41 - 2015-03-16 22:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 22:41 - 2015-03-16 22:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 22:41 - 2015-03-16 22:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 22:41 - 2015-03-16 22:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 22:41 - 2015-03-16 22:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 22:41 - 2015-03-16 22:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 22:41 - 2015-03-16 22:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 22:41 - 2015-03-16 22:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 22:41 - 2015-03-16 22:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 22:41 - 2015-03-16 22:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 22:41 - 2015-03-16 22:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 22:41 - 2015-03-16 22:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 22:41 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 22:41 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 22:41 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 22:41 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 22:41 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 22:41 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 22:41 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 22:41 - 2015-03-16 21:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 22:41 - 2015-03-16 21:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 22:41 - 2015-03-16 21:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 22:41 - 2015-03-16 21:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 22:41 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 22:41 - 2015-03-16 21:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 22:41 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 22:41 - 2015-03-16 21:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 22:41 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 22:41 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 22:41 - 2015-03-16 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 22:41 - 2015-03-16 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 22:41 - 2015-03-16 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 22:41 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 22:40 - 2015-04-01 17:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 22:40 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 22:40 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 22:40 - 2015-03-12 21:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 22:40 - 2015-03-12 21:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 22:40 - 2015-03-12 21:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 22:40 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 22:40 - 2015-03-12 21:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 22:40 - 2015-03-12 21:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 22:40 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 22:40 - 2015-03-12 21:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 22:40 - 2015-03-12 21:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 22:40 - 2015-03-12 20:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 22:40 - 2015-03-12 20:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 22:40 - 2015-03-12 20:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 22:40 - 2015-03-12 20:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 22:40 - 2015-03-12 20:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 22:40 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 22:40 - 2015-03-12 20:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 22:40 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 22:40 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 22:40 - 2015-03-12 20:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 22:40 - 2015-03-12 20:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 22:40 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 22:40 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 22:40 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 22:40 - 2015-03-12 20:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 22:40 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 22:40 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 22:40 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 22:40 - 2015-03-12 20:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 22:40 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 22:40 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 22:40 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 22:40 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 22:40 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 22:40 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 22:40 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 22:40 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 22:40 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 22:40 - 2015-03-12 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 22:40 - 2015-03-12 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 22:40 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 22:40 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 22:40 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 22:40 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 22:40 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 22:40 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 22:40 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 22:40 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 22:40 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 22:40 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 22:40 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 22:40 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 22:40 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 22:40 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 22:40 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 22:40 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 22:39 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 22:39 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 22:39 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-08 03:02 - 2015-04-08 03:03 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-08 03:02 - 2015-04-08 03:02 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-07 20:16 - 2015-04-07 20:17 - 00000000 ____D () C:\Users\Administrator
2015-04-07 20:01 - 2015-04-07 20:01 - 00000000 ____D () C:\Users\TEMP.TERESAS.000
2015-04-07 19:57 - 2015-04-07 19:57 - 00000000 ____D () C:\AVAST Software
2015-04-07 19:20 - 2010-11-20 20:23 - 00345088 _____ (Microsoft Corporation) C:\sethc.exe
2015-04-07 18:25 - 2015-04-07 18:25 - 00000000 ____D () C:\Users\Theo
2015-03-31 18:40 - 2015-03-31 18:40 - 00000000 ____D () C:\Users\TEMP.TERESAS
2015-03-29 18:58 - 2015-03-29 18:58 - 00000000 ____D () C:\Users\TEMP

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-28 17:33 - 2014-05-08 00:11 - 00000000 ____D () C:\FRST
2015-04-28 17:10 - 2014-11-16 17:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002017f14014e.job
2015-04-28 17:05 - 2014-06-22 17:31 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-28 16:16 - 2014-11-11 15:55 - 01208790 _____ () C:\Windows\WindowsUpdate.log
2015-04-28 16:14 - 2014-11-11 15:12 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-28 16:12 - 2014-06-10 14:49 - 00000000 ____D () C:\Users\Teresa's Laptop\AppData\Local\CrashDumps
2015-04-28 16:10 - 2014-11-16 17:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job
2015-04-28 16:07 - 2014-06-22 16:48 - 00000000 ____D () C:\Users\Teresa's Laptop\Desktop\RK_Quarantine
2015-04-28 16:06 - 2015-03-24 15:47 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-28 16:05 - 2014-04-25 09:38 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-28 16:05 - 2014-01-06 20:20 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-28 16:05 - 2014-01-06 20:20 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-28 16:05 - 2014-01-06 20:20 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-28 16:05 - 2014-01-06 20:20 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-28 16:05 - 2014-01-06 20:20 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-28 16:05 - 2014-01-06 20:20 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-28 16:05 - 2014-01-06 20:20 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-28 15:59 - 2009-07-13 22:13 - 00830158 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 19:18 - 2014-12-24 01:37 - 00000016 _____ () C:\Users\Teresa's Laptop\Desktop\fax.com to cancel immediately.txt
2015-04-25 18:31 - 2009-07-13 21:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-25 18:31 - 2009-07-13 21:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-25 18:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-23 01:00 - 2014-04-26 02:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-23 00:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-04-23 00:46 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 00:45 - 2014-06-25 13:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-19 00:16 - 2014-09-02 14:12 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-19 00:07 - 2009-07-13 21:45 - 05347448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-18 16:31 - 2014-08-13 21:40 - 00000788 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-18 16:31 - 2012-01-19 17:08 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-16 18:47 - 2014-08-02 03:20 - 00000000 ____D () C:\Users\Teresa's Laptop\AppData\Roaming\PrimoPDF
2015-04-16 17:37 - 2011-08-23 23:12 - 00000000 ____D () C:\Users\Teresa's Laptop\Documents\Receipts
2015-04-15 23:31 - 2014-09-02 15:46 - 00000000 ____D () C:\Users\Teresa's Laptop\Documents\HRBlock
2015-04-15 23:31 - 2011-08-22 15:18 - 00000000 ____D () C:\Users\Teresa's Laptop\Documents\Taxes
2015-04-15 23:19 - 2013-11-02 14:05 - 00129200 _____ () C:\Users\Teresa's Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 23:17 - 2011-08-22 15:17 - 00000000 ____D () C:\Users\Teresa's Laptop\AppData\Roaming\TaxCut
2015-04-15 23:10 - 2011-08-22 15:16 - 00000000 ____D () C:\ProgramData\TaxCut
2015-04-15 04:12 - 2014-12-10 04:35 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 04:12 - 2014-05-06 01:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 04:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 03:56 - 2011-07-22 16:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:54 - 2011-09-28 21:16 - 00822772 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:47 - 2012-10-03 15:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 03:47 - 2012-10-03 15:23 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 03:45 - 2013-09-24 14:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:37 - 2011-06-29 18:47 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 03:37 - 2009-07-13 19:34 - 00000513 _____ () C:\Windows\win.ini
2015-04-07 20:47 - 2009-07-13 19:34 - 38535168 _____ () C:\Windows\system32\config\system.bak
2015-04-07 19:55 - 2011-07-25 17:44 - 00000000 ____D () C:\Program Files (x86)\Real

==================== Files in the root of some directories =======

2013-12-09 12:38 - 2013-12-09 12:38 - 49940480 _____ () C:\Program Files (x86)\GUTEF82.tmp
2015-01-12 12:07 - 2015-01-12 12:07 - 0027122 _____ () C:\Program Files (x86)\uninstal.log
2012-10-29 13:20 - 2013-09-23 16:37 - 0007612 _____ () C:\Users\Teresa's Laptop\AppData\Local\Resmon.ResmonCfg
2013-12-24 02:05 - 2013-12-24 02:05 - 0045664 _____ () C:\ProgramData\1387875926.bdinstall.bin
2013-12-24 02:08 - 2013-12-24 02:08 - 0002061 _____ () C:\ProgramData\1387876122.1144.bin
2013-12-24 02:08 - 2013-12-24 02:08 - 0041818 _____ () C:\ProgramData\1387876122.1776.bin
2013-12-24 02:15 - 2013-12-24 02:15 - 0248483 _____ () C:\ProgramData\1387876314.bdinstall.bin
2013-12-24 03:08 - 2013-12-24 03:08 - 0037627 _____ () C:\ProgramData\1387879735.bdinstall.bin
2013-12-24 03:09 - 2013-12-24 03:09 - 0025670 _____ () C:\ProgramData\1387879738.1264.bin
2013-12-24 03:09 - 2013-12-24 03:09 - 0011558 _____ () C:\ProgramData\1387879738.2168.bin
2013-12-24 03:08 - 2013-12-24 03:09 - 0003256 _____ () C:\ProgramData\1387879738.640.bin
2013-12-24 03:08 - 2013-12-24 03:21 - 0039923 _____ () C:\ProgramData\1387879738.708.bin
2013-12-24 03:08 - 2013-12-24 03:21 - 0003416 _____ () C:\ProgramData\1387879738.912.bin
2013-12-24 03:40 - 2013-12-24 03:40 - 0246232 _____ () C:\ProgramData\1387881457.bdinstall.bin
2014-01-06 19:39 - 2014-01-06 19:39 - 0037825 _____ () C:\ProgramData\1389062389.bdinstall.bin
2014-01-06 19:49 - 2014-01-06 19:49 - 0097420 _____ () C:\ProgramData\1389062394.bdinstall.bin
2014-02-16 22:42 - 2014-02-16 22:42 - 0045691 _____ () C:\ProgramData\1392615690.bdinstall.bin
2014-02-16 22:44 - 2014-02-16 22:44 - 0046037 _____ () C:\ProgramData\1392615814.bdinstall.bin
2014-02-16 22:45 - 2014-02-16 22:45 - 0046038 _____ () C:\ProgramData\1392615890.bdinstall.bin
2014-03-08 17:16 - 2014-03-08 17:16 - 0002080 _____ () C:\ProgramData\1394324184.1144.bin
2014-03-08 17:16 - 2014-03-08 17:16 - 0000335 _____ () C:\ProgramData\1394324184.2556.bin
2014-03-08 17:16 - 2014-03-08 17:16 - 0040880 _____ () C:\ProgramData\1394324184.5780.bin
2012-02-07 18:18 - 2012-05-31 16:36 - 0023266 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Teresa's Laptop\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {b70dbd17-98d4-11e0-aa4b-14feb59e107b}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {b70dbd1b-98d4-11e0-aa4b-14feb59e107b}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {b70dbd17-98d4-11e0-aa4b-14feb59e107b}
nx OptIn
usefirmwarepcisettings No

Windows Boot Loader
-------------------
identifier {b70dbd1b-98d4-11e0-aa4b-14feb59e107b}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{b70dbd1c-98d4-11e0-aa4b-14feb59e107b}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{b70dbd1c-98d4-11e0-aa4b-14feb59e107b}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {b70dbd17-98d4-11e0-aa4b-14feb59e107b}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {b70dbd1c-98d4-11e0-aa4b-14feb59e107b}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by Teresa's Laptop at 2015-04-28 17:33:48
Running from C:\Users\Teresa's Laptop\Desktop\Computer Cleaning Tools\Cleaning Programs
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3797571617-2345687493-384676197-500 - Administrator - Enabled)
Guest (S-1-5-21-3797571617-2345687493-384676197-501 - Limited - Disabled)
Teresa's Laptop (S-1-5-21-3797571617-2345687493-384676197-1002 - Administrator - Enabled) => C:\Users\Teresa's Laptop
UpdatusUser (S-1-5-21-3797571617-2345687493-384676197-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1 Moment of Time - Silentville (HKLM-x32\...\76bb0c5f123df111854d819e602a0672) (Version: - GameHouse)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7 Roses - A Darkness Rises (HKLM-x32\...\0151dde2ba9f10c1696d65886214c3b9) (Version: - GameHouse)
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
A Gypsy's Tale - The Tower of Secrets (HKLM-x32\...\am-agypsystalethetowerofsecrets) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Alex Hunter - Lord of the Mind Platinum Edition (HKLM-x32\...\6be58c3ab163588dfb4128f4c309e8fe) (Version: - GameHouse)
Amazing Adventures Riddle of the Two Knights(TM) (HKLM-x32\...\am-amazingadventuresriddleofthetwoknightstm) (Version: - )
Ancient Secrets (HKLM-x32\...\1593835cce3d171de60d548bab02d4ce) (Version: - GameHouse)
APKF 1.8.1 (HKLM-x32\...\APKF_is1) (Version: - Nsasoft LLC.)
Apothecarium & Sister's Secrecy Bundle (HKLM-x32\...\5e70c28901a9c0edcd166b04cb7ccccc) (Version: - GameHouse)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Arizona Rose and the Pirates' Riddles (HKLM-x32\...\am-arizonaroseandthepiratesriddles) (Version: - )
Around the World in 80 Days (HKLM-x32\...\am-aroundtheworldin80days) (Version: - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Azkend 2 - The World Beneath (HKLM-x32\...\am-azkend2theworldbeneath) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Brink of Consciousness - Dorian Gray Syndrome (HKLM-x32\...\am-brinkofconsciousnessdoriangraysyndrome) (Version: - )
Campfire Legends - The Babysitter (HKLM-x32\...\am-campfirelegendsthebabysitter) (Version: - )
Caveman Physics (HKLM-x32\...\am-cavemanphysics) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Celtic Lore - Sidhe Hills (HKLM-x32\...\am-celticloresidhehills) (Version: - )
Chronicle Keepers - The Dreaming Garden (HKLM-x32\...\75fa100d12b40a256ec7fdbb104b786a) (Version: - GameHouse)
COMODO Firewall (HKLM\...\{A0BABADE-E154-4F08-97A1-2903CD110E88}) (Version: 6.2.20728.2847 - COMODO Security Solutions Inc.)
Criminal Minds (HKLM-x32\...\am-criminalminds) (Version: - )
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
Dark Romance - Vampire in Love Platinum Edition (HKLM-x32\...\769dd07073f57b0130eb9521878804bf) (Version: - GameHouse)
Dark Sisterhood - The Initiation (HKLM-x32\...\167031fa2b48acbc75a43484e6a2c878) (Version: - GameHouse)
Dark Strokes - Sins of the Fathers (HKLM-x32\...\am-darkstrokessinsofthefathers) (Version: - )
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Demon Hunter 2 - A New Chapter Platinum Edition (HKLM-x32\...\de6c05bbf80d33df86473fd2e05be277) (Version: - GameHouse)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Doctor Who, Episode 5 - The Gunpowder Plot (HKLM-x32\...\am-doctorwhoepisode5thegunpowderplot) (Version: - )
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
Dracula - Love Kills (HKLM-x32\...\am-draculalovekills) (Version: - )
Dragon Keeper (HKLM-x32\...\am-dragonkeeper) (Version: - )
Dragon Keeper 2 (HKLM-x32\...\am-dragonkeeper2) (Version: - )
DragonStone (HKLM-x32\...\am-dragonstone) (Version: - )
Dream Chronicles(R) - The Book of Water(TM) (HKLM-x32\...\am-dreamchroniclesrthebookofwatertm) (Version: - )
Dream Mysteries - Case of the Red Fox (HKLM-x32\...\am-dreammysteriescaseoftheredfox) (Version: - )
Dreamland Extended Edition (HKLM-x32\...\am-dreamlandextendededition) (Version: - )
Echoes of Sorrow 2 (HKLM-x32\...\a7dee3827e44ee815edf3b5436fee84c) (Version: - GameHouse)
Empress of the Deep 2 - Song of the Blue Whale (HKLM-x32\...\am-empressofthedeep2songofthebluewhale) (Version: - )
Entwined - Strings of Deception (HKLM-x32\...\am-entwinedstringsofdeception) (Version: - )
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM-x32\...\{4A5404DC-D8A5-455E-96D0-9F142DAACAE7}) (Version: 1.14.0000 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Esoterica - Hollow Earth (HKLM-x32\...\d1d2c0e8210eac5d61c5f43359ed893d) (Version: - GameHouse)
Exorcist 2 (HKLM-x32\...\am-exorcist2) (Version: - )
Fairy Godmother Tycoon (HKLM-x32\...\am-fairygodmothertycoon) (Version: - )
Fall of the New Age Platinum Edition (HKLM-x32\...\e36f6da53e0e09365fbba55852297c84) (Version: - GameHouse)
FedEx Office Printer (HKLM-x32\...\{5B9AC19C-8519-43A1-9578-49CDA1366E66}) (Version: 1.0.010 - FedEx Office)
Feeding Frenzy (HKLM-x32\...\am-feedingfrenzy) (Version: - )
Fiction Fixers - The Curse of Oz (HKLM-x32\...\am-fictionfixersthecurseofoz) (Version: - )
Fill and Cross Pirate Riddles 2 (HKLM-x32\...\c7aa2b48eeff381703f42eb9fdb1f427) (Version: - GameHouse)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Free Desktop Timer 1.2 (HKLM-x32\...\Free Desktop Timer_is1) (Version: - Drive Software Company)
GameHouse Solitaire Challenge (HKLM-x32\...\amg-gamehousesolitairechallenge) (Version: - )
GeekBuddy (HKLM-x32\...\{741FC38C-2797-4AC1-AD63-4B65F9CA8B20}) (Version: 4.9.73 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Graven - The Purple Moon Prophecy (HKLM-x32\...\58db15ca4f0151125871bd314c3ab4f1) (Version: - GameHouse)
Green Moon (HKLM-x32\...\am-greenmoon) (Version: - )
H&R Block California 2009 (HKLM-x32\...\{F4898C08-90A2-431C-BCE5-87866531D05B}) (Version: 1.09.3601 - HRB Technology, LLC.)
H&R Block California 2010 (HKLM-x32\...\{9FBDF580-E37F-4DEE-8F2E-75A8E8716AAD}) (Version: 1.10.4801 - HRB Technology, LLC.)
H&R Block California 2011 (HKLM-x32\...\{10894714-E82E-4371-9CF7-F58E352C76EA}) (Version: 1.11.5001 - HRB Technology, LLC.)
H&R Block California 2012 (HKLM-x32\...\{E040F1EC-82A9-4950-AAFE-55762AB59590}) (Version: 1.12.7501 - HRB Technology, LLC.)
H&R Block California 2013 (HKLM-x32\...\{FA9B4B45-B7F0-47A4-894B-19BBF8829FE2}) (Version: 1.13.6901 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2009 (HKLM-x32\...\{53A19323-917A-4822-B27E-A57D1EF6E9FC}) (Version: 09.04.7101 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.7601 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2010 (HKLM-x32\...\{529A52D1-5521-436B-83AB-1322780DCDAD}) (Version: 10.06.6402 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2014 (HKLM-x32\...\{CDB1D329-A168-427D-837C-2075CDD3DC62}) (Version: 14.07.7401 - HRB Technology, LLC.)
Haunted Past - Realm of Ghosts (HKLM-x32\...\am-hauntedpastrealmofghosts) (Version: - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Hellas 3 - Athens (HKLM-x32\...\am-heroesofhellas3athens) (Version: - gamehouse)
Hidden Magic (HKLM-x32\...\am-hiddenmagic) (Version: - )
Hidden Object 5 in 1 Bundle (HKLM-x32\...\c7844ffd5e74b2a4c65e29d87f8da8fb) (Version: - GameHouse)
Hide & Secret - The Lost World (HKLM-x32\...\am-hidesecretthelostworld) (Version: - )
Hide & Secret (HKLM-x32\...\am-hidesecret) (Version: - )
Hide & Secret 3 - Pharaoh's Quest (HKLM-x32\...\am-hidesecret3pharaohsquest) (Version: - )
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Hotel (HKLM-x32\...\87d02ebdbd8adab2557c70d4ef6cc141) (Version: - GameHouse)
House of 1,000 Doors - Family Secrets (HKLM-x32\...\am-houseof1000doorsfamilysecrets) (Version: - )
House of 1,000 Doors - The Palm of Zoroaster (HKLM-x32\...\am-houseof1000doorsthepalmofzoroaster) (Version: - )
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
Hypnosis (HKLM-x32\...\835c2c58dcfcf5eb426cdbb86e165fc3) (Version: - GameHouse)
Imperial Island - Birth of an Empire (HKLM-x32\...\afc21a17d31830fcf6e56c0e0723ed3b) (Version: - GameHouse)
Infected - The Twin Vaccine (HKLM-x32\...\am-infectedthetwinvaccine) (Version: - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Into the Haze (HKLM-x32\...\4377fcbfca1a6fc49948b811cc5f62b7) (Version: - GameHouse)
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Jewel Quest 3 (HKLM-x32\...\am-jewelquest3) (Version: - )
Jewels of the East India Company (HKLM-x32\...\am-jewelsoftheeastindiacompany) (Version: - )
Journey - The Heart of Gaia (HKLM-x32\...\98e1a1798ebbe1569b549f41f41c0136) (Version: - GameHouse)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Left in the Dark - No One on Board (HKLM-x32\...\c2ca6193e07d5201a7ef513ccfd56b12) (Version: - GameHouse)
Legacy - Witch Island (HKLM-x32\...\35c474105074ec9fac693c2767f65a38) (Version: - GameHouse)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Lost Lands - Dark Overlord Platinum Edition (HKLM-x32\...\9b264bb29bdb57d30fcff344d51d815b) (Version: - GameHouse)
Lost Souls - Enchanted Paintings (HKLM-x32\...\am-lostsoulsenchantedpaintings) (Version: - )
Lost Souls - Timeless Fables (HKLM-x32\...\e83dbe408ad2a2a678732ca428972f7f) (Version: - GameHouse)
Lost Souls - Timeless Fables Platinum Edition (HKLM-x32\...\5f075e8c1f096bdbb70ed3002ae377c1) (Version: - GameHouse)
LUXOR 5th Passage (HKLM-x32\...\am-luxor5thpassage) (Version: - )
Margrave - The Curse of the Severed Heart (HKLM-x32\...\am-margravethecurseoftheseveredheart) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mind Snares - Alice's Journey (HKLM-x32\...\2baf5d7d5a25ff4f2da3a5898f415fbb) (Version: - GameHouse)
Mortimer Beckett and the Crimson Thief (HKLM-x32\...\am-mortimerbeckettandthecrimsonthief) (Version: - )
Mountain Crime - Requital (HKLM-x32\...\am-mountaincrimerequital) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mysteries and Nightmares - Morgiana (HKLM-x32\...\9bcbef2f42968eacc864d1c27120d7b3) (Version: - GameHouse)
Mysteries of Neverville - The Runestone of Light (HKLM-x32\...\161f33e3a36069962019db9720926803) (Version: - GameHouse)
Mystery Valley Extended Edition (HKLM-x32\...\am-mysteryvalleyextendededition) (Version: - )
Namariel Legends - Iron Lord (HKLM-x32\...\d4709f0b9185bf5c99e51eada9f90dc5) (Version: - GameHouse)
Nancy Drew(R) - Phantom of Venice (HKLM-x32\...\am-nancydrewrphantomofvenice) (Version: - )
Nancy Drew(R) - Secrets Can Kill (HKLM-x32\...\am-nancydrewrsecretscankill) (Version: - )
Nancy Drew(R) - Shadow at the Water's Edge (HKLM-x32\...\c0e87eb48b6604512534d61f404fe5ca) (Version: - GameHouse)
Nancy Drew(R) - Trail of the Twister (HKLM-x32\...\am-nancydrewrtrailofthetwister) (Version: - )
Nancy Drew(R) - Warnings at Waverly Academy (HKLM-x32\...\am-nancydrewrwarningsatwaverlyacademy) (Version: - )
Nearwood - Platinum Edition (HKLM-x32\...\8a90126eb3d5532165c12e49c32be2c4) (Version: - GameHouse)
NETGEAR A6100 Genie (HKLM-x32\...\InstallShield_{15D27BA3-6CCD-4848-8925-07EF083492AD}) (Version: 1.0.0.13 - NETGEAR)
NETGEAR A6100 Genie (x32 Version: 1.0.0.13 - NETGEAR) Hidden
Nightfall Mysteries Double Pack (HKLM-x32\...\am-nightfallmysteriesdoublepack) (Version: - )
Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
Oddly Enough - Pied Piper (HKLM-x32\...\am-oddlyenoughpiedpiper) (Version: - )
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OnTopReplica (HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\OnTopReplica) (Version: 3.3.1.0 - Lorenz Cuno Klopfenstein)
Origins - Elders of Time Platinum Edition (HKLM-x32\...\752de7da65dcc156809f9124c8638e8d) (Version: - GameHouse)
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.2.0000 - Jasc Software Inc)
Paranormal State - Poison Spring (HKLM-x32\...\8ce99105cdc037737b5e400f00823efc) (Version: - GameHouse)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pirate Mysteries - A Tale of Monkeys (HKLM-x32\...\am-piratemysteriesataleofmonkeys) (Version: - )
Plants vs. Zombies(TM) (HKLM-x32\...\am-plantsvszombiestm) (Version: - )
Portal of Evil - Stolen Runes Platinum Edition (HKLM-x32\...\727c8d316900aaa68559400945a0228a) (Version: - GameHouse)
Portal of Evil - Stolen Runes Platinum Edition (HKLM-x32\...\ace933cc383aea1f6707a1cf34be5b1d) (Version: - GameHouse)
PowerMenu 1.51 (HKLM-x32\...\PowerMenu) (Version: 1.51 - Thong Nguyen)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Princess Isabella - A Witch's Curse (HKLM-x32\...\am-princessisabellaawitchscurse) (Version: - )
Princess Isabella - Return of the Curse (HKLM-x32\...\am-princessisabellareturnofthecurse) (Version: - )
Psycho Train (HKLM-x32\...\d20d655161af3a790c318338eaa4c97c) (Version: - GameHouse)
Queen's Quest - Tower of Darkness (HKLM-x32\...\1179eb54a09cdd4754545e54cd8ac85f) (Version: - GameHouse)
Questerium - Sinister Trinity (HKLM-x32\...\d55516a6a882b59ab44d977dc9d731c9) (Version: - GameHouse)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RehearScore (HKLM-x32\...\RehearScore) (Version: - )
Revenge of the Spirit - Rite of Resurrection (HKLM-x32\...\am-revengeofthespiritriteofresurrection) (Version: - )
Riddles of the Past (HKLM-x32\...\60158577dff1648bd1b7caf0b14257de) (Version: - GameHouse)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Romance of Rome (HKLM-x32\...\6130f8ce920a3dc637ec70968a293e9d) (Version: - GameHouse)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Royal Envoy 2 (HKLM-x32\...\am-royalenvoy2) (Version: - )
R-Studio 5.4 (HKLM-x32\...\R-Studio 5.4NSIS) (Version: 5.4.134130 - R-Tools Technology Inc.)
Sacra Terra - Angelic Night (HKLM-x32\...\am-sacraterraangelicnight) (Version: - )
Sacra Terra - Angelic Night Platinum Edition (HKLM-x32\...\am-sacraterraangelicnightplatinumedition) (Version: - )
Sacra Terra - House of 1,000 Doors Platinum Bundle (HKLM-x32\...\6ecf0f0586202c8cd3200b6c3a29f8b8) (Version: - GameHouse)
Saqqarah (HKLM-x32\...\am-saqqarah) (Version: - )
Search Protection (HKU\S-1-5-21-3797571617-2345687493-384676197-1002\...\Search Protection) (Version: 10.6.0.1 - Spigot, Inc.) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sherlock Holmes and The Hound of The Baskervilles (HKLM-x32\...\am-sherlockholmesandthehoundofthebaskervilles) (Version: - )
Sherlock Holmes and the Mystery of the Persian Carpet (HKLM-x32\...\am-sherlockholmesandthemysteryofthepersiancarpet) (Version: - )
Sister's Secrecy - Arcanum Bloodlines Premium Edition (HKLM-x32\...\am-sisterssecrecyarcanumbloodlinespremiumedition) (Version: - )
SKIP-BO Castaway Caper(TM) (HKLM-x32\...\am-skipbocastawaycapertm) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Slingo Quest Amazon (HKLM-x32\...\am-slingoquestamazon) (Version: - )
Snark Busters - High Society (HKLM-x32\...\am-snarkbustershighsociety) (Version: - )
Snark Busters 2 - All Revved Up (HKLM-x32\...\am-snarkbusters2allrevvedup) (Version: - )
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Space Legends - At the Edge of the Universe (HKLM-x32\...\bc1a5ce90cdecc0fbf435f20b2fe5407) (Version: - GameHouse)
Spirit Walkers - Curse of the Cypress Witch (HKLM-x32\...\am-spiritwalkerscurseofthecypresswitch) (Version: - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Suburban Mysteries - The Labyrinth of the Past (HKLM-x32\...\am-suburbanmysteriesthelabyrinthofthepast) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syberia - Kate Walker's Adventures (HKLM-x32\...\am-syberiakatewalkersadventures) (Version: - )
Syberia 2 - Kate Walker's Adventure Continues (HKLM-x32\...\am-syberia2katewalkersadventurecontinues) (Version: - )
Tales From The Dragon Mountain - The Strix (HKLM-x32\...\8adc348cb23a5a28aac774e079515f4b) (Version: - GameHouse)
Tales of Lagoona 2 - Peril at Poseidon Park (HKLM-x32\...\e5ca5ffe79cf7db4021e9324dc6e4d42) (Version: - GameHouse)
TaxCut California 2007 (HKLM-x32\...\{5FF4A578-4588-4ACF-8317-7191FC45F3E1}) (Version: 1.07.6601 - H&R Block Digital Tax Solutions LLC.)
TaxCut Premium 2007 (HKLM-x32\...\{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}) (Version: 07.03.0000 - H & R Block)
Temple of Life - The Legend of Four Elements (HKLM-x32\...\am-templeoflifethelegendoffourelements) (Version: - )
Temple of Life - The Legend of Four Elements Platinum Edition (HKLM-x32\...\b827c4d2c9e4a90a0169c252694d9200) (Version: - GameHouse)
The Book of Desires (HKLM-x32\...\am-thebookofdesires) (Version: - )
The Fog (HKLM-x32\...\3cfdc0cf55dbf8b5527b367f75816f46) (Version: - GameHouse)
The Gift (HKLM-x32\...\am-thegift) (Version: - gamehouse)
The Others (HKLM-x32\...\6224652de70f36a3a2aaed2f3a267969) (Version: - GameHouse)
The Surprising Adventures of Munchausen(TM) (HKLM-x32\...\4614e7bd103689992587ac7bb19048ab) (Version: - GameHouse)
The Treasures of Montezuma 3 (HKLM-x32\...\am-thetreasuresofmontezuma3) (Version: - )
The Worlds' Legends - Kashchey The Immortal (HKLM-x32\...\am-theworldslegendskashcheytheimmortal) (Version: - )
Transcribe! 8.21 (HKLM-x32\...\Transcribe!_is1) (Version: 8.21 - Seventh String Software)
Twisted Lands - Insomniac (HKLM-x32\...\am-twistedlandsinsomniac) (Version: - )
Twisted Lands - Insomniac Platinum Edition (HKLM-x32\...\665fb76b1ae1cb8fbd5affdef4d9c75a) (Version: - GameHouse)
Twisted Lands - Origin (HKLM-x32\...\am-twistedlandsorigin) (Version: - )
Twisted Lands - Shadow Town (HKLM-x32\...\am-twistedlandsshadowtown) (Version: - )
Typer Shark Deluxe (HKLM-x32\...\a9621caff77c46b78dc2a0047b2e57d6) (Version: - GameHouse)
Unsolved Mystery Club® - Ancient Astronauts® Platinum Edition (HKLM-x32\...\255c1bba88fb6ecb1290390e35a9f53e) (Version: - GameHouse)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSDC Free Video Editor version 2.1.9.227 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.9.227 - Flash-Integro LLC)
Warlock - The Curse of the Shaman (HKLM-x32\...\56ab7424e3dd1940ed4b6fdcd410804d) (Version: - GameHouse)
Web BRAdmin (HKLM-x32\...\{C221F359-D738-4D58-8419-B7DD51C5E6DC}) (Version: 1.60.0001 - Brother)
Weird Park - Broken Tune (HKLM-x32\...\d7d582ded28f5a1123e0015e395d1a17) (Version: - GameHouse)
Weird Park - Scary Tales (HKLM-x32\...\a2e464c2511b2e9de52e7b41dbc19694) (Version: - GameHouse)
Weird Park - The Final Show (HKLM-x32\...\6fd86948eb7dc0973edf679ef604f9c9) (Version: - GameHouse)
Where Angels Cry (HKLM-x32\...\am-whereangelscry) (Version: - gamehouse)
Whispered Stories - Sandman (HKLM-x32\...\am-whisperedstoriessandman) (Version: - )
Whispers (HKLM-x32\...\am-whispers) (Version: - )
White Haven Mysteries (HKLM-x32\...\am-whitehavenmysteries) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Witch's Pranks Platinum Edition (HKLM-x32\...\7dd9501ac1a5a69b1b9128e6d58a9c17) (Version: - GameHouse)
Wondershare Video Editor(Build 4.6.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
World Riddles - Animals (HKLM-x32\...\am-worldriddlesanimals) (Version: - )
World Riddles - Secrets of the Ages (HKLM-x32\...\am-worldriddlessecretsoftheages) (Version: - )
Youda Mystery - The Stanwick Legacy (HKLM-x32\...\am-youdamysterythestanwicklegacy) (Version: - )
Zuma Deluxe (HKLM-x32\...\amg-zumadeluxe) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-04-23 01:07 - 00450688 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0142BE20-2D70-455F-8F74-D81863DCD0DB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {038D2521-6A79-4481-B1A1-AD34BEDDA3A2} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3797571617-2345687493-384676197-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {0B96495E-0BA0-4912-8180-F2128FE301EF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797571617-2345687493-384676197-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {153BA951-0E5B-4A9E-B766-49CFEEE285FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4208E9A5-4405-4FA2-BF35-3F1994DEAA48} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797571617-2345687493-384676197-500 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {46E4FA16-2532-46B6-BE1F-6DA85A70E036} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {51D2894C-BF91-4D7B-9FD3-768694CDFDE6} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3797571617-2345687493-384676197-500 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {72C5DA4C-A661-496C-8AA8-2F34159F9B29} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-28] (Avast Software s.r.o.)
Task: {768D5E8A-9932-4E67-8C0B-68DF8E305EA2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {80E9BF56-1767-4457-B9E9-9D9BEAA2FE66} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {82EC6615-FCDF-44BD-8CFE-D7EEC40C97F9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {84C229F0-FE59-41FC-B59F-9795BDFDDC20} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B007C282-15F8-4E01-B826-F66BDDC6B294} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3797571617-2345687493-384676197-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {B0852DB8-75DD-41A3-8310-9831DE2F430B} - System32\Tasks\GoogleUpdateTaskMachineUA1d002017f14014e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {B379D8E0-592B-4432-B4AA-389544B46BB4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C8B68644-A0CF-405C-BE91-5515AB7C801E} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {C935EFE0-6F7F-4F5C-9318-ACF600FA4CB1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E0D0EF0D-DA3A-432A-BCD2-0AA57613D285} - System32\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {F4E2F8FE-DBAF-4834-AB7E-915C0CA1B43A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d002017eac8b6a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d002017f14014e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-23 15:49 - 2013-10-23 01:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-10 20:53 - 2010-11-10 20:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2014-08-02 03:18 - 2011-02-28 15:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2011-08-22 15:39 - 2013-08-26 05:12 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-10-26 23:59 - 2014-10-26 23:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 06:41 - 2014-10-30 06:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-01-16 17:15 - 2009-02-04 18:24 - 00081920 _____ () C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\wbaagent.exe
2014-01-16 17:15 - 2009-02-04 18:17 - 00081920 _____ () C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\agentrcv.exe
2014-01-16 17:15 - 2010-08-05 16:31 - 00069632 _____ () C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\wbatimer.exe
2014-10-30 17:04 - 2013-01-26 18:52 - 00623616 _____ () C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe
2014-10-29 20:06 - 2014-10-29 20:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-03-24 15:45 - 2015-03-24 15:45 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-24 15:45 - 2015-03-24 15:45 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-22 16:14 - 2015-04-22 16:14 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042202\algo.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2013-07-17 11:57 - 2013-07-17 11:57 - 00094208 _____ () C:\Program Files (x86)\NETGEAR\A6100\Realtek.dll
2012-11-06 09:47 - 2012-11-06 09:47 - 00114688 _____ () C:\Program Files (x86)\NETGEAR\A6100\EnumDevLib.dll
2014-04-26 02:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-04-26 02:42 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-04-26 02:42 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-04-26 02:42 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-04-26 02:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-24 15:45 - 2015-03-24 15:45 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-16 17:25 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-29 20:01 - 2014-10-29 20:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-03-18 11:48 - 2015-03-18 11:48 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-18 11:48 - 2015-03-18 11:48 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7870 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3797571617-2345687493-384676197-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Teresa's Laptop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: CLKMSVC10_9EC60124 => 2
MSCONFIG\Services: cmdAgent => 2
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: seclogon => 2
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: Updater Service for PDFLite Toolbar => 2
MSCONFIG\Services: WPCSvc => 3

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [TCP Query User{7539A4ED-0400-4BEB-B5F4-DA7DB5BEAA51}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{238F46C0-E2EF-4128-B04A-F50D755A398F}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{69395CD1-ACA1-4FFE-A622-C8F204B72348}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{D7263594-E787-4FDA-BB95-4B08083BAECC}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{32EA6008-B209-4191-96BB-62983A60AC7B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{994901E6-3465-4A6C-AB91-34F49174AC73}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{58211C0F-4425-45E5-B147-6C631E94FDF0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{68921F9C-14D1-4867-A772-352B2634BD80}] => (Allow) C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\discover.exe
FirewallRules: [{959B5202-353B-4DB1-AB8F-7CBF92B372C5}] => (Allow) C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\discover.exe
FirewallRules: [{FB646DF1-47AA-45B8-937E-2834839463B8}] => (Allow) C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\AuditorServer.exe
FirewallRules: [{B7BED84B-DDEA-4B04-BE6C-B5C719F66DA0}] => (Allow) C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\AuditorServer.exe
FirewallRules: [{0DE887F8-F503-43A7-B87F-7FF25C1B596B}] => (Allow) C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\wba.exe
FirewallRules: [{6855233D-8C1B-491A-9069-F33BA5B4A8FB}] => (Allow) C:\Program Files (x86)\Brother\Web BRAdmin\cgi-bin\wba.exe
FirewallRules: [{CE6104E8-96F4-4096-AA35-286195CE5DCD}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{2056CBF0-9928-4632-8821-9EE69F366C75}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{425C36B5-445A-41A8-BCE6-28771C00A2A2}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{8E70D352-3894-4F16-8E08-8A52D05A4A8B}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2015 04:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17728, time stamp: 0x55024724
Faulting module name: urlmon.dll, version: 11.0.9600.17728, time stamp: 0x55024876
Exception code: 0xc0000005
Fault offset: 0x00010d7c
Faulting process id: 0x19a8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (04/25/2015 06:24:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/25/2015 06:16:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2015 00:10:21 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost (4440) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Teresa's Laptop\AppData\Local\Microsoft\Windows\WebCache\V01000BC.log.

Error: (04/18/2015 05:02:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TERESAS)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

Error: (04/18/2015 05:02:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: TERESAS)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (04/18/2015 05:02:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\Administrator.TERESAS.000. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.

Error: (04/18/2015 05:01:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TERESAS)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

Error: (04/18/2015 05:01:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: TERESAS)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (04/18/2015 04:55:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TERESAS)
Description: Windows cannot load the user's profile but has logged you on with the default profile for the system.

DETAIL - Only part of a ReadProcessMemory or WriteProcessMemory request was completed.


System errors:
=============
Error: (04/23/2015 00:49:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/23/2015 00:48:48 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The RealPlayer Cloud Service service hung on starting.

Error: (04/23/2015 00:45:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:43:30 AM on ‎4/‎23/‎2015 was unexpected.

Error: (04/23/2015 00:42:28 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The RealPlayer Cloud Service service hung on starting.

Error: (04/23/2015 00:40:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/23/2015 00:40:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/23/2015 00:39:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:04:52 AM on ‎4/‎23/‎2015 was unexpected.

Error: (04/19/2015 00:09:15 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The RealPlayer Cloud Service service hung on starting.

Error: (04/19/2015 00:09:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/19/2015 00:08:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek8723AU service.


Microsoft Office Sessions:
=========================
Error: (04/28/2015 04:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1772855024724urlmon.dll11.0.9600.1772855024876c000000500010d7c19a801d082089fd2929fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dll00bab46a-edfc-11e4-a3ba-14feb59e107b

Error: (04/25/2015 06:24:33 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe

Error: (04/25/2015 06:16:18 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (04/19/2015 00:10:21 AM) (Source: ESENT) (EventID: 455) (User: )
Description: DllHost4440WebCacheLocal: C:\Users\Teresa's Laptop\AppData\Local\Microsoft\Windows\WebCache\V01000BC.log-1811

Error: (04/18/2015 05:02:04 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TERESAS)
Description: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

Error: (04/18/2015 05:02:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: TERESAS)
Description:

Error: (04/18/2015 05:02:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: C:\Users\Administrator.TERESAS.000The directory is not empty.

Error: (04/18/2015 05:01:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TERESAS)
Description: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.

Error: (04/18/2015 05:01:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: TERESAS)
Description:

Error: (04/18/2015 04:55:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: TERESAS)
Description: Only part of a ReadProcessMemory or WriteProcessMemory request was completed.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 37%
Total physical RAM: 8086.17 MB
Available physical RAM: 5044.41 MB
Total Pagefile: 16170.53 MB
Available Pagefile: 13276.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
#4
Spybot not as good as it once was.....
http://www.pcmag.com/article2/0,2817,2412372,00.asp


Step 1: 9-Lab Scan.

http://9-lab.com/download/

Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.


Install the program onto your computer, then right click the icon
run as administrator.

Update the program and then run a full scan,

upload_2015-9-11_17-32-7.png

Upon Scan Completion Click on Show Results.

upload_2015-9-11_17-32-7.png

Then Click On Clean upload_2015-9-11_17-32-7.png

Then Click on Save Log. save it to your desktop, copy and paste the contents of the logfile here in your next reply.



Step 2: ZHP Scan.

Please download ZHP Cleaner to your desktop. Right Click the icon and select run as administrator.

1. In order to download ZHP cleaner you will need to click the icon below, telecharger, (which is download in French)





2. Once you have started the program, you will need to click the scanner button.



The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

Step 3: Junkware Removal Tool.

Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
 

Lord Chance

iHelpForum Jester & Door Greeter
iHF Veteran
Advisor
WCG Team Member
#5
M'Lady, Please take no offense. Malnutrition's instructions are canned and are meant for the less technically inclined. Though it is a bit of reading on the OP's part it is actually helps the SEC Advisor speed up His/Her response time. :)
 

LadyGreenWitch

I'll get you my pretty, and your little log too!
iHF Regular
#6
I figured as much, I've just always been against the canned response as a general rule. Oh well, you guys know what you are doing better than I. @Malnutrition, no offense, I was sincerely interested in why SB was being removed. I am also a pain, lol, just ask any of the guys. LOL. I will get those other scan results for you ASAP.

TTFN,

LGW
 

Malnutrition

Still Hungry
iHF Master Craftsman
#8
Once you have ran the last set of instructions please re-run FRST and post new FRST and addition.txt logs. I will remove anything that remains.
 

Crush

I am admin, ruler of my domain
Administrator
iHF Master Craftsman
#9
Hey Mal, may I call you Mal? I am happy to comply with all of your instructions. However, I am curious as to why you want me to remove Spybot? Please understand that while I have been out of the loop for quite some time, I still consider myself a tech, and it isn't necessary to give me a blow by blow for most programs, like you would a newb., unless your instructions differ from the norm. Thank you so much for helping me with this. I will have what you have requested ASAP.
Hi Mal,

Mind if I jump in here? No? Good :D

@LGW - mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products). Further, most people don't understand how to use Spybot's TeaTimer and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. If you don't have understanding how a particular security tool works, then you probably should not be using it. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and in some cases it will even prevent disinfection of malware by those tools.
 

Lord Chance

iHelpForum Jester & Door Greeter
iHF Veteran
Advisor
WCG Team Member
#10
I figured as much, I've just always been against the canned response as a general rule. Oh well, you guys know what you are doing better than I. @Malnutrition, no offense, I was sincerely interested in why SB was being removed. I am also a pain, lol, just ask any of the guys. LOL. I will get those other scan results for you ASAP.

TTFN,

LGW
Tsk! Yer be a gentle lass M'Lady. Of this I know. Just as I know Mal is a scoundrel. But he cares for the lost lambs who wonder in here with troubles. :)
 

Malnutrition

Still Hungry
iHF Master Craftsman
#11
Also get rid of the windows 10 upgrade nonsense.

Remove it easily....

Get the Everything Search Engine
Type GWX into search window.
Then Click Edit.
Right Click Highlighted items, then select delete.

If there is something GWX related that will not delete.....

Type GWX into search window.
Then Click Edit.
Select all.
Right Click >>>>>>>> Copy full name to clipboard.
Open Notepad >>>>>>> Paste to notepad.
Name the file Fixlist
Save to your desktop.
Download and save FRST 64bit or FRST 32 bit to your Desktop.
CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
Right click FRST or FRST64 Run as Admin.
Click the fix button.
Reboot if needed.....


Also from your Adware Cleaner log it seems you did not clean the infections. Re-run this time click delete after the scan the post new log.
 
Last edited:

LadyGreenWitch

I'll get you my pretty, and your little log too!
iHF Regular
#12
You are all so sweet. @Crush, ok, you're the boss here, but remember, I do know... (and be grateful that I didn't call you TB, ;) ) @Malnutrition, I am so grateful for your help, and I apologize for forgetting the RogueKiller log. Do you still require that? And finally, my dear friend @Lord Chance, there is no other that I could trust more than thou, M'Lord. Your opinion of me is most generous, and I, regardless of many faults, am grateful to you for your kind and gentle words.
 
Last edited:

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#14
Hope you don't mind me butting in here, but as a malware school student can I point out that your frst logs are months old and possibly no longer relevant? It is also highly advisable to run any (non installed) scan tool from the desktop, as this will benefit both user and helper.:D

FWIW
 
Last edited:

LadyGreenWitch

I'll get you my pretty, and your little log too!
iHF Regular
#15
@Cameldung, I posted all new logs when asked for them. My logs are always named immediately with my initials and the current date so that I can keep track of them, what makes you think that they would be months old :confused:? But thank you for helping out regardless. @Malnutrition Alrighty, here are remaining logs as requested. Everything seemed to go as planned, except that I am having difficulty finding the FRST logs. I have tried multiple times. This is a program I am familiar with, and I have never had this problem before. Oh and one more thing, the link to the Win10 pre-garbage link is not working. Let me know how you want me to handle it. And thank you Malnutrition, you are a true gentleman, regardless of the reputation that @Lord Chance attempts to assign to you. ;)
 

Attachments

Cameldung

I Like It Here
iHF Veteran
Advisor
WCG Team Member
#16
@Cameldung, I posted all new logs when asked for them. My logs are always named immediately with my initials and the current date so that I can keep track of them, what makes you think that they would be months old :confused:? But thank you for helping out regardless. @Malnutrition Alrighty, here are remaining logs as requested. Everything seemed to go as planned, except that I am having difficulty finding the FRST logs. I have tried multiple times. This is a program I am familiar with, and I have never had this problem before. Oh and one more thing, the link to the Win10 pre-garbage link is not working. Let me know how you want me to handle it. And thank you Malnutrition, you are a true gentleman, regardless of the reputation that @Lord Chance attempts to assign to you. ;)
This is the header from your FRST log, your addition log is similarly out of date too. I hope you don't mind me butting in here but an out of date log is all but useless. Both the copy and pasted posts and the attached .txt FRST log files are months old.


2015-09-12_135927.jpg
 
Last edited:

LadyGreenWitch

I'll get you my pretty, and your little log too!
iHF Regular
#17
@Cameldung,

Sweetie, I've been doing this a LONG time. There is something very wrong going on here. Those were the txt files that were created after I not only reinstalled FRST from the link posted, but then located the txt files, renamed them, and put them into the file I am keeping for this fix only. These are not old. I wouldn't do that it would be stupid and counter productive. This is by no means my first rodeo. Check in with Crush to find out who I am. I really appreciate your brining this up though, because it could be indicative of further issues. Peace brother.

TTFN,

LGW
 
Last edited:

LadyGreenWitch

I'll get you my pretty, and your little log too!
iHF Regular
#19
Just my way, no offense intended. And yes you are, you are trying to help, and you caught something that no one else did. Ergo, you are a Sweetie. Thanks for finding that, and a search on my laptop shows that there are no frst.txt or addition.txt files after 4/28/15, even though I reinstalled and ran the program only yesterday and today. Mysterious for real, and thanks for finding that.

TTFN,

LGW
 

Malnutrition

Still Hungry
iHF Master Craftsman
#20
Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2: Security Check.




Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document
Step 3: Eset Online Scanner.



Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.




  • Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
Step 4: Zoek.

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
iedefaults;
shortcutfix;
symlinksfix;
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Step 5: New FRST and Additon.txt logs.


Re-Run FRST as you did the first time and post the new logs Make sure addition.txt is checked. Can you tell me now how your machine is responding.




A side note:
I notice that Avast is not showing up under the Security Center Heading in FRST... Are you having issues with it? Also are you running just the firewall from comodo or the antivirus as well?


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 

Attachments