Skip to main content

Virus Eating All My Hard Drive Space

Comments

14 comments

  • Support

    Hi zubbs1,

    1. There are several old program versions with known vulnerabilities in the computer. A web page can use those vulnerabilities to infect the computer. Use Secunias Software Inspector to the old versions and then uninstall or update them. http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

     

    2. Please, uninstall or disable all file sharing programs (torrent programs), e.g. Tixati, while cleaning the computer.

     

    3. There are a lot of partially downloaded files in the Downloads folder. They are called Unconfirmed xxx.crdownload, I suggest that you delete them.

     

     

    4. The following script will empty the Recycle Bin and the folders for temporary files, please check that there aren't any important files in those locations.

     

    Please, start Notepad.
    Copy all text that is in the box:

    CreateRestorePoint:
    CloseProcesses:
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
    CMD: ipconfig /flushdns
    EmptyTemp:
    and paste in Notepad. Check that no files have been split on two lines.
    Save the file as fixlist.txt on the desktop.

    Exit all programs.
    Start FRST, please.
    Click the Fix button.
    Wait until the tool has finished.

    It creates a log file, called Fixlog.txt, on the desktop.
    Please, paste the content of that file in your reply.

     

     

    5. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Log file button.
    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

    0
  • Customer

    Secunia gives me an error message 'unable to retrieve PSI user ID from secunia. Please verify that you can connect to https://psi3.secunia.com/ then restart the PSI.

     

    I can load the stated webpage, so I don't know what is going on?

     

     

    Logfiles:

     

    Adw Cleaner:

     

    # AdwCleaner v4.205 - Logfile created 24/05/2015 at 20:43:13
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-24.1 [server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : Kathy - QUICKSILVER
    # Running from : C:\Users\Kathy\Desktop\FRST Scans\adwcleaner_4.205.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default\user.js
    Folder Found : C:\ProgramData\Trymedia

    ***** [ Scheduled tasks ] *****

    Task Found : GB Runner

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49851;hxxps=127.0.0.1:49851;
    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKCU\Software\AppDataLow\Software\adawarebp
    Key Found : HKCU\Software\CommunityCrawlingService
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}
    Key Found : HKCU\Software\Optimizer Pro
    Key Found : [x64] HKCU\Software\CommunityCrawlingService
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}
    Key Found : [x64] HKCU\Software\Optimizer Pro
    Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Found : HKLM\SOFTWARE\CommunityCrawlingService
    Key Found : HKLM\SOFTWARE\Trymedia Systems
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
    Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [savedLegacySettings]

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.7601.18715


    -\\ Mozilla Firefox v38.0.1 (x86 en-US)


    -\\ Chromium v

    [C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4239 bytes] - [24/05/2015 20:43:13]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4298 bytes] ##########

     

     

    FIXLOG:

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
    Ran by Kathy at 2015-05-24 20:31:00 Run:1
    Running from C:\Users\Kathy\Desktop\FRST Scans
    Loaded Profiles: Kathy (Available Profiles: Kathy)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
    CMD: ipconfig /flushdns
    EmptyTemp:
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    EmptyTemp: => Removed 904.9 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 20:37:34 ====

     

     

    cheers.

    0
  • Support

    1. Try to use Secunia again when the computer is clean.

     

     

    2. Please, turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.

    Click on the Scan button.
    Wait until the search has finished.

    Click on the Clean button.

    Click on OK.
    Click on OK on any message that pops up.
    The computer will be restarted.

    A report will be displayed, copy its content and paste into your reply.
    If the report isn't displayed, it exist as C:\AdwCleaner\AdwCleaner[s0].txt

     

    3. Scan the computer with Ad-Aware.

     

     

    4. Start FRST.

    Select Addition.txt.

    Scan with FRST and attach the two new log files.

     

     

    5. Run an online scan with Eset (easiest with Internet Explorer) to get a second opinion: http://www.eset.com/onlinescan/
    To shorten the scanning time disable your antivirus program while scanning.

    Select Enable detection of potentially unwanted applications.
    Click Advanced Settings.

    Deselect Remove found threats.

    Select:
    Scan Archives
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

    Click Start.

    When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

    0
  • Support

    Very good that the internet connection is working better now when the proxy server is gone!

     

    Please, don't forget to follow up with the logs to make sure that everything malicious is gone.

     

    Thanks, you too

    0
  • Customer

    Holy cow!

    I just went to the Secunia site and downloaded their program.

    How come I never knew about this before?

    I guess I'm not as smart as I thought I was!

    BWAHAHAHAHA!

    Have a great Memorial Day and a great if short week!

    Thanks for the great info.

    0
  • Customer

    Secunia produced the same error after following all the steps from your post. Ad Aware found no threats after a full scan after adw cleaner.

    ADW CLEANER:

    # AdwCleaner v4.205 - Logfile created 25/05/2015 at 10:55:04
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-25.1 [server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : Kathy - QUICKSILVER
    # Running from : C:\Users\Kathy\Desktop\FRST Scans\adwcleaner_4.205.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Trymedia
    File Deleted : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default\user.js

    ***** [ Scheduled tasks ] *****

    Task Deleted : GB Runner

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\CommunityCrawlingService
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKLM\SOFTWARE\CommunityCrawlingService
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49851;hxxps=127.0.0.1:49851;
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.7601.18715


    -\\ Mozilla Firefox v38.0.1 (x86 en-US)


    -\\ Chromium v

    [C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Kathy\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4425 bytes] - [24/05/2015 20:43:13]
    AdwCleaner[R1].txt - [4484 bytes] - [25/05/2015 10:53:48]
    AdwCleaner[s0].txt - [4005 bytes] - [25/05/2015 10:55:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4064 bytes] ##########

    FRST:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
    Ran by Kathy (administrator) on QUICKSILVER on 25-05-2015 12:24:48
    Running from C:\Users\Kathy\Desktop\FRST Scans
    Loaded Profiles: Kathy (Available Profiles: Kathy)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    () C:\Program Files\pia_manager\pia_manager.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\bin\rubyw.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    () C:\Program Files\pia_manager\pia_manager.exe
    (http://www.ruby-lang.org/) C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\bin\rubyw.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
    () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktop.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
    HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
    HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-02-03] (Seagate Technology LLC)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
    HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
    HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\Run: [uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-02-03] (Seagate Technology LLC)
    HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-12] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-05-24]
    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
    HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-08] (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-08] (Oracle Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-01-11] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-01-11] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\rd4sdkbe.default
    FF DefaultSearchEngine.US: Google
    FF Homepage: google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-08] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-08] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation)
    R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
    R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-03] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-02-03] (Seagate Technology LLC)
    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2015-01-06] (BitDefender)
    R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2015-01-06] (BitDefender)
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2015-01-06] (BitDefender)
    R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
    R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
    R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
    R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
    S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
    R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3401944 2014-04-01] (Realtek Semiconductor Corporation )
    R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
    S0 qtbc; System32\drivers\qfqy.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-24 20:42 - 2015-05-25 10:55 - 00000000 ____D () C:\AdwCleaner
    2015-05-24 20:13 - 2015-05-24 20:13 - 00001073 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    2015-05-24 20:13 - 2015-05-24 20:13 - 00000000 ____D () C:\Users\Kathy\AppData\Local\Secunia PSI
    2015-05-24 20:13 - 2015-05-24 20:13 - 00000000 ____D () C:\Program Files (x86)\Secunia
    2015-05-24 19:03 - 2015-05-25 12:24 - 00000000 ____D () C:\FRST
    2015-05-24 19:01 - 2015-05-24 20:37 - 00000000 ____D () C:\Users\Kathy\Desktop\FRST Scans
    2015-05-24 13:29 - 2015-05-24 13:29 - 00000000 ____D () C:\ProgramData\BitDefender
    2015-05-24 13:20 - 2015-05-24 13:20 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\LavasoftStatistics
    2015-05-24 13:20 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\Windows\system32\bdsmtpp.dll
    2015-05-24 13:20 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\Windows\system32\BdFirewallSDK.dll
    2015-05-24 13:20 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\Windows\system32\httproxy.dll
    2015-05-24 13:20 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
    2015-05-24 13:20 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\Windows\system32\bdpop3p.dll
    2015-05-24 13:20 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\Windows\system32\OEMbdpredir.dll
    2015-05-24 13:20 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\Windows\system32\bdpredir.dll
    2015-05-24 13:20 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\Windows\system32\bdnc.dll
    2015-05-24 13:19 - 2015-05-25 10:59 - 00002321 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2015-05-24 13:19 - 2015-05-24 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2015-05-24 13:18 - 2015-05-24 13:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2015-05-24 13:15 - 2015-05-24 13:15 - 00000000 ____D () C:\Program Files\Lavasoft
    2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Lavasoft
    2015-05-24 13:13 - 2015-05-24 13:13 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
    2015-05-24 13:11 - 2015-05-24 13:11 - 00000000 ____D () C:\ProgramData\Lavasoft
    2015-05-23 10:59 - 2015-05-23 10:59 - 00001035 _____ () C:\Users\Kathy\Desktop\WinDirStat.lnk
    2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
    2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
    2015-05-23 10:59 - 2015-05-23 10:59 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
    2015-05-11 14:29 - 2015-05-20 14:21 - 00045568 ____H () C:\Users\Kathy\Documents\~WRL3588.tmp
    2015-05-11 14:29 - 2015-05-19 15:10 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0005.tmp
    2015-05-11 14:29 - 2015-05-18 22:12 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL0004.tmp
    2015-05-11 14:29 - 2015-05-18 22:11 - 00045056 ____H () C:\Users\Kathy\Documents\~WRL2470.tmp
    2015-05-11 14:29 - 2015-05-11 14:46 - 00044544 ____H () C:\Users\Kathy\Documents\~WRL3630.tmp
    2015-05-10 15:48 - 2015-05-10 15:48 - 00003516 _____ () C:\Windows\System32\Tasks\Seagate_Install_Launch
    2015-05-10 15:48 - 2015-05-10 15:48 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Nero
    2015-05-10 15:47 - 2015-05-10 15:47 - 00002717 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
    2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Nero
    2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
    2015-05-10 15:47 - 2015-05-10 15:47 - 00000000 ____D () C:\Program Files (x86)\Seagate
    2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Seagate
    2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
    2015-05-10 15:43 - 2015-05-10 15:43 - 00000000 ____D () C:\Users\Kathy\AppData\Roaming\Leadertech
    2015-05-09 14:58 - 2015-05-09 14:58 - 00051305 _____ () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive.htm
    2015-05-09 14:58 - 2015-05-09 14:58 - 00045620 _____ () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive.htm
    2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\N-Z file folder cut-outs.pdf - Google Drive_files
    2015-05-09 14:58 - 2015-05-09 14:58 - 00000000 ____D () C:\Users\Kathy\Documents\A-M file folder cut-outs.pdf - Google Drive_files

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-25 12:01 - 2014-11-08 21:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-25 11:16 - 2014-11-08 18:59 - 02051719 _____ () C:\Windows\WindowsUpdate.log
    2015-05-25 11:12 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-25 11:12 - 2009-07-13 23:45 - 00020192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-25 11:02 - 2009-07-14 00:13 - 00006170 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-25 10:56 - 2015-03-01 14:56 - 00005855 _____ () C:\Windows\setupact.log
    2015-05-25 10:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-24 20:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2015-05-24 13:47 - 2015-03-29 18:23 - 00053202 _____ () C:\Windows\PFRO.log
    2015-05-24 13:02 - 2014-11-09 16:52 - 00000000 ____D () C:\Users\Kathy\Documents\First Steps
    2015-05-23 21:35 - 2014-12-15 09:50 - 00000000 ____D () C:\Users\Kathy\Desktop\Windows Loader v2.2.2
    2015-05-23 21:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
    2015-05-23 11:33 - 2014-11-09 16:47 - 00000000 ____D () C:\Users\Kathy\Documents\calendars
    2015-05-23 10:29 - 2015-02-28 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-23 09:08 - 2015-01-12 21:32 - 00012950 ____H () C:\Users\Kathy\Documents\~WRL3697.tmp
    2015-05-21 06:46 - 2015-04-21 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-05-21 06:46 - 2014-11-08 21:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-05-12 18:35 - 2015-01-13 19:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-05-10 15:48 - 2014-11-08 17:04 - 00000000 ____D () C:\Users\Kathy
    2015-05-10 15:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-05-08 17:57 - 2009-07-14 00:08 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

    ==================== Files in the root of some directories =======

    2015-03-01 14:49 - 2015-03-01 14:49 - 0000017 _____ () C:\Users\Kathy\AppData\Local\resmon.resmoncfg
    2014-11-12 11:03 - 2014-11-12 11:03 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some files in TEMP:
    ====================
    C:\Users\Kathy\AppData\Local\Temp\Quarantine.exe
    C:\Users\Kathy\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-24 17:38

    ==================== End of log ============================

    FRST Addition:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
    Ran by Kathy at 2015-05-25 12:26:28
    Running from C:\Users\Kathy\Desktop\FRST Scans
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2506747023-1352019474-4072486413-500 - Administrator - Disabled)
    Guest (S-1-5-21-2506747023-1352019474-4072486413-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2506747023-1352019474-4072486413-1002 - Limited - Enabled)
    Kathy (S-1-5-21-2506747023-1352019474-4072486413-1000 - Administrator - Enabled) => C:\Users\Kathy

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
    AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
    AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
    AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
    AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
    AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
    FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
    Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
    gBot (HKLM-x32\...\407308A3-D7DA-A7A5-C900-000000B100) (Version: 107.0.0.454 - gBot team)
    HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
    HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
    HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    Inspector Parker (HKLM-x32\...\BFG-Inspector Parker) (Version: - )
    Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
    Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
    Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
    Mystery Case Files: Prime Suspects ™ (HKLM-x32\...\BFG-Mystery Case Files - Prime Suspects) (Version: - )
    Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
    PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
    Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.89.716.2014 - Realtek)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.30.0239 - )
    Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.19.0 - Seagate)
    Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
    Super Mahjong (HKLM-x32\...\e7ae5e74e555b485845f9811708aa158) (Version: - GameHouse)
    Tixati (HKLM-x32\...\tixati) (Version: - )
    WinDirStat 1.1.2 (HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\...\WinDirStat) (Version: - )
    WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2506747023-1352019474-4072486413-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

    ==================== Restore Points =========================

    24-05-2015 13:11:36 AA11
    24-05-2015 20:31:01 Restore Point Created by FRST

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0B4DF142-C1DF-426D-A59F-179B3B86F448} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
    Task: {1473CC2A-B67D-4812-B3E3-FEA809260A97} - System32\Tasks\ScanToPCActivationApp.exe_{B0C2E6BD-C1A6-49E6-A0CC-74081F080AFF} => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {227ABE67-3CE1-4D77-A7C5-85899ED5B238} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
    Task: {31F80569-458F-4A2A-954A-CAFE4FE849AB} - System32\Tasks\{DF5E0E28-42F3-4954-829F-6BB9FF8E6E7E} => pcalua.exe -a C:\Users\Kathy\Downloads\Install-winMd5Sum.exe -d C:\Users\Kathy\Downloads
    Task: {4A9CF1BC-EC6A-496C-AA8F-64588807975A} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-02-03] (Seagate Technology LLC)
    Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION
    Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION
    Task: {8E728DAD-FCF3-4BCD-B218-CFCD47442B89} - System32\Tasks\{D9065875-F2C5-4397-A201-02682A0A1EE3} => pcalua.exe -a E:\sp48482.exe -d E:\
    Task: {8E7CA9EB-8A00-4D97-BE28-48DE710191D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {910840FB-36F9-4ACC-B238-CE9F37633707} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-02-24] ()
    Task: {972B388A-3F17-43C3-BF4A-ECB145C54E42} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (Kathy) => C:\Users\Kathy\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2015-05-10] (Leader Technologies/Seagate)
    Task: {B0379419-4F21-4A1C-AB2B-E949E267A6FB} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop
    Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-02-24 13:11 - 2015-02-24 13:11 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
    2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
    2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareServiceKernel.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareActivation.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareApplicationUpdater.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareGamingMode.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdater.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIgnoreList.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareQuarantine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiMalwareEngine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiRootkitEngine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerHistory.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScanner.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareScannerScheduler.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtection.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareIncompatibles.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiSpam.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAntiPhishing.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareParentalControl.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareWebProtection.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareEmailProtection.dll
    2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNetworkProtection.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareFeedback.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareThreatWorkAlliance.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePinCode.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareNotice.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareAvcEngine.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
    2015-05-24 13:20 - 2015-01-06 12:47 - 00156936 _____ () C:\Windows\system32\bdfwcore.dll
    2015-05-24 13:29 - 2015-05-24 13:29 - 00789856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
    2015-05-24 13:29 - 2015-05-24 13:29 - 00710016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
    2015-05-24 13:29 - 2015-05-24 13:29 - 02683008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
    2015-05-24 13:29 - 2015-05-24 13:29 - 01325480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
    2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
    2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\HtmlFramework.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTrayDefaultSkin.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
    2015-03-10 18:50 - 2015-03-10 18:50 - 17104376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktop.exe
    2015-03-10 18:51 - 2015-03-10 18:51 - 00456224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_program_options-vc100-mt-1_57.dll
    2015-03-10 18:50 - 2015-03-10 18:50 - 07331856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareDesktopDefaultSkin.dll
    2015-05-25 10:56 - 2015-05-25 10:56 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\src\rgloader\rgloader193.mswin.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\bin\libffi-6.dll
    2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr56D6.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    2014-10-28 12:22 - 2014-10-28 12:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
    2015-05-25 10:56 - 2015-05-25 10:56 - 00012800 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00009728 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00014848 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\src\rgloader\rgloader193.mswin.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00094208 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00118784 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00069120 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00083968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\bin\zlib1.dll
    2015-05-25 10:56 - 2015-05-25 10:56 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00275968 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00015360 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00008192 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00009216 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00023552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00008704 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00036352 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00126976 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00087552 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00016384 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00127316 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\bin\libffi-6.dll
    2015-05-25 10:56 - 2015-05-25 10:56 - 00013312 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00095744 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
    2015-05-25 10:56 - 2015-05-25 10:56 - 00026624 _____ () C:\Users\Kathy\AppData\Local\Temp\ocr8D41.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
    2015-02-24 13:11 - 2015-02-24 13:11 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
    2015-02-24 13:11 - 2015-02-24 13:11 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
    AlternateDataStreams: C:\ProgramData\TEMP:80FE037D

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2506747023-1352019474-4072486413-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER Error getting ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{B85C99DF-9DF1-4912-A476-DBA4D9574C00}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
    FirewallRules: [{C780F957-B6C3-4FE6-85BD-4B794F110D33}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{6EBF6E00-4899-441C-966A-5799CDE6393E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{6D931486-EACD-41E3-B260-7D975C177D89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{113CC051-69BC-4130-AD11-131C8F8B3DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{53440948-0468-4E5F-A280-425637353164}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [uDP Query User{A4A4E9F1-EA2C-4AAB-85FF-5B480CDFFE0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{BE4F7C7B-D685-4CC4-A40E-0F33EBE30F24}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
    FirewallRules: [uDP Query User{98255DD5-EB27-4EEE-ADB4-6EEF79ADC795}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
    FirewallRules: [{CA2DBDAB-1987-41A9-B259-6947D7B9C251}] => (Allow) LPort=8888
    FirewallRules: [{3504F4C9-79D9-480B-B419-5E8796EA1C3A}] => (Allow) LPort=8888

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (05/25/2015 00:30:47 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (05/24/2015 08:31:01 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e366bbb1-6e5f-404d-bece-9cd1b0648957}

    Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

    Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


    System errors:
    =============
    Error: (05/25/2015 11:04:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (05/25/2015 10:59:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom
    qtbc

    Error: (05/25/2015 10:56:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\Rtlihvs.dll

    Error: (05/25/2015 10:56:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\Rtlihvs.dll

    Error: (05/25/2015 10:56:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Print Spooler service failed to start due to the following error:
    %%1069

    Error: (05/25/2015 10:56:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
    %%50

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (05/25/2015 10:55:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\system32\Rtlihvs.dll

    Error: (05/25/2015 10:55:36 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
    %%1056

    Error: (05/25/2015 10:55:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (05/25/2015 10:55:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).


    Microsoft Office:
    =========================
    Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000

    Error: (05/25/2015 00:26:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: Performance1637070000000000000000000009030000

    Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000

    Error: (05/25/2015 11:02:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: Performance1637070000000000000000000009030000

    Error: (05/25/2015 00:30:47 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

    Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000

    Error: (05/24/2015 08:44:14 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: Performance1637070000000000000000000009030000

    Error: (05/24/2015 08:31:01 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {e366bbb1-6e5f-404d-bece-9cd1b0648957}

    Error: (05/24/2015 05:39:47 PM) (Source: SideBySide) (EventID: 63) (User: )
    Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

    Error: (05/24/2015 01:54:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: WmiApRplWmiApRpl8F20300004D070000


    ==================== Memory info ===========================

    Processor: Intel® Core i5-4210U CPU @ 1.70GHz
    Percentage of memory in use: 36%
    Total physical RAM: 8126.3 MB
    Available physical RAM: 5138.71 MB
    Total Pagefile: 16250.78 MB
    Available Pagefile: 13845.16 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:698.54 GB) (Free:582.48 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6484D2A8)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

    ==================== End of log ============================

    ESET:

    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\gbRunner.exe a variant of Win32/GigaClicks.AK potentially unwanted application
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\uninstall.exe a variant of Win32/GigaClicks.AK potentially unwanted application
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmdProc.dll a variant of Win32/GigaClicks.AK potentially unwanted application
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmlProc.dll a variant of Win32/GigaClicks.AJ potentially unwanted application
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\CmnUtls.dll a variant of Win32/GigaClicks.AK potentially unwanted application
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\InSes.dll a variant of Win32/GigaClicks.AJ potentially unwanted application
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\ManXec.dll a variant of Win32/GigaClicks.AK potentially unwanted application
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\PrfIns.dll a variant of Win32/GigaClicks.AK potentially unwanted application
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100\Modules\WblSupp.dll a variant of Win32/GigaClicks.AK potentially unwanted application
    C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
    C:\Windows\SysWOW64\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application

    Cheers.

    0
  • Support

    1. Please, uninstall "gBot" since it's adware
    Uninstall or update "Java 8 Update 25" and "Adobe Flash Player 17 NPAPI" since those are old versions with known vulnerabilities. That kind of vulnerabilities can be exploited by a web page to infect the computer. Most people don't need Java at all, but if you need it, it's very important to always have the latest version.

    2. Please, start Notepad.
    Copy all text that is in the box:


    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S0 qtbc; System32\drivers\qfqy.sys [X]
    Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION
    Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION
    Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop
    Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
    AlternateDataStreams: C:\ProgramData\TEMP:80FE037D
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100
    Reboot:

    and paste in Notepad. Check that no files have been split on two lines.
    Save the file as fixlist.txt on the desktop.

    Exit all programs.
    Start FRST, please.
    Click the Fix button.
    Wait until the tool has finished.

    It creates a log file, called Fixlog.txt, on the desktop.
    Please, paste the content of that file in your reply.

    0
  • Customer

    Ok, I've updated Adobe and removed gbot and java.

     

    Here is the fixlog:

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
    Ran by Kathy at 2015-05-25 19:43:02 Run:2
    Running from C:\Users\Kathy\Desktop\FRST Scans
    Loaded Profiles: Kathy (Available Profiles: Kathy)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49851;https=127.0.0.1:49851;
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S0 qtbc; System32\drivers\qfqy.sys [X]
    Task: {59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} - \Microsoft\Windows\Maintenance\GB Update No Task File <==== ATTENTION
    Task: {7A13D603-C742-4E01-A8EA-2419CD937CC8} - \ProPCCleaner_Start No Task File <==== ATTENTION
    Task: {CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6} - System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => pcalua.exe -a "C:\Users\Kathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63NEVVOQ\sp56724[1].exe" -d C:\Users\Kathy\Desktop
    Task: {FF4BF964-9276-44F1-A1F8-FD6679D38853} - \ProPCCleaner_Popup No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72
    AlternateDataStreams: C:\ProgramData\TEMP:80FE037D
    C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100
    Reboot:
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
    qtbc => Service Removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59AD6C8E-19C7-49F1-BFB8-04AC59B88FED} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\GB Update => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A13D603-C742-4E01-A8EA-2419CD937CC8}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A13D603-C742-4E01-A8EA-2419CD937CC8}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFCB95F0-FB00-4EC5-BEE5-2361957DDCE6}" => key Removed successfully
    C:\Windows\System32\Tasks\{11FA020E-124B-45F1-8829-AB0F8DF38F9B} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11FA020E-124B-45F1-8829-AB0F8DF38F9B}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF4BF964-9276-44F1-A1F8-FD6679D38853}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF4BF964-9276-44F1-A1F8-FD6679D38853}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key Removed successfully
    C:\ProgramData\TEMP => ":2CB9631F" ADS Removed successfully.
    C:\ProgramData\TEMP => ":78E0DF72" ADS Removed successfully.
    C:\ProgramData\TEMP => ":80FE037D" ADS Removed successfully.
    "C:\Users\Kathy\AppData\Local\407308A3-D7DA-A7A5-C900-000000B100" => File/Folder not found.


    The system needed a reboot.

    ==== End of Fixlog 19:43:21 ====

     

     

    Cheers.

    0
  • Customer

    Ok all traces seem gone. After 24 hours, no new appdata/temp folders and files have shown up and grown out of control like before. I think I'm ready to wrap this up.

     

    cheers.

    0
  • Support

    How is the computer behaving now?

    Any other questions?

     

    When you are satisfied I will give you the instruction for how to uninstall FRST and AdwCleaner.

    0
  • Support

    Good!

     

     

    1. Please, turn off all programs, including browsers.
    Double-click on AdwCleaner to start the program.
    Click on the Uninstall button.

    2. Download OTC http://oldtimer.geekstogo.com/OTC.exe
    Close all programs.
    Start OTC program.
    Click the CleanUp! button.
    Select Yes when asked "Begin cleanup process".
    If you are asked to reboot, select Yes.

     

    If any logs remain on the computer you can delete them.

    0
  • Customer

    Ok, all cleaned up. Thank you for all your help!

    0
  • Support

    You're welcome

    0
  • Support

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.


    If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.


    Everyone else please begin a New Topic.


    Thank you !

    0

Please sign in to leave a comment.