CindyA

It seems to be running very well. Thanks for your help!

This is the fixlog. Fixlog.txt

Please ignore the prior post. I will now attach the information you requested. FRST.txt Addition.txt

Thank you very much for your patience. Here are the new results from Farbar.

I have not used Google Chrome for quite a time. I just opened it and had 3 tabs come up. One was Google and the other two where something called AVG Secure Search. I have no idea how when this happened or what this AVG thing is. Thanks for your help.

It is still running very slowly and the fan is running non-stop.

This is the fixlog.txt from the desktop. Fixlog.txt

Sorry about pasting the results. I was following the original instructions that I was given. I have attached both files this time. Thanks! FRST.txt Addition.txt

Here is the new scan. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016 Ran by Cindy Landess-Arjes (administrator) on CINDYLANDESS-AR (11-02-2016 19:19:34) Running from C:\Users\Cindy Landess-Arjes\Downloads Loaded Profiles: Cindy Landess-Arjes (Available Profiles: Cindy Landess-Arjes & DefaultAppPool) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\Solitaire.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.) HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\RunOnce: [uninstall C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\RunOnce: [uninstall C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1" HKU\S-1-5-21-958527432-3178514216-3426787634-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f36f8e1f-2e6c-4c6c-8857-97f0866abf79}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{f36f8e1f-2e6c-4c6c-8857-97f0866abf79}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-958527432-3178514216-3426787634-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> DefaultScope {C7C4302E-00F9-459E-AC7D-7F347A0514DC} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F3896A22-195B-4A0A-BFD0-33E174B47003}&mid=33b7c85995fd47ccbf270d47e7fa0e11-4972b1725bb10c1b13bbf69b8945c4baf12364dd〈=en&ds=AVG&coid=avgtbavg&cmpid=0116avz&pr=fr&d=2016-01-26 21:02:32&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> {C7C4302E-00F9-459E-AC7D-7F347A0514DC} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-03] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-03] (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.) Toolbar: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.) Toolbar: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-03] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll [2012-10-17] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-958527432-3178514216-3426787634-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-13] (Citrix Online) FF Plugin HKU\S-1-5-21-958527432-3178514216-3426787634-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.com/?sesinv=1","hxxps://mysearch.avg.com?cid={E5D38CA9-C334-4DD9-A987-2A37D9FFF978}&mid=f2ce8abe666547d38ddc0d47e7fa0e11-4972b1725bb10c1b13bbf69b8945c4baf12364dd〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-29 10:12:23&v=3.2.0.14&pid=wtu&sg=&sap=hp","hxxps://mysearch.avg.com?cid={E5D38CA9-C334-4DD9-A987-2A37D9FFF978}&mid=f2ce8abe666547d38ddc0d47e7fa0e11-4972b1725bb10c1b13bbf69b8945c4baf12364dd〈=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-29 10:12:23&v=3.2.0.15&pid=wtu&sg=&sap=hp" CHR Profile: C:\Users\Cindy Landess-Arjes\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Web Store Payments) - C:\Users\Cindy Landess-Arjes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-26] CHR Extension: (Simple EPUB Reader) - C:\Users\Cindy Landess-Arjes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-02-03] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.) R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-12-18] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-11 15:11 - 2016-02-11 15:12 - 00044179 _____ C:\Users\Cindy Landess-Arjes\Downloads\Addition.txt 2016-02-11 15:10 - 2016-02-11 19:19 - 00021591 _____ C:\Users\Cindy Landess-Arjes\Downloads\FRST.txt 2016-02-11 15:09 - 2016-02-11 15:09 - 02370560 _____ (Farbar) C:\Users\Cindy Landess-Arjes\Downloads\FRST64.exe 2016-02-09 19:36 - 2016-02-11 19:19 - 00000000 ____D C:\FRST 2016-02-09 12:29 - 2016-01-27 00:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-02-09 12:29 - 2016-01-26 23:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-02-09 12:29 - 2016-01-26 23:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-02-09 12:29 - 2016-01-26 23:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-02-09 12:29 - 2016-01-26 23:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-02-09 12:29 - 2016-01-26 23:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-02-09 12:29 - 2016-01-26 23:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-02-09 12:29 - 2016-01-26 23:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-02-09 12:29 - 2016-01-26 23:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-02-09 12:29 - 2016-01-26 23:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-02-09 12:29 - 2016-01-26 23:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-02-09 12:29 - 2016-01-26 22:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-02-09 12:29 - 2016-01-26 22:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-02-09 12:29 - 2016-01-26 22:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-02-09 12:29 - 2016-01-26 22:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-02-09 12:29 - 2016-01-26 22:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-02-09 12:29 - 2016-01-26 22:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-02-09 12:29 - 2016-01-26 22:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-02-09 12:29 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-02-09 12:28 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-02-09 12:28 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-02-09 12:28 - 2016-01-27 00:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-02-09 12:28 - 2016-01-27 00:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-02-09 12:28 - 2016-01-27 00:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-02-09 12:28 - 2016-01-27 00:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-02-09 12:28 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-02-09 12:28 - 2016-01-26 23:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-02-09 12:28 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-02-09 12:28 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-02-09 12:28 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe 2016-02-09 12:28 - 2016-01-26 23:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-02-09 12:28 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-02-09 12:28 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-02-09 12:28 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-02-09 12:28 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe 2016-02-09 12:28 - 2016-01-26 23:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-02-09 12:28 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-02-09 12:28 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll 2016-02-09 12:28 - 2016-01-26 23:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-02-09 12:28 - 2016-01-26 23:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-02-09 12:28 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-02-09 12:28 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-02-09 12:28 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-02-09 12:28 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll 2016-02-09 12:28 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll 2016-02-09 12:28 - 2016-01-26 23:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-02-09 12:28 - 2016-01-26 23:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-02-09 12:28 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-02-09 12:28 - 2016-01-26 23:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-02-09 12:28 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-02-09 12:28 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-02-09 12:28 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll 2016-02-09 12:28 - 2016-01-26 22:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-02-09 12:28 - 2016-01-26 22:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-02-09 12:28 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-02-09 12:28 - 2016-01-26 22:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-02-09 12:28 - 2016-01-26 22:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-02-09 12:28 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-02-09 12:28 - 2016-01-26 22:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-02-09 12:28 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-02-09 12:28 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-02-09 12:28 - 2016-01-26 22:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-02-09 12:28 - 2016-01-26 22:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-02-09 12:28 - 2016-01-26 22:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-02-09 12:28 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-02-04 09:40 - 2016-02-06 08:50 - 00000000 ____D C:\WINDOWS\Minidump 2016-02-03 20:21 - 2016-02-03 20:21 - 00954708 _____ C:\Users\Cindy Landess-Arjes\Downloads\HowtoStartaQPlaceMarySchaller (3).epub 2016-02-03 20:20 - 2016-02-03 20:20 - 00954708 _____ C:\Users\Cindy Landess-Arjes\Downloads\HowtoStartaQPlaceMarySchaller (2).epub 2016-02-03 20:18 - 2016-02-03 20:18 - 00954708 _____ C:\Users\Cindy Landess-Arjes\Downloads\HowtoStartaQPlaceMarySchaller (1).epub 2016-02-03 20:17 - 2016-02-03 20:17 - 00954708 _____ C:\Users\Cindy Landess-Arjes\Downloads\HowtoStartaQPlaceMarySchaller.epub 2016-01-30 18:28 - 2016-01-30 18:28 - 00000000 ___HD C:\OneDriveTemp 2016-01-27 16:05 - 2016-01-16 00:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-01-27 16:05 - 2016-01-16 00:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-01-27 16:05 - 2016-01-16 00:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2016-01-27 16:05 - 2016-01-16 00:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-01-27 16:05 - 2016-01-15 23:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-01-27 16:05 - 2016-01-15 23:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-01-27 16:05 - 2016-01-15 23:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-01-27 16:05 - 2016-01-15 23:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-01-27 16:05 - 2016-01-15 23:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-01-27 16:05 - 2016-01-15 23:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-01-27 16:05 - 2016-01-15 23:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-01-27 16:05 - 2016-01-15 23:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-01-27 16:05 - 2016-01-15 23:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-01-27 16:05 - 2016-01-15 23:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-01-27 16:05 - 2016-01-15 23:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-01-27 16:05 - 2016-01-15 23:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-01-27 16:05 - 2016-01-15 23:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-01-27 16:05 - 2016-01-15 23:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-01-27 16:05 - 2016-01-15 23:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-01-27 16:05 - 2016-01-15 23:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-01-27 16:05 - 2016-01-15 23:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-01-27 16:05 - 2016-01-15 23:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-01-27 16:04 - 2016-01-16 00:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-01-27 16:04 - 2016-01-16 00:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-01-27 16:04 - 2016-01-16 00:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-01-27 16:04 - 2016-01-16 00:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2016-01-27 16:04 - 2016-01-16 00:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-01-27 16:04 - 2016-01-16 00:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-01-27 16:04 - 2016-01-16 00:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-01-27 16:04 - 2016-01-16 00:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-01-27 16:04 - 2016-01-16 00:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-01-27 16:04 - 2016-01-16 00:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-01-27 16:04 - 2016-01-16 00:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2016-01-27 16:04 - 2016-01-16 00:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2016-01-27 16:04 - 2016-01-16 00:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-01-27 16:04 - 2016-01-16 00:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-01-27 16:04 - 2016-01-16 00:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-01-27 16:04 - 2016-01-16 00:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-01-27 16:04 - 2016-01-16 00:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-01-27 16:04 - 2016-01-16 00:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-01-27 16:04 - 2016-01-15 23:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-01-27 16:04 - 2016-01-15 23:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-01-27 16:04 - 2016-01-15 23:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll 2016-01-27 16:04 - 2016-01-15 23:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2016-01-27 16:04 - 2016-01-15 23:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll 2016-01-27 16:04 - 2016-01-15 23:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-01-27 16:04 - 2016-01-15 23:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll 2016-01-27 16:04 - 2016-01-15 23:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-01-27 16:04 - 2016-01-15 23:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll 2016-01-27 16:04 - 2016-01-15 23:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe 2016-01-27 16:04 - 2016-01-15 23:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe 2016-01-27 16:04 - 2016-01-15 23:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll 2016-01-27 16:04 - 2016-01-15 23:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-01-27 16:04 - 2016-01-15 23:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll 2016-01-27 16:04 - 2016-01-15 23:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll 2016-01-27 16:04 - 2016-01-15 23:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-01-27 16:04 - 2016-01-15 23:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-01-27 16:04 - 2016-01-15 23:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-01-27 16:04 - 2016-01-15 23:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll 2016-01-27 16:04 - 2016-01-15 23:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-01-27 16:04 - 2016-01-15 23:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll 2016-01-27 16:04 - 2016-01-15 23:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-01-27 16:04 - 2016-01-15 23:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll 2016-01-27 16:04 - 2016-01-15 23:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2016-01-27 16:04 - 2016-01-15 23:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-01-27 16:04 - 2016-01-15 23:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll 2016-01-27 16:04 - 2016-01-15 23:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2016-01-27 16:04 - 2016-01-15 23:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2016-01-27 16:04 - 2016-01-15 23:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2016-01-27 16:04 - 2016-01-15 23:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-01-27 16:04 - 2016-01-15 23:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll 2016-01-27 16:04 - 2016-01-15 23:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2016-01-27 16:04 - 2016-01-15 23:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2016-01-27 16:04 - 2016-01-15 23:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-01-27 16:04 - 2016-01-15 23:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2016-01-27 16:04 - 2016-01-15 23:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe 2016-01-27 16:04 - 2016-01-15 23:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-01-27 16:04 - 2016-01-15 23:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-01-27 16:04 - 2016-01-15 23:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-01-27 16:04 - 2016-01-15 23:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe 2016-01-27 16:04 - 2016-01-15 23:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-01-27 16:04 - 2016-01-15 23:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-01-27 16:04 - 2016-01-15 23:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll 2016-01-27 16:04 - 2016-01-15 23:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll 2016-01-27 16:04 - 2016-01-15 23:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-01-27 16:04 - 2016-01-15 23:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-01-27 16:04 - 2016-01-15 23:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2016-01-27 16:04 - 2016-01-15 23:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll 2016-01-27 16:04 - 2016-01-15 23:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-01-27 16:04 - 2016-01-15 23:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2016-01-27 16:04 - 2016-01-15 23:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-01-27 16:04 - 2016-01-15 23:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll 2016-01-27 16:04 - 2016-01-15 23:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-01-27 16:04 - 2016-01-15 23:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2016-01-27 16:04 - 2016-01-15 23:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-01-27 16:04 - 2016-01-15 23:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-01-27 16:04 - 2016-01-15 23:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-01-27 16:04 - 2016-01-15 23:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-01-27 16:04 - 2016-01-15 23:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-01-27 16:04 - 2016-01-15 23:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-01-27 16:04 - 2016-01-15 23:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2016-01-27 16:04 - 2016-01-15 23:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-01-27 16:04 - 2016-01-15 23:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-01-27 16:04 - 2016-01-15 23:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-01-27 16:04 - 2016-01-15 23:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-01-27 16:04 - 2016-01-15 23:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-01-27 16:04 - 2016-01-15 23:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2016-01-27 16:04 - 2016-01-15 23:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2016-01-26 21:02 - 2016-01-26 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-01-22 15:15 - 2016-01-22 15:15 - 00260528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys 2016-01-12 18:39 - 2016-01-04 20:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-01-12 18:39 - 2016-01-04 20:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-01-12 18:39 - 2016-01-04 19:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-01-12 18:38 - 2016-01-04 20:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-01-12 18:38 - 2016-01-04 20:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-01-12 18:38 - 2016-01-04 20:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2016-01-12 18:38 - 2016-01-04 20:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2016-01-12 18:38 - 2016-01-04 20:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2016-01-12 18:38 - 2016-01-04 20:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2016-01-12 18:38 - 2016-01-04 20:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-01-12 18:38 - 2016-01-04 20:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-01-12 18:38 - 2016-01-04 20:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-01-12 18:38 - 2016-01-04 20:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll 2016-01-12 18:38 - 2016-01-04 20:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-01-12 18:38 - 2016-01-04 20:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-01-12 18:38 - 2016-01-04 20:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-01-12 18:38 - 2016-01-04 20:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll 2016-01-12 18:38 - 2016-01-04 20:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-01-12 18:38 - 2016-01-04 20:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-01-12 18:38 - 2016-01-04 20:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-01-12 18:38 - 2016-01-04 20:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-01-12 18:38 - 2016-01-04 20:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll 2016-01-12 18:38 - 2016-01-04 20:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-01-12 18:38 - 2016-01-04 20:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL 2016-01-12 18:38 - 2016-01-04 20:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL 2016-01-12 18:38 - 2016-01-04 20:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-01-12 18:38 - 2016-01-04 20:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL 2016-01-12 18:38 - 2016-01-04 20:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL 2016-01-12 18:38 - 2016-01-04 19:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll 2016-01-12 18:38 - 2016-01-04 19:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll 2016-01-12 18:38 - 2016-01-04 19:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2016-01-12 18:38 - 2016-01-04 19:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-01-12 18:38 - 2016-01-04 19:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx 2016-01-12 18:38 - 2016-01-04 19:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-01-12 18:38 - 2016-01-04 19:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-01-12 18:38 - 2016-01-04 19:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2016-01-12 18:38 - 2016-01-04 19:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-01-12 18:38 - 2016-01-04 19:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-01-12 18:38 - 2016-01-04 19:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2016-01-12 18:38 - 2016-01-04 19:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL 2016-01-12 18:38 - 2016-01-04 19:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2016-01-12 18:38 - 2016-01-04 19:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll 2016-01-12 18:38 - 2016-01-04 19:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL 2016-01-12 18:38 - 2016-01-04 19:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll 2016-01-12 18:38 - 2016-01-04 19:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll 2016-01-12 18:38 - 2016-01-04 19:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-01-12 18:38 - 2016-01-04 19:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-01-12 18:38 - 2016-01-04 19:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2016-01-12 18:38 - 2016-01-04 19:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2016-01-12 18:38 - 2016-01-04 19:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-01-12 18:38 - 2016-01-04 19:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx 2016-01-12 18:38 - 2016-01-04 19:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2016-01-12 18:38 - 2016-01-04 19:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-01-12 18:38 - 2016-01-04 19:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-01-12 18:38 - 2016-01-04 19:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2016-01-12 18:38 - 2016-01-04 19:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL 2016-01-12 18:38 - 2016-01-04 19:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-01-12 18:38 - 2016-01-04 19:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL 2016-01-12 18:38 - 2016-01-04 19:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll 2016-01-12 18:38 - 2016-01-04 19:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2016-01-12 18:38 - 2016-01-04 19:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-01-12 18:38 - 2016-01-04 19:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2016-01-12 18:38 - 2016-01-04 19:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-01-12 18:38 - 2016-01-04 19:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2016-01-12 18:38 - 2016-01-04 19:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-01-12 18:38 - 2016-01-04 19:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-11 19:11 - 2012-07-17 16:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-02-11 19:06 - 2012-08-22 07:30 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-11 18:31 - 2012-08-21 14:26 - 00000984 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001UA.job 2016-02-11 18:25 - 2015-01-13 12:15 - 00000678 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-958527432-3178514216-3426787634-1001.job 2016-02-11 18:18 - 2015-11-23 18:53 - 00004194 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0F58E985-9241-49E4-9DCA-F21174BA41FA} 2016-02-11 17:22 - 2015-05-31 08:58 - 00000774 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-958527432-3178514216-3426787634-1001.job 2016-02-11 15:31 - 2012-08-21 14:26 - 00000962 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001Core.job 2016-02-11 15:24 - 2013-10-08 15:14 - 00000000 ____D C:\ProgramData\MFAData 2016-02-11 14:45 - 2015-12-16 04:51 - 01010622 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-02-11 14:45 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF 2016-02-11 14:43 - 2012-07-13 21:04 - 00000000 ____D C:\ProgramData\clear.fi 2016-02-11 14:40 - 2015-12-16 04:52 - 00000000 ____D C:\Users\Cindy Landess-Arjes 2016-02-11 14:40 - 2012-08-22 07:30 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-11 14:37 - 2015-12-16 05:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-11 11:00 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-02-11 09:05 - 2015-05-31 08:58 - 00003970 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-958527432-3178514216-3426787634-1001 2016-02-11 09:05 - 2015-01-13 12:15 - 00003874 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-958527432-3178514216-3426787634-1001 2016-02-11 08:20 - 2015-10-30 00:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-02-11 08:19 - 2015-10-30 01:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-02-11 08:19 - 2015-10-15 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-02-11 05:40 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-10 06:28 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache 2016-02-10 04:58 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-02-10 04:01 - 2012-08-22 07:30 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-10 04:01 - 2012-08-22 07:30 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-02-10 04:00 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-10 03:35 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-09 19:52 - 2014-07-04 11:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-02-09 13:32 - 2013-07-15 20:12 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-02-09 13:27 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-02-09 13:27 - 2012-07-18 09:44 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-02-05 10:06 - 2015-10-15 14:45 - 00002454 _____ C:\Users\Cindy Landess-Arjes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-02-05 10:06 - 2014-02-27 21:23 - 00000000 ___RD C:\Users\Cindy Landess-Arjes\OneDrive 2016-02-03 20:31 - 2012-08-22 07:30 - 00000000 ____D C:\Program Files (x86)\Google 2016-02-03 20:23 - 2015-10-15 14:20 - 00000000 ____D C:\Users\Cindy Landess-Arjes\AppData\Local\Packages 2016-02-03 13:01 - 2015-10-30 01:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-02-03 13:01 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-01-29 09:18 - 2014-08-29 09:12 - 00000000 ____D C:\ProgramData\AVG Security Toolbar 2016-01-29 04:01 - 2012-08-09 14:14 - 00000000 ____D C:\Users\Cindy Landess-Arjes\AppData\Local\Google 2016-01-28 14:05 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-01-28 14:03 - 2011-12-12 08:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-01-28 13:04 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-01-28 13:04 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-01-28 13:04 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-01-28 13:04 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-01-28 13:04 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-01-28 13:04 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-01-28 13:04 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-01-27 15:14 - 2014-12-18 13:33 - 00000000 ___HD C:\ProgramData\CanonIJScan 2016-01-27 15:14 - 2014-12-18 13:33 - 00000000 ____D C:\Users\Cindy Landess-Arjes\AppData\Roaming\Canon 2016-01-13 03:17 - 2013-03-14 06:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-13 03:17 - 2013-03-14 06:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-01-12 21:30 - 2014-12-29 10:00 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-01-12 21:29 - 2015-11-23 20:09 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-01-12 19:28 - 2013-03-14 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ==================== Files in the root of some directories ======= 2011-12-12 09:04 - 2012-10-15 22:41 - 0012942 _____ () C:\ProgramData\ArcadeDeluxe5.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-10 05:46 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016 Ran by Cindy Landess-Arjes (2016-02-11 19:20:09) Running from C:\Users\Cindy Landess-Arjes\Downloads Windows 10 Home (X64) (2015-12-16 11:19:14) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-958527432-3178514216-3426787634-500 - Administrator - Disabled) Cindy Landess-Arjes (S-1-5-21-958527432-3178514216-3426787634-1001 - Administrator - Enabled) => C:\Users\Cindy Landess-Arjes DefaultAccount (S-1-5-21-958527432-3178514216-3426787634-503 - Limited - Disabled) Guest (S-1-5-21-958527432-3178514216-3426787634-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-958527432-3178514216-3426787634-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies) AVG (Version: 16.41.7442 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies) AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation) Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version: - ) Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version: - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix) clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2228.00 - CyberLink Corp.) clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden clear.fi (x32 Version: 1.0.2228.00 - CyberLink Corp.) Hidden clear.fi (x32 Version: 9.0.8228 - CyberLink Corp.) Hidden clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Criminal Minds (HKLM-x32\...\510006264) (Version: - Oberon Media) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Gardenscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden Gardenscapes 2 Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Ghost Whisperer (x32 Version: 3.0.2.32 - WildTangent) Hidden Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GoToMeeting 7.11.1.4419 (HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\GoToMeeting) (Version: 7.11.1.4419 - CitrixOnline) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.) Lost Secrets: Ancient Mysteries (x32 Version: 3.0.2.32 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Murder She Wrote (x32 Version: 2.2.0.98 - WildTangent) Hidden Murder She Wrote 2 (x32 Version: 3.0.2.48 - WildTangent) Hidden Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) NOOK Study (HKLM-x32\...\NOOK Study) (Version: 2.1.2.28499 - Barnesandnoble.com) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.) Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden The Princess Case: A Royal Scoop (x32 Version: 2.2.0.110 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Wager Pro (HKLM-x32\...\com.twinspires.tspro.air) (Version: v1.6.5 - Churchill Downs Technology Initiatives Company) Wager Pro (x32 Version: 1.6.5 - Churchill Downs Technology Initiatives Company) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-958527432-3178514216-3426787634-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-958527432-3178514216-3426787634-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07D2F204-F95D-411F-9E03-E468F5AE06C7} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-28] (Acer Incorporated) Task: {0AA8563D-B997-46BB-BC59-ADE01DE89CF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {0D43DC89-15E0-4299-AF2A-CD9CBECEA0F0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation) Task: {11635FB4-A829-4B6A-ABFB-A7E540E328CD} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {12D490F0-3E56-47D2-A564-D8FAECE17432} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {16BD6AB5-B4F3-46AB-AC5A-7F127E761D3D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {17AF6FAD-D5CB-48A6-92E0-F5E09AD4FDEA} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink) Task: {22843CF1-A813-4B91-A0AF-8160DBAB2AC0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {2C298086-6CE6-46B4-BDEA-260484504F01} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {2C51AEEF-5CB7-4CAD-9F49-6F151EF490D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {2ED879E7-60E6-40D6-82DC-D2E13A82C7A2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {2ED8C70F-B69D-4484-807A-354CCF573CD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {313F49DE-DAFA-4018-BADC-BF3E15410BE0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {393128F4-78F2-4041-A982-DDC3B37D4DE8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {3A71369E-9470-48E3-A37B-CC58307B268E} - \LaunchApp -> No File <==== ATTENTION Task: {3C7B7508-FF31-4BD2-8B41-85EDDBFED62F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {3DCEB555-9387-4AD9-A03B-E8C8E582998C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {41D46337-9877-4FB9-B1F1-2F086036DB10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {4210F604-3AB7-4454-A936-F9DF2E09E688} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001Core => C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21] (Facebook Inc.) Task: {4E3C9FB2-0B27-4AD3-BDAD-F9DEE06E605B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {553F40C0-6DEF-422D-9143-232A98BB2818} - System32\Tasks\G2MUpdateTask-S-1-5-21-958527432-3178514216-3426787634-1001 => C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\4419\g2mupdate.exe [2016-02-11] (Citrix Online, a division of Citrix Systems, Inc.) Task: {59DC4F40-FC74-4AC5-B50F-5E75876B5BA9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5A3B2A74-FA72-4B66-8333-8E5ED7DDA0BB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {5AC77A0E-1A92-4AE0-8811-A64DD3EBEEC8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {5DC09E47-C5C7-4F4B-83F0-0CE7503FE13B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {62CD40CC-4B2E-4310-AA75-6E76A09700FA} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {64B5FA6A-1D21-4CBA-A962-6E5B8580C163} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {671FB817-33F9-4D55-B2C4-2E5052C6530A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation) Task: {6866FB50-A19E-4025-A07F-BC3E8A1A48BF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {70ADB384-F9BD-4D47-AACA-8F405564E01D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {70F591F9-3E2A-49EF-A590-1EE761F0514F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {73752CA9-2295-4307-A69B-A205F3745BBD} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation) Task: {73F232AF-8ECC-4B85-88FC-7662B67012F7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {78F41595-F0A1-40A3-A949-B13F471BC80D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {7FC4E0E2-E65D-4EEE-BC0C-413A187D23B8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-09] (Microsoft Corporation) Task: {89CD4394-FD66-4DB6-9E2A-BF926558C6B0} - System32\Tasks\G2MUploadTask-S-1-5-21-958527432-3178514216-3426787634-1001 => C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\4419\g2mupload.exe [2016-02-11] (Citrix Online, a division of Citrix Systems, Inc.) Task: {91DDA22D-A734-4F71-B200-FB3FDF3E7265} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {9907B142-0D60-45CC-99F4-4ADAF8B69F6B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {9BBC341B-A150-408A-BF82-D7A3F74D8EFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {A973819B-D1EA-4E58-B59F-872A4300C25C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {AD113C56-CA7C-4866-854A-B40E5F8A9B78} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {B04742CF-7E4E-4184-89AF-B7E64C1CC8CD} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {B144993C-3968-492C-8E62-E2FB3762EDA4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {B23970D1-0CF6-46AC-8F7B-C60BD81ED560} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {BC1391BF-56A2-4195-8FC4-869004870119} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {BDAD0835-6373-4E6E-B256-165BA8085BE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {BF17AD5C-8CE4-4476-BBA3-2341C47C21B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {C15A0ED4-5CF6-48F1-8EAE-34935F6D4D69} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {C3CEB86B-2796-45A1-8526-CEB3E10C8A35} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {C45801F2-1CC5-4FAD-974F-D8428C740F4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C76B74DC-9410-4BD4-A062-BF610E4BD007} - System32\Tasks\{5C2B0CEB-EAAD-4B1B-B94E-7F06E8AD63DD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1618 Task: {D0A278E9-C436-42A7-9BC4-B1BF7EEACF85} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {DDA2408D-270C-4E0D-9A55-17AD3B52177C} - System32\Tasks\{AB8671FC-2318-4997-AD06-F6E368FABAB3} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1618 Task: {E1CDFC55-F6A6-49D6-B7ED-FB5B40B62FEB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {E54F5E13-014D-4F0B-AA42-CA1CD5B6F9A3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001UA => C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21] (Facebook Inc.) Task: {ECEF4E1F-5C34-48FA-BE7E-7577FD63B006} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.) Task: {F3A9D514-BC22-4666-9002-AE653D8E3F5D} - System32\Tasks\Google Updater and Installer => C:\Users\Cindy Landess-Arjes\AppData\Local\Google\Update\GoogleUpdate.exe Task: {F493ACE3-8CC1-4150-BE1B-608E4264FC36} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-19] (Microsoft Corporation) Task: {F8EB6081-147A-455C-8E4C-18D6429549E7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001Core.job => C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001UA.job => C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-958527432-3178514216-3426787634-1001.job => C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\4419\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-958527432-3178514216-3426787634-1001.job => C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\4419\g2mupload.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.)

Nice to meet you TwinHeadedEagle. I'm not the most knowledgeable when it comes to computers so I'll apologize now for my silly questions. I'm not sure if I'm doing the download of Farbar correctly. I can download it but I can't find the option to save it to my desktop (it lets me pin it to my taskbar) and when I open it I don't have the option to run as admin. I also want to apologize in advance that I don't have a lot of time to spend on my computer so I may not respond in a timely fashion. Thanks for your help!

This is the information that was requested. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016 Ran by Cindy Landess-Arjes (administrator) on CINDYLANDESS-AR (09-02-2016 19:36:35) Running from C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\Windows\INetCache\IE\JAHBR8N7 Loaded Profiles: Cindy Landess-Arjes (Available Profiles: Cindy Landess-Arjes & DefaultAppPool) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\Solitaire.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingApp.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingBar.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\bingsurrogate.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM-x32\...\Run: [backupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.) HKLM-x32\...\Run: [suiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-10-27] (CyberLink Corp.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\RunOnce: [uninstall C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\RunOnce: [uninstall C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1" HKU\S-1-5-21-958527432-3178514216-3426787634-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{f36f8e1f-2e6c-4c6c-8857-97f0866abf79}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{f36f8e1f-2e6c-4c6c-8857-97f0866abf79}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-958527432-3178514216-3426787634-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> DefaultScope {C7C4302E-00F9-459E-AC7D-7F347A0514DC} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F3896A22-195B-4A0A-BFD0-33E174B47003}&mid=33b7c85995fd47ccbf270d47e7fa0e11-4972b1725bb10c1b13bbf69b8945c4baf12364dd〈=en&ds=AVG&coid=avgtbavg&cmpid=0116avz&pr=fr&d=2016-01-26 21:02:32&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> {C7C4302E-00F9-459E-AC7D-7F347A0514DC} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-18] (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-17] (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-03] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-03] (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.) Toolbar: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.) Toolbar: HKU\S-1-5-21-958527432-3178514216-3426787634-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-17] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-03] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-03] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-17] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\13\NP_wtapp.dll [2012-10-17] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-958527432-3178514216-3426787634-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-13] (Citrix Online) FF Plugin HKU\S-1-5-21-958527432-3178514216-3426787634-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016 Ran by Cindy Landess-Arjes (2016-02-09 19:38:02) Running from C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\Windows\INetCache\IE\JAHBR8N7 Windows 10 Home (X64) (2015-12-16 11:19:14) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-958527432-3178514216-3426787634-500 - Administrator - Disabled) Cindy Landess-Arjes (S-1-5-21-958527432-3178514216-3426787634-1001 - Administrator - Enabled) => C:\Users\Cindy Landess-Arjes DefaultAccount (S-1-5-21-958527432-3178514216-3426787634-503 - Limited - Disabled) Guest (S-1-5-21-958527432-3178514216-3426787634-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-958527432-3178514216-3426787634-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation) Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated) Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies) AVG (Version: 16.31.7357 - AVG Technologies) Hidden AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies) AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation) Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version: - ) Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version: - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix) clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2228.00 - CyberLink Corp.) clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden clear.fi (x32 Version: 1.0.2228.00 - CyberLink Corp.) Hidden clear.fi (x32 Version: 9.0.8228 - CyberLink Corp.) Hidden clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Criminal Minds (HKLM-x32\...\510006264) (Version: - Oberon Media) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Gardenscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden Gardenscapes 2 Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden Ghost Whisperer (x32 Version: 3.0.2.32 - WildTangent) Hidden Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden GoToMeeting 7.11.0.4400 (HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\GoToMeeting) (Version: 7.11.0.4400 - CitrixOnline) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.) Lost Secrets: Ancient Mysteries (x32 Version: 3.0.2.32 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2062 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Murder She Wrote (x32 Version: 2.2.0.98 - WildTangent) Hidden Murder She Wrote 2 (x32 Version: 3.0.2.48 - WildTangent) Hidden Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.) newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com) NOOK Study (HKLM-x32\...\NOOK Study) (Version: 2.1.2.28499 - Barnesandnoble.com) NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.) Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden The Princess Case: A Royal Scoop (x32 Version: 2.2.0.110 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Wager Pro (HKLM-x32\...\com.twinspires.tspro.air) (Version: v1.6.5 - Churchill Downs Technology Initiatives Company) Wager Pro (x32 Version: 1.6.5 - Churchill Downs Technology Initiatives Company) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-958527432-3178514216-3426787634-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-958527432-3178514216-3426787634-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07D2F204-F95D-411F-9E03-E468F5AE06C7} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-28] (Acer Incorporated) Task: {0AA8563D-B997-46BB-BC59-ADE01DE89CF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {0D43DC89-15E0-4299-AF2A-CD9CBECEA0F0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation) Task: {11635FB4-A829-4B6A-ABFB-A7E540E328CD} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {12D490F0-3E56-47D2-A564-D8FAECE17432} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {16BD6AB5-B4F3-46AB-AC5A-7F127E761D3D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {17AF6FAD-D5CB-48A6-92E0-F5E09AD4FDEA} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink) Task: {22843CF1-A813-4B91-A0AF-8160DBAB2AC0} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.) Task: {2C298086-6CE6-46B4-BDEA-260484504F01} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {2C51AEEF-5CB7-4CAD-9F49-6F151EF490D2} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {2ED879E7-60E6-40D6-82DC-D2E13A82C7A2} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {2ED8C70F-B69D-4484-807A-354CCF573CD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {313F49DE-DAFA-4018-BADC-BF3E15410BE0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {393128F4-78F2-4041-A982-DDC3B37D4DE8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {3A71369E-9470-48E3-A37B-CC58307B268E} - \LaunchApp -> No File <==== ATTENTION Task: {3C7B7508-FF31-4BD2-8B41-85EDDBFED62F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {3DCEB555-9387-4AD9-A03B-E8C8E582998C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {41D46337-9877-4FB9-B1F1-2F086036DB10} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {4210F604-3AB7-4454-A936-F9DF2E09E688} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001Core => C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21] (Facebook Inc.) Task: {4E3C9FB2-0B27-4AD3-BDAD-F9DEE06E605B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {553F40C0-6DEF-422D-9143-232A98BB2818} - System32\Tasks\G2MUpdateTask-S-1-5-21-958527432-3178514216-3426787634-1001 => C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\4400\g2mupdate.exe [2016-02-06] (Citrix Online, a division of Citrix Systems, Inc.) Task: {59DC4F40-FC74-4AC5-B50F-5E75876B5BA9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {5A3B2A74-FA72-4B66-8333-8E5ED7DDA0BB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {5AC77A0E-1A92-4AE0-8811-A64DD3EBEEC8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {5DC09E47-C5C7-4F4B-83F0-0CE7503FE13B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {62CD40CC-4B2E-4310-AA75-6E76A09700FA} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe Task: {64B5FA6A-1D21-4CBA-A962-6E5B8580C163} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {671FB817-33F9-4D55-B2C4-2E5052C6530A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-17] (Microsoft Corporation) Task: {6866FB50-A19E-4025-A07F-BC3E8A1A48BF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {70ADB384-F9BD-4D47-AACA-8F405564E01D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {70F591F9-3E2A-49EF-A590-1EE761F0514F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {73752CA9-2295-4307-A69B-A205F3745BBD} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation) Task: {73F232AF-8ECC-4B85-88FC-7662B67012F7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {756FAB52-A8E4-4B2B-8143-1BC934711191} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-09] (Microsoft Corporation) Task: {78F41595-F0A1-40A3-A949-B13F471BC80D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {89CD4394-FD66-4DB6-9E2A-BF926558C6B0} - System32\Tasks\G2MUploadTask-S-1-5-21-958527432-3178514216-3426787634-1001 => C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\4400\g2mupload.exe [2016-02-06] (Citrix Online, a division of Citrix Systems, Inc.) Task: {91DDA22D-A734-4F71-B200-FB3FDF3E7265} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {9907B142-0D60-45CC-99F4-4ADAF8B69F6B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {9BBC341B-A150-408A-BF82-D7A3F74D8EFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {A973819B-D1EA-4E58-B59F-872A4300C25C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {AD113C56-CA7C-4866-854A-B40E5F8A9B78} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {B04742CF-7E4E-4184-89AF-B7E64C1CC8CD} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {B144993C-3968-492C-8E62-E2FB3762EDA4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {B23970D1-0CF6-46AC-8F7B-C60BD81ED560} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {BC1391BF-56A2-4195-8FC4-869004870119} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {BDAD0835-6373-4E6E-B256-165BA8085BE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated) Task: {BF17AD5C-8CE4-4476-BBA3-2341C47C21B9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {C15A0ED4-5CF6-48F1-8EAE-34935F6D4D69} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {C3CEB86B-2796-45A1-8526-CEB3E10C8A35} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {C45801F2-1CC5-4FAD-974F-D8428C740F4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C76B74DC-9410-4BD4-A062-BF610E4BD007} - System32\Tasks\{5C2B0CEB-EAAD-4B1B-B94E-7F06E8AD63DD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1618 Task: {D0A278E9-C436-42A7-9BC4-B1BF7EEACF85} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {DDA2408D-270C-4E0D-9A55-17AD3B52177C} - System32\Tasks\{AB8671FC-2318-4997-AD06-F6E368FABAB3} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1618 Task: {E1CDFC55-F6A6-49D6-B7ED-FB5B40B62FEB} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {E54F5E13-014D-4F0B-AA42-CA1CD5B6F9A3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001UA => C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21] (Facebook Inc.) Task: {ECEF4E1F-5C34-48FA-BE7E-7577FD63B006} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.) Task: {F3A9D514-BC22-4666-9002-AE653D8E3F5D} - System32\Tasks\Google Updater and Installer => C:\Users\Cindy Landess-Arjes\AppData\Local\Google\Update\GoogleUpdate.exe Task: {F493ACE3-8CC1-4150-BE1B-608E4264FC36} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-19] (Microsoft Corporation) Task: {F8EB6081-147A-455C-8E4C-18D6429549E7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001Core.job => C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-958527432-3178514216-3426787634-1001UA.job => C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-958527432-3178514216-3426787634-1001.job => C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\4400\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-958527432-3178514216-3426787634-1001.job => C:\Users\Cindy Landess-Arjes\AppData\Local\Citrix\GoToMeeting\4400\g2mupload.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\Windows\GameExplorer\{D1E07273-CB65-4885-AE12-D07ECFE3D833}\PlayTasks\0\Play.lnk -> C:\ProgramData\Oberon Media\Channels\110268333\4.0.0.0\Launcher.exe (Oberon Media) -> /Name="Criminal Minds" /sku=510006264 /url=hxxp://userassets.apizone.betaregion.oberon-media.com/Launcher/App/LauncherPage.aspx /Channel="110268333" ShortcutWithArgument: C:\Users\Cindy Landess-Arjes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games of the Month\Criminal Minds\Criminal Minds.lnk -> C:\ProgramData\Oberon Media\Channels\110268333\4.0.0.0\Launcher.exe (Oberon Media) -> /Name="Criminal Minds" /sku=510006264 /url=hxxp://userassets.apizone.betaregion.oberon-media.com/Launcher/App/LauncherPage.aspx /Channel="110268333" ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001 ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-04 07:32 - 2016-01-17 14:46 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-12-16 06:39 - 2015-12-16 06:39 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-16 06:39 - 2015-12-16 06:39 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-01-28 14:01 - 2016-01-17 17:07 - 08913088 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-01-22 06:55 - 2016-01-22 06:56 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-12-18 07:19 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-12-18 07:19 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-12 18:39 - 2016-01-04 19:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-01-12 18:39 - 2016-01-04 19:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-01-27 16:05 - 2016-01-15 23:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-01-27 16:05 - 2016-01-15 23:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-11-26 22:54 - 2012-11-26 22:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-01-13 06:48 - 2016-01-13 06:49 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll 2015-10-15 15:21 - 2015-10-15 15:23 - 04485808 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll 2011-04-23 19:29 - 2011-04-23 19:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2011-04-23 19:29 - 2011-04-23 19:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2011-04-23 19:29 - 2011-04-23 19:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2011-10-26 05:09 - 2010-04-13 10:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2016-01-22 06:55 - 2016-01-22 06:56 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-01-22 06:55 - 2016-01-22 06:56 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2011-08-24 20:03 - 2011-08-24 20:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll 2015-11-23 19:02 - 2015-11-23 19:02 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:214562D2 AlternateDataStreams: C:\ProgramData\Temp:47E35D9B ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2014-02-06 20:27 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-958527432-3178514216-3426787634-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cindy Landess-Arjes\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\pict0225_1_0235.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKLM\...\StartupApproved\Run: => "CanonMyPrinter" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer" HKU\S-1-5-21-958527432-3178514216-3426787634-1001\...\StartupApproved\Run: => "Sidebar" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{FBD2E298-4D50-42F0-8024-82FA879F7BCD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{57E94B6A-12AB-4DD0-8E3A-8766CFD90171}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5610F8E4-6086-4B04-9937-0CE795B70AFF}] => (Allow) LPort=2869 FirewallRules: [{C352E370-43FE-4360-ADF8-1C26975C46DE}] => (Allow) LPort=1900 FirewallRules: [{785D41D7-1F3E-4953-BE54-0E012D78D5C0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{4C3FAC29-EA0C-4688-A2AA-2BC1B9463821}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{A7940173-AB82-47D8-9D01-838FE9060891}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe FirewallRules: [{C28BB5B4-01EB-47FC-9C53-0A46518D12E4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe FirewallRules: [{4734CBFE-7D02-4D53-AB59-4F77FCFD70F6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe FirewallRules: [{9F4FF57C-95E2-4A3B-9A0E-F0249AC56A6A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{633D78DE-B941-4E8A-B714-BC982909A1AE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{D2DF6E30-6730-4A3B-A43A-8AFCF8EF9E27}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe FirewallRules: [{9D03313E-8E25-4980-9C6A-63671FBF39A1}] => (Allow) C:\Program Files (x86)\Barnes & Noble\NOOKstudy\NOOKStudy.exe FirewallRules: [{6E3DE104-355B-4954-A800-0ACE432C39B4}] => (Allow) C:\Program Files (x86)\Barnes & Noble\NOOKstudy\NOOKStudy.exe FirewallRules: [{8E2D22ED-FE05-47EA-98B3-38116EAA35E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{DFB2355E-0A31-4BF3-BEB1-60E5B83E8AFD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{C809E982-E1D1-4492-9C03-4DBA471022B5}] => (Allow) C:\Users\Cindy Landess-Arjes\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{B5440628-DD88-476C-9BA6-A8CC664B9BBE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{76D68F0A-7471-44B4-A8CF-DE85587B4D40}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe FirewallRules: [{951FA29B-0027-4588-91EC-EDEBB32299A5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{6DF1D62A-17B8-4BC0-B4C3-28EDCC431CAC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe FirewallRules: [{AC4085D9-A57E-4ADA-B82A-74396A550EF5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe FirewallRules: [{C1B7E43C-D613-4C54-8D83-317490750223}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe ==================== Restore Points ========================= 21-01-2016 07:20:03 Scheduled Checkpoint 27-01-2016 16:06:17 Windows Update 05-02-2016 11:22:18 Scheduled Checkpoint 09-02-2016 13:24:50 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/09/2016 04:21:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CINDYLANDESS-AR) Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (02/09/2016 01:24:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (02/09/2016 12:04:23 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Information only. The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support. Error: (02/09/2016 10:28:23 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (02/09/2016 10:03:47 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "mapi15://{S-1-5-21-958527432-3178514216-3426787634-1001}/">. Error: (02/09/2016 10:03:15 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/09/2016 10:03:15 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/09/2016 10:03:15 AM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/09/2016 10:03:15 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (02/09/2016 10:03:10 AM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized. Context: Windows Application Details: (HRESULT : 0x8e5e0210) (0x8e5e0210) System errors: ============= Error: (02/09/2016 12:03:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 Error: (02/09/2016 12:03:48 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:32:32 AM on ‎2/‎9/‎2016 was unexpected. Error: (02/09/2016 10:04:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service. Error: (02/09/2016 10:03:45 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: %%1056 Error: (02/09/2016 10:03:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (02/09/2016 10:03:15 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with the following service-specific error: %%2147749126 Error: (02/09/2016 10:02:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 Error: (02/09/2016 10:02:31 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:43:16 AM on ‎2/‎9/‎2016 was unexpected. Error: (02/08/2016 03:37:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 Error: (02/08/2016 03:37:38 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:26:21 PM on ‎2/‎8/‎2016 was unexpected. CodeIntegrity: =================================== Date: 2016-01-28 14:04:28.824 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-28 13:12:58.552 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-22 07:07:16.074 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-13 03:20:19.129 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-07 07:10:57.324 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-07 06:30:30.021 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-01-01 07:17:58.425 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-31 03:34:35.470 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-23 07:57:49.115 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-19 19:38:05.706 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 370 @ 2.40GHz Percentage of memory in use: 41% Total physical RAM: 5814.7 MB Available physical RAM: 3377.07 MB Total Virtual: 11702.7 MB Available Virtual: 9179.27 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:389.77 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 86FB6810) Partition 1: (Not Active) - (Size=18 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=447.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ====================== Thanks for any help!

Thanks again!

I think I'll leave it alone. It's running better now and I don't want to take a chance.

I did the above and the box didn't pop back up. The computer is running a little slow. I installed the Online Armor firewall. Would this be the cause of it running a slower? Thanks again for all the help. You are very good at what you do to get me through all of this.

I really appreciate all the help you have given me. I have a box that pops up when I reboot. It's labeled RunDLL and the text reads "There was a problem starting C:\Users\Cindy Landess-Arjes\AppData\Local\BackgroundContainer\BackgroundContainer.dll The specified module cound not be found" Is this anything to worry about? Other than that, everything seems to be running very well.