Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer infected with malware?

Started by tjmoes , Aug 28 2015 04:25 PM

  • This topic is locked This topic is locked

#1
tjmoes
Posted 28 August 2015 - 04:25 PM

tjmoes

    Member

  • Member
  • PipPip
  • 15 posts

My mom has been having all sorts of problems with her laptop.  Random popups and ads continue to flood her system.  I ran Malwarebytes a couple of weeks ago and it found some problems but corrected them.  When I ran a scan today, if didn't find anything.  I am still receiving tons of pop ups when I go onto the internet.

 

I think the pop ups say "Ads by name" and lots of stuff saying "software support" and such.

 

Thanks for your help!

 

TJ

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015
Ran by Pam (administrator) on PAM-PC (28-08-2015 17:11:02)
Running from C:\Users\Pam\Desktop
Loaded Profiles: Pam (Available Profiles: Pam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Elsinore Technologies, Inc.) C:\Program Files (x86)\ScreenConnect Client (f791e031efc13bde)\Elsinore.ScreenConnect.ClientService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
(Elsinore Technologies, Inc.) C:\Program Files (x86)\ScreenConnect Client (f791e031efc13bde)\Elsinore.ScreenConnect.WindowsClient.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkITunesPlugin.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780912 2013-09-20] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253952 2013-05-07] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1401064 2014-04-28] (Adobe Systems Incorporated)
HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
AppInit_DLLs: Files Files Files => No File
AppInit_DLLs-x32: c:\program files c:\program files c:\program files => No File
Startup: C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk [2015-05-08]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-07-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53963;https=127.0.0.1:53963
HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{6526E2EB-6596-4FF6-B829-9B4CDE4416C4}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{8EF15907-D75B-41B8-9E87-FB117A923FA1}: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\lhhnic2v.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M384ECB5D-36E7-4007-AD7D-DC7A1E63265C&SearchSource=55&CUI=&UM=8&UP=SPDDCE02A0-D308-4C4B-A1D7-2AC262BB9D22&D=080815&SSPV=
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2850889850-1339263924-1582463754-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Pam\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-15] (Citrix Online)
FF Plugin HKU\S-1-5-21-2850889850-1339263924-1582463754-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Pam\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Extension: downloadpaneltweaksdagger2addonsmozillaorg - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\lhhnic2v.default\Extensions\[email protected] [2015-08-13]
FF Extension: COuuopExtoension - C:\Users\Pam\AppData\Roaming\Mozilla\Firefox\Profiles\lhhnic2v.default\Extensions\[email protected] [2015-08-28]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-08-13]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [45056 2013-06-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160768 2013-06-27] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
R2 ScreenConnect Client (f791e031efc13bde); C:\Program Files (x86)\ScreenConnect Client (f791e031efc13bde)\Elsinore.ScreenConnect.ClientService.exe [53720 2014-07-08] (Elsinore Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 fdfcd97f; "C:\Windows\system32\rundll32.exe" "c:\program files (x86)\UpgradeLeader\UpgradeLeader.dll",serv
S2 Guilty Troupe; C:\Users\Pam\AppData\Roaming\Guilty Troupe\Guilty Troupe.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-31] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [585944 2015-01-20] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-01] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-20] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 17:11 - 2015-08-28 17:11 - 00018180 _____ C:\Users\Pam\Desktop\FRST.txt
2015-08-28 17:10 - 2015-08-28 17:10 - 02186752 _____ (Farbar) C:\Users\Pam\Desktop\FRST64.exe
2015-08-28 17:09 - 2015-08-28 17:11 - 00000000 ____D C:\FRST
2015-08-27 18:22 - 2015-08-27 18:22 - 00001764 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-27 18:22 - 2015-08-27 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-27 18:20 - 2015-08-27 18:22 - 00000000 ____D C:\Program Files\iTunes
2015-08-27 18:20 - 2015-08-27 18:20 - 00000000 ____D C:\Program Files\iPod
2015-08-27 18:20 - 2015-08-27 18:20 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-25 16:24 - 2015-08-25 16:24 - 00008212 _____ C:\Users\Pam\Documents\I OWE PC  DOCTOR.xlsx
2015-08-24 20:39 - 2015-08-24 20:39 - 00000229 _____ C:\Users\Pam\Desktop\Medifocus Guidebook on Sjogren's Syndrome (3).url
2015-08-23 17:07 - 2015-08-23 17:07 - 00009771 _____ C:\Users\Pam\Documents\Font.xlsx
2015-08-21 01:43 - 2015-08-21 01:43 - 720334757 _____ C:\Windows\MEMORY.DMP
2015-08-21 01:43 - 2015-08-21 01:43 - 00912232 _____ C:\Windows\Minidump\082115-22183-01.dmp
2015-08-20 13:47 - 2015-08-25 19:32 - 00000552 _____ C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Amazon.com Amazon Prime (One Year Membership).website
2015-08-20 03:00 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 03:00 - 2015-08-10 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 03:00 - 2015-08-10 19:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 03:00 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-18 21:22 - 2015-08-18 21:22 - 00000217 _____ C:\Users\Pam\Desktop\Medifocus Guidebook on Sjogren's Syndrome (2).url
2015-08-16 21:21 - 2015-08-16 21:22 - 00009616 _____ C:\Users\Pam\Documents\Ally and Kate  8-16-2015.xlsx
2015-08-15 17:30 - 2015-08-20 17:34 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-15 17:30 - 2015-08-15 17:30 - 00000000 ____D C:\Users\Pam\AppData\Roaming\TuneUp Software
2015-08-15 17:27 - 2015-08-20 17:35 - 00000000 ____D C:\ProgramData\MFAData
2015-08-15 17:27 - 2015-08-15 17:27 - 00000000 ____D C:\Users\Pam\AppData\Local\MFAData
2015-08-15 17:25 - 2015-08-20 17:40 - 00000000 ____D C:\Users\Pam\AppData\Local\AvgSetupLog
2015-08-15 17:25 - 2015-08-20 17:40 - 00000000 ____D C:\ProgramData\Avg
2015-08-15 17:25 - 2015-08-15 17:25 - 00000000 ____D C:\Users\Pam\AppData\Local\Avg
2015-08-15 15:57 - 2015-08-15 15:57 - 00003232 _____ C:\Windows\System32\Tasks\IP Helper 1.54.15
2015-08-15 15:49 - 2015-08-28 16:39 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-15 15:49 - 2015-08-15 19:38 - 00001139 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-15 15:49 - 2015-08-15 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-15 15:49 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-15 15:49 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-14 18:38 - 2015-08-14 18:38 - 00003266 _____ C:\Windows\System32\Tasks\Software Protection32
2015-08-14 18:03 - 2015-08-14 18:06 - 00000000 ___RD C:\Users\Pam\Documents\HP Photo Creations
2015-08-14 18:02 - 2015-08-28 17:09 - 00000390 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-08-14 18:02 - 2015-08-14 18:06 - 00000000 ____D C:\Users\Pam\AppData\Roaming\HP Photo Creations
2015-08-14 18:02 - 2015-08-14 18:03 - 00003390 _____ C:\Windows\System32\Tasks\HP Photo Creations Communicator
2015-08-14 18:02 - 2015-08-14 18:03 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Visan
2015-08-14 18:02 - 2015-08-14 18:02 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-08-13 20:09 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 20:09 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 17:53 - 2015-08-13 17:53 - 00003258 _____ C:\Windows\System32\Tasks\Intel® Capability Licensing Service Interface 1.29.13
2015-08-13 15:30 - 2015-08-20 12:18 - 00000000 ____D C:\ProgramData\881c1cc80000156b
2015-08-13 15:30 - 2015-08-15 16:09 - 00000000 ____D C:\Program Files (x86)\UpgradeLeader
2015-08-13 15:04 - 2015-08-13 15:05 - 00000099 _____ C:\Windows\Reimage.ini
2015-08-13 15:02 - 2015-08-15 16:10 - 00000000 ____D C:\Users\Pam\AppData\Local\ProgramCompatibility
2015-08-13 14:45 - 2015-08-13 14:45 - 00000000 ____D C:\Windows\pss
2015-08-13 14:41 - 2015-08-13 14:41 - 00000942 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-08-13 14:16 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 14:16 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 14:16 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 14:16 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 14:16 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 14:16 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-13 14:16 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 14:16 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 14:16 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 14:16 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-13 14:16 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-13 14:16 - 2015-07-16 14:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 14:16 - 2015-07-16 14:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 14:16 - 2015-07-16 14:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-13 14:16 - 2015-07-15 13:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 14:16 - 2015-07-15 13:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 14:16 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 14:16 - 2015-07-15 13:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-13 14:16 - 2015-07-15 12:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-13 14:16 - 2015-07-15 12:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 14:16 - 2015-07-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-13 14:15 - 2015-07-20 19:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-13 14:15 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-13 14:15 - 2015-07-16 15:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-13 14:15 - 2015-07-16 15:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-13 14:15 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 14:15 - 2015-07-16 15:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-13 14:15 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 14:15 - 2015-07-16 15:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-13 14:15 - 2015-07-16 15:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-13 14:15 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 14:15 - 2015-07-16 15:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-13 14:15 - 2015-07-16 15:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-13 14:15 - 2015-07-16 15:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-13 14:15 - 2015-07-16 15:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-13 14:15 - 2015-07-16 15:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-13 14:15 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 14:15 - 2015-07-16 14:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-13 14:15 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-13 14:15 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 14:15 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-13 14:15 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-13 14:15 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 14:15 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-13 14:15 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-13 14:15 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 14:15 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 14:15 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-13 14:15 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-13 14:15 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 14:15 - 2015-07-16 14:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-13 14:15 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 14:15 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 14:15 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-13 14:15 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-13 14:15 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-13 14:15 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-13 14:15 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-13 14:15 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 14:15 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 14:15 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-13 14:15 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 14:15 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-13 14:15 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 14:15 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 14:15 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 14:15 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 14:15 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-13 14:15 - 2015-07-15 13:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-13 14:15 - 2015-07-15 13:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-13 14:15 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 14:15 - 2015-07-15 13:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-13 14:15 - 2015-07-15 13:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-13 14:15 - 2015-07-15 13:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-13 14:15 - 2015-07-15 13:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-13 14:15 - 2015-07-15 13:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-13 14:15 - 2015-07-15 13:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-13 14:15 - 2015-07-15 13:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-13 14:15 - 2015-07-15 13:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-13 14:15 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 14:15 - 2015-07-15 13:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-13 14:15 - 2015-07-15 13:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-13 14:15 - 2015-07-15 13:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-13 14:15 - 2015-07-15 13:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 13:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-13 14:15 - 2015-07-15 12:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-13 14:15 - 2015-07-15 12:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-13 14:15 - 2015-07-15 12:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-13 14:15 - 2015-07-15 12:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-13 14:15 - 2015-07-15 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-13 14:15 - 2015-07-15 12:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-13 14:15 - 2015-07-15 12:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-13 14:15 - 2015-07-15 12:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-13 14:15 - 2015-07-15 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-13 14:15 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-13 14:15 - 2015-07-15 12:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-13 14:15 - 2015-07-15 12:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-13 14:15 - 2015-07-15 12:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-13 14:15 - 2015-07-15 12:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-13 14:15 - 2015-07-15 12:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-13 14:15 - 2015-07-15 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-13 14:15 - 2015-07-15 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-13 14:15 - 2015-07-15 12:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-13 14:15 - 2015-07-15 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-13 14:15 - 2015-07-15 12:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 12:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 11:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-13 14:15 - 2015-07-15 11:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-13 14:15 - 2015-07-15 11:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-13 14:15 - 2015-07-15 11:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-13 14:15 - 2015-07-15 11:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-13 14:15 - 2015-07-15 11:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 11:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 11:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-13 14:15 - 2015-07-15 11:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-13 14:15 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 14:14 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 14:14 - 2015-07-16 15:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-13 14:14 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 14:14 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 14:14 - 2015-07-16 15:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-13 14:14 - 2015-07-16 14:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-13 14:14 - 2015-07-16 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-13 14:14 - 2015-07-16 14:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-13 14:14 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 14:09 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-13 14:09 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 14:09 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 14:09 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-13 14:09 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 14:09 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-13 14:09 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-13 14:09 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-13 14:09 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 14:09 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-13 14:09 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 14:09 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-13 14:09 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-13 14:09 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 14:09 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 14:09 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 14:09 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-13 14:09 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 14:09 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 14:09 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-13 14:09 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-13 14:09 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-13 14:09 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-13 14:09 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-13 14:09 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-13 14:09 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-13 14:09 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-13 14:09 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-13 14:09 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-13 14:09 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-13 14:09 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-13 14:09 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-13 14:09 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 14:09 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 14:09 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-13 14:09 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-13 14:09 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 14:09 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 14:09 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-13 14:09 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-13 14:09 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-13 14:09 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-13 14:09 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 14:09 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 14:09 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 14:09 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 14:09 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 14:09 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 14:09 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-13 14:08 - 2015-05-09 13:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 01:30 - 2015-08-09 01:30 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-08-09 00:36 - 2015-08-15 16:09 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Guilty Troupe
2015-08-08 23:49 - 2015-08-08 23:49 - 00000000 ____D C:\Program Files (x86)\Exploremedia
2015-08-08 23:47 - 2015-08-08 23:47 - 00000000 ____D C:\Users\Pam\AppData\Roaming\InstallShield
2015-08-08 23:22 - 2015-08-13 17:54 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-08 23:22 - 2015-08-13 14:46 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-08 23:22 - 2015-08-08 23:22 - 00000000 ____D C:\Users\Pam\AppData\Local\globalUpdate
2015-08-08 23:20 - 2015-08-15 16:09 - 00000000 ____D C:\Users\Pam\AppData\Local\SmartWeb
2015-08-08 23:19 - 2015-08-08 23:19 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Ebon
2015-08-08 23:19 - 2015-08-08 23:19 - 00000000 ____D C:\Users\Pam\AppData\Local\Ebon
2015-08-08 23:19 - 2015-08-08 23:19 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-08 23:17 - 2015-08-08 23:17 - 00000000 ____D C:\Program Files\Windows Live
2015-08-08 23:17 - 2010-04-28 08:57 - 00061288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-08-08 23:16 - 2015-08-08 23:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2015-08-08 23:15 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-08-08 23:15 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-08-08 23:14 - 2015-08-08 23:15 - 00031444 _____ C:\Windows\DirectX.log
2015-08-08 23:14 - 2015-08-08 23:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-08-08 23:13 - 2015-08-15 19:32 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-08-08 23:13 - 2015-08-13 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-08-08 23:12 - 2015-08-09 00:05 - 00000000 ____D C:\Program Files (x86)\Ebon
2015-08-08 23:12 - 2015-08-08 23:12 - 00000000 ____D C:\Windows\PCHEALTH
2015-08-08 23:10 - 2009-06-10 16:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-08 23:09 - 2015-08-09 00:04 - 00000008 _____ C:\END
2015-08-08 23:09 - 2015-08-08 23:10 - 141399376 _____ (Microsoft Corporation) C:\Users\Pam\Desktop\windows-live-photo-gallery-multi.exe
2015-08-06 19:48 - 2015-08-06 19:48 - 00010089 _____ C:\Users\Pam\Documents\LIFE BELOW ZERO.xlsx
2015-08-04 23:14 - 2015-08-04 23:14 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 7a7775be3acd450c899ff9a68176f95870cb94600d644bb495e4e22e871516cd
2015-08-04 23:13 - 2015-08-04 23:13 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 45856a853ffe4d269036b5cb4bccc668df48b595fea04d2e94313796e9293170
2015-08-04 23:12 - 2015-08-04 23:12 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 6eb6c4fc44914b4ca11810db10ba0137708a6865f937446baf382e5dec107c45
2015-08-04 22:33 - 2015-08-04 22:33 - 00000548 _____ C:\Users\Pam\Desktop\mayo clinic medical information - Yahoo Search Results.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 17:02 - 2013-11-19 11:43 - 02028355 _____ C:\Windows\WindowsUpdate.log
2015-08-28 16:48 - 2009-07-13 23:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 16:48 - 2009-07-13 23:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-28 16:26 - 2015-06-24 13:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-28 16:26 - 2014-06-06 15:43 - 00000000 ____D C:\Users\Pam\Documents\Outlook Files
2015-08-28 15:49 - 2013-11-25 21:53 - 00000397 _____ C:\Users\Pam\AppData\Local\BTServer.log
2015-08-28 02:00 - 2013-11-25 22:35 - 00000000 ____D C:\Users\Pam\AppData\Local\Adobe
2015-08-27 21:09 - 2014-08-22 22:17 - 00010691 _____ C:\Users\Pam\Documents\TV GUIDE.xlsx
2015-08-27 18:20 - 2014-06-28 11:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-27 17:08 - 2014-05-25 22:30 - 00015244 _____ C:\Users\Pam\Documents\Medication List 5-25-2014.xlsx
2015-08-26 18:18 - 2015-03-03 22:43 - 00013798 _____ C:\Users\Pam\Documents\Alaskan Cruise 2015.xlsx
2015-08-26 18:02 - 2009-07-14 00:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-26 17:54 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 17:53 - 2015-07-22 14:25 - 00002744 _____ C:\Windows\setupact.log
2015-08-25 18:19 - 2014-03-16 22:23 - 00039790 _____ C:\Users\Pam\Documents\Passwords.xlsx
2015-08-25 16:16 - 2013-11-21 14:42 - 00185304 _____ C:\Windows\PFRO.log
2015-08-24 20:34 - 2015-02-24 15:40 - 00008247 _____ C:\Users\Pam\Documents\Theisen History.xlsx
2015-08-24 20:33 - 2015-04-26 23:52 - 00011367 _____ C:\Users\Pam\Documents\Theisen Addresses 5-2015.xlsx
2015-08-24 20:08 - 2015-02-25 17:24 - 00010896 _____ C:\Users\Pam\Documents\Addresses and Phone Abler Family.xlsx
2015-08-24 13:47 - 2014-02-26 16:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-23 23:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-23 22:44 - 2013-11-19 12:39 - 00000000 ____D C:\ProgramData\Realtek
2015-08-21 02:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-08-21 01:43 - 2014-03-07 21:29 - 00000000 ____D C:\Windows\Minidump
2015-08-21 00:56 - 2015-07-07 18:16 - 00016744 _____ C:\Users\Pam\Documents\Medication List and Diary 7-7-2015.xlsx
2015-08-16 00:54 - 2014-10-18 17:28 - 00011028 _____ C:\Users\Pam\Documents\Names and Addreses.xlsx
2015-08-15 19:38 - 2014-11-04 18:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-15 16:10 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2015-08-15 16:09 - 2015-07-12 16:20 - 00000000 ____D C:\Program Files (x86)\ODMDownloader
2015-08-15 16:09 - 2015-01-22 00:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-14 18:26 - 2015-06-24 13:34 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-14 18:26 - 2015-06-24 13:34 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 18:26 - 2015-06-24 13:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-14 18:02 - 2014-05-19 22:37 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-08-14 17:36 - 2013-11-19 11:40 - 00519336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-14 17:35 - 2014-12-10 10:41 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-14 17:35 - 2014-05-10 23:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 20:09 - 2013-11-25 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 20:08 - 2013-11-25 22:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 20:08 - 2013-11-25 22:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 20:04 - 2013-11-07 13:16 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 20:01 - 2013-11-07 13:16 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-13 15:26 - 2013-11-25 21:54 - 00001436 _____ C:\Users\Pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-13 13:40 - 2014-02-26 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-13 13:40 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-13 13:38 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-13 13:38 - 2015-04-02 21:03 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2015-08-13 13:38 - 2013-11-25 21:53 - 00000000 ____D C:\Users\Pam
2015-08-13 13:38 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-13 13:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-08-08 23:49 - 2014-09-27 14:34 - 00000000 ____D C:\Users\Pam\AppData\Local\Google
2015-08-08 23:36 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-07 07:58 - 2014-10-15 20:17 - 00011748 _____ C:\Users\Pam\Documents\Subscriptions.xlsx
2015-08-04 01:14 - 2013-11-06 19:51 - 00000000 ____D C:\Windows\Panther
2015-08-04 01:10 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-02 01:41 - 2015-06-07 00:28 - 00009732 _____ C:\Users\Pam\Documents\Time Warner Cable.xlsx

==================== Files in the root of some directories =======

2015-08-09 01:30 - 2015-08-09 01:30 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-06-06 15:53 - 2014-06-06 15:53 - 0038459 _____ () C:\Users\Pam\AppData\Roaming\Comma Separated Values.ADR
2013-11-25 21:53 - 2015-08-28 15:49 - 0000397 _____ () C:\Users\Pam\AppData\Local\BTServer.log
2015-01-21 21:23 - 2015-01-21 21:23 - 12175429 _____ () C:\Users\Pam\AppData\Local\Temp434.jpg
2013-12-04 17:45 - 2013-12-04 17:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-11-15 14:05 - 2013-11-15 14:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-23 01:45

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-08-2015
Ran by Pam (2015-08-28 17:12:22)
Running from C:\Users\Pam\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2850889850-1339263924-1582463754-500 - Administrator - Disabled)
Guest (S-1-5-21-2850889850-1339263924-1582463754-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2850889850-1339263924-1582463754-1002 - Limited - Enabled)
Pam (S-1-5-21-2850889850-1339263924-1582463754-1000 - Administrator - Enabled) => C:\Users\Pam

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 12 (Version: 12.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{4207BD5E-6F51-4C57-BC86-A0EBE9088A30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Photo Creations (HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\...\HP Photo Creations) (Version: 1.0.0.18922 - HP)
HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7510 series Help (HKLM-x32\...\{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 7510 series Product Improvement Study (HKLM\...\{566BB063-0E28-4273-A748-690BE86A7E26}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Chipset INF (x32 Version: 10.0.3 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0090 - Pegatron Corporation)
PRE12 STI 64Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.754.754.080213 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - REALTEK Semiconductor Corp.)
ScreenConnect Client (f791e031efc13bde) (HKLM-x32\...\{89B67012-59B6-43C3-94B8-B497ECB18DE0}) (Version: 4.4.7175.5302 - Elsinore Technologies, Inc.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.15.0 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2850889850-1339263924-1582463754-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2850889850-1339263924-1582463754-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2850889850-1339263924-1582463754-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2850889850-1339263924-1582463754-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2850889850-1339263924-1582463754-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2850889850-1339263924-1582463754-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

18-08-2015 14:34:17 Removed Adblock Plus for IE (32-bit and 64-bit)
20-08-2015 01:48:51 Windows Update
20-08-2015 03:00:10 Windows Update
20-08-2015 17:28:58 Removed AVG 2015
20-08-2015 17:33:57 Removed AVG 2015
23-08-2015 11:42:52 Windows Update
26-08-2015 17:59:37 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A47AF7-802E-4FAD-A344-DBD8058DB012} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION
Task: {11A34FA3-8F64-4F04-9AF4-6FA46501243E} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {12544792-0F5D-47FD-8B76-845120CB1B6B} - \CIMT_S-1-5-21-2850889850-1339263924-1582463754-1000 -> No File <==== ATTENTION
Task: {179B153D-2EA7-452C-91C6-079B6A47FA5C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1C58DF23-E199-4571-B72A-B3BD524D89BC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {1F58B4E3-EE9B-4B5F-A610-5E398FA56FE1} - System32\Tasks\AdobeAAMUpdater-1.0-Pam-PC-Pam => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {24065133-F959-400A-B5C7-2DFB4C8920AE} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {272B6A31-BF01-4E94-B567-255E48B87319} - System32\Tasks\HP AR Program Upload - 7a7775be3acd450c899ff9a68176f95870cb94600d644bb495e4e22e871516cd => C:\Program Files\HP\HP Photosmart 7510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2F74A600-1702-4998-90E1-87B628EAEC0B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {46AEA6F6-726B-4A42-B83B-898B7C431702} - System32\Tasks\Software Protection32 => C:\Windows\system32\config\systemprofile\AppData\Local\SoftwareProtection32\vbisurf.exe
Task: {48EABD02-BA51-44EC-B306-6862EC2CABAC} - \CIMT_daily_S-1-5-21-2850889850-1339263924-1582463754-1000 -> No File <==== ATTENTION
Task: {501EB00A-A85A-478A-A616-D978691E8F96} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {5970B73B-DCB2-41EF-A789-AA841105D521} - System32\Tasks\HP AR Program Upload - d60363e2a97e4ab4963ec39ca20a77dda8976459e8694300923f6b739798cb28 => C:\Program Files\HP\HP Photosmart 7510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {67B46CD3-E5FF-436C-8930-7D413FF1392C} - System32\Tasks\{C01D0A59-F13F-4F52-92D4-DB9531668F27} => pcalua.exe -a "C:\Users\Pam\Desktop\Downloads\chromeinstall-8u25 (1).exe" -d C:\Users\Pam\Desktop\Downloads
Task: {7015A8E0-F3E7-4769-9F57-E9EA37E26979} - \Crossbrowse -> No File <==== ATTENTION
Task: {7ABBD256-03BD-4DA9-BFB6-E6F3913B9E13} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {80580F47-CE62-4615-88E2-9131FCF3ACAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated)
Task: {87B721FC-552F-4130-BF16-F556131A13B9} - System32\Tasks\HP AR Program Upload - b10131ebc9e44cdd8392c932204da45d4d9e72692e58446c94b77fcbe71f1dc8 => C:\Program Files\HP\HP Photosmart 7510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {87C78754-FEDB-4656-AD75-FA99CAC6B008} - \bvxvyxvec -> No File <==== ATTENTION
Task: {884A0573-01DC-4C9E-9451-B0BA1B12F087} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {A92B8F4A-594C-4972-8D2B-EC97ED0E6C1C} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Pam\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-07-25] ()
Task: {B86B0682-F10A-4B0D-8FFF-596A46976088} - System32\Tasks\HP AR Program Upload - beb9e8fee50f4728a55fe8511e42b738d6b7fb1e92aa44e9b5b4643a5d453a93 => C:\Program Files\HP\HP Photosmart 7510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {C89D8105-2E1D-4179-86D7-0DF30A544A18} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {CC69145E-617B-40EE-992B-8E90AD92AD2D} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {CFC47DA6-5DA7-40A2-B94F-79B98E827E0D} - System32\Tasks\Intel® Capability Licensing Service Interface 1.29.13 => C:\Windows\system32\config\systemprofile\AppData\Local\IntelRCapability\idstore.exe
Task: {D18C4F70-7D9F-4C92-9854-E8DF48AF11F0} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {D1BBE10C-97AE-431E-9805-2A46412EA604} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {E05ED2F6-F623-4C54-8736-428E096E09D2} - System32\Tasks\HP AR Program Upload - 6eb6c4fc44914b4ca11810db10ba0137708a6865f937446baf382e5dec107c45 => C:\Program Files\HP\HP Photosmart 7510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {E168F727-5ABD-47A3-A6BF-2F0759081738} - System32\Tasks\IP Helper 1.54.15 => C:\Windows\system32\config\systemprofile\AppData\Local\IPHelper\ip.exe
Task: {E1CE8776-8D60-4A4E-B9AC-C54D165E5A53} - System32\Tasks\HP AR Program Upload - 45856a853ffe4d269036b5cb4bccc668df48b595fea04d2e94313796e9293170 => C:\Program Files\HP\HP Photosmart 7510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {E2DE9CC1-D225-4EF5-A978-4E8761142B8F} - System32\Tasks\ScanToPCActivationApp.exe_{92E5A0AF-C98C-4780-B01B-3461333E9E81} => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F068AC86-C0B4-4484-A91B-917182B0A266} - System32\Tasks\HPCustParticipation HP Photosmart 7510 series => C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Pam\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Loaded Modules (Whitelisted) ==============

2013-11-15 14:05 - 2013-06-27 12:56 - 00160768 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-19 12:39 - 2013-06-14 21:12 - 00045056 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-02-26 16:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-20 18:01 - 2015-01-27 10:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-15 14:05 - 2013-07-31 12:23 - 02218496 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-11-19 12:39 - 2013-05-29 13:41 - 00265728 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe
2013-11-15 14:05 - 2012-01-12 20:58 - 00552960 _____ () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2013-11-15 14:05 - 2012-01-12 20:58 - 00477696 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2013-11-15 14:05 - 2012-10-23 21:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-11-15 14:05 - 2013-07-18 18:41 - 08856576 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2015-05-15 16:26 - 2015-05-15 16:26 - 00306984 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2013-11-15 14:05 - 2009-12-18 18:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-11-15 14:05 - 2009-12-18 18:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2014-11-21 21:38 - 2014-11-21 21:38 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-11-15 14:04 - 2013-07-16 18:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (f791e031efc13bde) => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\...\statefarm.com -> hxxps://online2.statefarm.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pam\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Pam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk => C:\Windows\pss\crossbrowse.lnk.Startup
MSCONFIG\startupreg: GoogleChromeAutoLaunch_469491A5B2CF35ADF6C6E934FF494EEF => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Open Download Manager => C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorun
MSCONFIG\startupreg: ospd_us_013010060 => "C:\Program Files (x86)\ospd_us_013010060\ospd_us_013010060.exe"
MSCONFIG\startupreg: PCSpeedUp => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: Selection Tools => "C:\Users\Pam\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
MSCONFIG\startupreg: SpaceSoundPro => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
MSCONFIG\startupreg: TWC.Win7 => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
MSCONFIG\startupreg: WindApp => "C:\Users\Pam\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B1C405CB-BE77-4A6A-B7A5-6109FD96AFAA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A799C3D4-4BA8-4E3E-B12D-AFC85BFF4C11}] => (Allow) C:\Users\Pam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B7C22121-BE8A-4B74-BFA3-F8ED9DAA2FBC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B3CD2C45-F906-4084-923A-D055E267354B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6313864F-062F-4AAF-A63F-2B18C4271E56}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7C68180C-07E5-4E29-8B61-DA226466B165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EF3F17CF-A68C-4138-BEF1-D70B079F6E29}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE0BB0DC-B02F-4979-9DB5-07CD9362FEFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FB7F09CE-46DA-4849-8039-33283C57E311}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\DeviceSetup.exe
FirewallRules: [{DB5F5929-3509-46BA-BB07-C1200646813E}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{512FCF2C-7472-4FA1-85A7-9ACEEDB0D10A}] => (Allow) C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0AD20145-8E4F-48B3-86ED-CE9B7D39B04D}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{506159C2-BFF0-4FA1-B896-876214D218D2}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{96E2A054-DE3B-44C4-8C94-8A2B5543F616}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{DAA86E03-40E8-42D2-A08C-FDBC20E6D6A7}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{34D21958-37AD-49E9-AEA1-20449C01C702}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E0DF1FFA-2D0C-4500-8695-37BEEBB6F133}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F32063E0-C19F-4FA8-A9E6-418506FC2BD3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{820C7DDB-5E6F-434B-A1C2-E5AB62C9832C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B1BAA64A-A177-47AA-B133-B32CF8054572}] => (Allow) svchost.exe
FirewallRules: [{9B6834EE-EB14-48E6-9A42-3F5007DEA54C}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{F32C6268-A2CF-4C96-8B09-2282D4CA8898}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{2D7E4B68-E001-4B68-866E-E56C097CCA84}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3F911AC3-F0A0-40A1-9A4C-3941D3DEE04E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2015 04:39:44 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/28/2015 04:39:44 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0698E632-FE40-4289-9448-140D7D2D0D42}

Error: (08/28/2015 04:39:43 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0698E632-FE40-4289-9448-140D7D2D0D42}

Error: (08/27/2015 04:39:42 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/27/2015 04:39:42 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {F2659F73-6289-48A1-9946-84A1E67F4D1A}

Error: (08/27/2015 04:39:41 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {F2659F73-6289-48A1-9946-84A1E67F4D1A}

Error: (08/26/2015 06:04:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/26/2015 06:04:19 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {D09BEC74-554D-41DD-B8C2-CB669CC8AF34}

Error: (08/26/2015 06:04:18 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {D09BEC74-554D-41DD-B8C2-CB669CC8AF34}

Error: (08/26/2015 05:55:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (08/28/2015 05:10:24 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PAM-PC         :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (08/28/2015 05:08:32 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PAM-PC         :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (08/28/2015 05:04:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PAM-PC         :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (08/28/2015 11:28:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/28/2015 10:43:28 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PAM-PC         :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (08/27/2015 09:13:37 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PAM-PC         :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (08/27/2015 09:11:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {DC0C2640-1415-4644-875C-6F4D769839BA}

Error: (08/27/2015 08:58:35 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PAM-PC         :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (08/27/2015 07:00:29 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PAM-PC         :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (08/27/2015 06:22:20 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "PAM-PC         :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Microsoft Office:
=========================
Error: (08/28/2015 04:39:44 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/28/2015 04:39:44 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0698E632-FE40-4289-9448-140D7D2D0D42}

Error: (08/28/2015 04:39:43 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {0698E632-FE40-4289-9448-140D7D2D0D42}

Error: (08/27/2015 04:39:42 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/27/2015 04:39:42 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {F2659F73-6289-48A1-9946-84A1E67F4D1A}

Error: (08/27/2015 04:39:41 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {F2659F73-6289-48A1-9946-84A1E67F4D1A}

Error: (08/26/2015 06:04:19 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -2143485936

Error: (08/26/2015 06:04:19 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {D09BEC74-554D-41DD-B8C2-CB669CC8AF34}

Error: (08/26/2015 06:04:18 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {D09BEC74-554D-41DD-B8C2-CB669CC8AF34}

Error: (08/26/2015 05:55:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™ i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 23%
Total physical RAM: 16293.04 MB
Available physical RAM: 12509.38 MB
Total Virtual: 41291.25 MB
Available Virtual: 37482.29 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.66 GB) (Free:513.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6D94FBE4)
Partition 1: (Active) - (Size=868 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
zep516
Posted 28 August 2015 - 05:42 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

Be back with more instruction soon.

Thanks
Joe :)
  • 0

#3
tjmoes
Posted 28 August 2015 - 08:40 PM

tjmoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Thanks for your quick reply.  I am back at home now but will head over to my mom's house tomorrow to reinstall Chrome as you discussed above.  She uses IE.  I installed Chrome and Firefox because I cant stand using IE when I am on her laptop.  The ads pop up in all 3 of the browsers.

 

I will reply tomorrow once I have finished the reinstall.

 

Thanks,

 

TJ


  • 0

#4
zep516
Posted 28 August 2015 - 08:56 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
I may not be around Tomorrow, I'll leave you the next instructions to follow once Chrome is reinstalled. Please post the associated log reports from, the Fix, Adwcleaner, an JRT.

A fix is required using FRST,

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
AppInit_DLLs: Files Files Files => No File
AppInit_DLLs-x32: c:\program files c:\program files c:\program files => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2850889850-1339263924-1582463754-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53963;https=127.0.0.1:53963
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 Guilty Troupe; C:\Users\Pam\AppData\Roaming\Guilty Troupe\Guilty Troupe.exe [X]
2015-08-13 15:30 - 2015-08-20 12:18 - 00000000 ____D C:\ProgramData\881c1cc80000156b
2015-08-13 15:30 - 2015-08-15 16:09 - 00000000 ____D C:\Program Files (x86)\UpgradeLeader
2015-08-13 15:04 - 2015-08-13 15:05 - 00000099 _____ C:\Windows\Reimage.ini
2015-08-08 23:47 - 2015-08-08 23:47 - 00000000 ____D C:\Users\Pam\AppData\Roaming\InstallShield
2015-08-08 23:22 - 2015-08-13 17:54 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-08 23:22 - 2015-08-08 23:22 - 00000000 ____D C:\Users\Pam\AppData\Local\globalUpdate
2015-08-08 23:20 - 2015-08-15 16:09 - 00000000 ____D C:\Users\Pam\AppData\Local\SmartWeb
Task: {00A47AF7-802E-4FAD-A344-DBD8058DB012} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION
Task: {11A34FA3-8F64-4F04-9AF4-6FA46501243E} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {12544792-0F5D-47FD-8B76-845120CB1B6B} - \CIMT_S-1-5-21-2850889850-1339263924-1582463754-1000 -> No File <==== ATTENTION
Task: {48EABD02-BA51-44EC-B306-6862EC2CABAC} - \CIMT_daily_S-1-5-21-2850889850-1339263924-1582463754-1000 -> No File <==== ATTENTION
Task: {501EB00A-A85A-478A-A616-D978691E8F96} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {7015A8E0-F3E7-4769-9F57-E9EA37E26979} - \Crossbrowse -> No File <==== ATTENTION
Task: {87C78754-FEDB-4656-AD75-FA99CAC6B008} - \bvxvyxvec -> No File <==== ATTENTION
Task: {CC69145E-617B-40EE-992B-8E90AD92AD2D} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {D18C4F70-7D9F-4C92-9854-E8DF48AF11F0} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {D1BBE10C-97AE-431E-9805-2A46412EA604} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
FirewallRules: [{9B6834EE-EB14-48E6-9A42-3F5007DEA54C}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next AdwCleaner.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at "c"

    Next JRT.

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

    Thanks
    Joe :)



  • 0

#5
tjmoes
Posted 01 September 2015 - 07:28 PM

tjmoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

Be back with more instruction soon.

Thanks
Joe :)

 

Joe, 

 

A couple of things.  I just got back to my mom's house to begin cleaning the computer.  First off, I logged into Google Sync but I cannot figure out where the "Stop and Clear" button is.  Secondly, I looked at the control panel and Chrome is not listed under the Programs.  I don't think it is installed on this computer anymore. 

 

I don't need Chrome, so don't worry about it  But, it is weird that it showed up in the report.

 

Any thoughts?  I haven't done any of the other stuff you posted.

 

Thanks,

 

TJ


  • 0

#6
zep516
Posted 01 September 2015 - 07:35 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts

I don't need Chrome, so don't worry about it

Excellent....

I don't know why it does that, shows up in the log. I'm not very fond of the browser it appears to be a maintenance nightmare, perhaps because so many use it.
  • 0

#7
zep516
Posted 17 September 2015 - 09:21 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP