Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser opening new tab


  • Please log in to reply

#1
Jdpowell

Jdpowell

    Member

  • Member
  • PipPip
  • 75 posts

I am using Opera browser.  About once or twice a day it opens a tab to the Openthefile.net website about opening an Exe file.  

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015

Ran by Jody (administrator) on JODY-PC (31-08-2015 17:14:13)
Running from H:\Downloads
Loaded Profiles: Jody (Available Profiles: Jody)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) E:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) E:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) E:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Schneider Electric) E:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) E:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) E:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Apple Inc.) E:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) E:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) E:\Windows\System32\GWX\GWX.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Nico Mak Computing) E:\Program Files\File Association Helper\FAHWindow.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Western Digital Technologies, Inc.) E:\Config.Msi\8b4e2.rbf
(Schneider Electric) E:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Sanford, L.P.) E:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(The Privoxy team - www.privoxy.org) E:\Program Files (x86)\Privoxy\privoxy.exe
(Hewlett-Packard) E:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(InstallShield Software Corporation) E:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Creative Technology Ltd) E:\Windows\SysWOW64\Ctxfihlp.exe
(Sanford, L.P.) E:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
(Oracle Corporation) E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Schneider Electric) E:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Creative Technology Ltd) E:\Windows\SysWOW64\CTxfispi.exe
(Apple Inc.) E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Apple Inc.) E:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) E:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Western Digital Technologies, Inc.) E:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Western Digital Technologies, Inc.) E:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera_crashreporter.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Microsoft Corporation) E:\Windows\splwow64.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) E:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Adobe Systems Incorporated) E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FAHConsole] => E:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WD Quick View] => E:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [HP Software Update] => E:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Creative Cloud] => E:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinCalendar V4] => "H:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe" /q /c
HKLM-x32\...\Run: [ISUSScheduler] => E:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-08-09] (InstallShield Software Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [Display] => E:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [DLSService] => E:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe [55808 2009-09-29] (Sanford, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => E:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\Run: [HP Photosmart 6520 series (NET)] => E:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\Run: [WinCalendar V4] => "H:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe /q /c"
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\Run: [iCloudServices] => E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\Run: [ApplePhotoStreams] => E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\Run: [iCloudDrive] => E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\Run: [ISUSPM Startup] => E:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\Run: [DymoQuickPrint] => E:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1885944 2009-09-29] (Sanford, L.P.)
HKU\S-1-5-18\...\Run: [WinCalendar V4] => "H:\Program Files (x86)\WinCalendar V4\WinCalendarV4_SysTray.exe" /q /c
HKU\S-1-5-18\...\RunOnce: [SPReview] => E:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => E:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => E:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => E:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => E:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-09-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => E:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-09-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => E:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-09-25] (Microsoft Corporation)
Startup: E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2014-11-11]
ShortcutTarget: APC UPS Status.lnk -> E:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk [2014-09-29]
ShortcutTarget: Privoxy.lnk -> E:\Program Files (x86)\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
Startup: E:\Users\Jody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-10-01]
ShortcutTarget: Adobe Gamma.lnk -> E:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.27.35.1
Tcpip\..\Interfaces\{45046CE4-8513-4228-92FE-E29AE280B592}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{78B6D478-E6D0-4241-8E62-F65297DBFD01}: [NameServer] 209.222.18.222,209.222.18.218
Tcpip\..\Interfaces\{78B6D478-E6D0-4241-8E62-F65297DBFD01}: [DhcpNameServer] 172.27.35.1
Tcpip\..\Interfaces\{9FF4D2B2-C0B7-4153-9A0F-D81A25632B04}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://sellercentral.amazon.com/gp/homepage.html/ref=ag_home_logo_home
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-965870668-2612282287-2506016020-1000 -> DefaultScope {D2F561E2-312D-40E5-937E-A5C3D49D0BE5} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-965870668-2612282287-2506016020-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-965870668-2612282287-2506016020-1000 -> {D2F561E2-312D-40E5-937E-A5C3D49D0BE5} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-08-26] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> E:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-09-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> E:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-09-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2014-08-26] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> E:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> E:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2014-09-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> E:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2014-09-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-23] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-965870668-2612282287-2506016020-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - E:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
DPF: HKLM-x32 {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - E:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-09-25] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2014-09-25] (Microsoft Corporation)
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - E:\Program Files (x86)\Norton 360\Engine\3.5.2.11\coIEPlg.dll No File
 
FireFox:
========
FF ProfilePath: E:\Users\Jody\AppData\Roaming\Mozilla\Firefox\Profiles\uv4sgpcg.default
FF DefaultSearchEngine.US: Norton Safe Search
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> E:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-02] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> E:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> E:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> E:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> E:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-14] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> E:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2013-10-02] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> E:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-12-10] (RocketLife, LLP)
FF Plugin-x32: @stamps.com/Web client plug-in,version=1.1.0.41 -> E:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll [2012-06-12] (Stamps.com, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> E:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> E:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> E:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> E:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-965870668-2612282287-2506016020-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> E:\Users\Jody\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-09-20] (RocketLife, LLP)
FF Plugin ProgramFiles/Appdata: E:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-08-25] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-08-25] (Apple Inc.)
FF SearchPlugin: E:\Users\Jody\AppData\Roaming\Mozilla\Firefox\Profiles\uv4sgpcg.default\searchplugins\safesearch.xml [2015-02-16]
FF Extension: CyberSearch - E:\Users\Jody\AppData\Roaming\Mozilla\Firefox\Profiles\uv4sgpcg.default\Extensions\[email protected] [2015-07-20]
FF Extension: Split Browser - E:\Users\Jody\AppData\Roaming\Mozilla\Firefox\Profiles\uv4sgpcg.default\Extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d} [2009-12-29]
FF Extension: <![CDATA[1-ClickWeather]]> - E:\Users\Jody\AppData\Roaming\Mozilla\Firefox\Profiles\uv4sgpcg.default\Extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} [2010-01-02]
FF Extension: Video DownloadHelper - E:\Users\Jody\AppData\Roaming\Mozilla\Firefox\Profiles\uv4sgpcg.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-05-11]
FF Extension: Adblock Plus - E:\Users\Jody\AppData\Roaming\Mozilla\Firefox\Profiles\uv4sgpcg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - E:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-08-12]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://amazon.com/"
CHR Profile: E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-11]
CHR Extension: (Google Wallet) - E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - E:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - E:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
 
Opera: 
=======
OPR Extension: (Adguard) - E:\Users\Jody\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2014-10-02]
OPR Extension: (Amazon for Opera) - E:\Users\Jody\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2014-12-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; E:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-10-01] (Adobe Systems) [File not signed]
R2 AdobeUpdateService; E:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
R2 APC Data Service; E:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; E:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 Apple Mobile Device Service; E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 becldr3Service; E:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 ClickToRunSvc; E:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; E:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-11-02] (Creative Labs) [File not signed]
R2 CTAudSvcService; E:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 HPSupportSolutionsFrameworkService; E:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 N360; E:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-16] (Symantec Corporation)
R2 WDBackup; E:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; E:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
R2 WinDefend; E:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AN983X64; E:\Windows\System32\DRIVERS\AN983X64.sys [48128 2005-05-19] (Infineon Technologies AG)
S3 AtiHDAudioService; E:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed]
R1 BHDrvx64; E:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; E:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; E:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; E:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; E:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R3 hcw85cir; E:\Windows\System32\drivers\hcw85cir3.sys [32768 2009-07-14] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; E:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150828.001\IDSvia64.sys [767224 2015-08-28] (Symantec Corporation)
R3 MBAMProtector; E:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; E:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; E:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; E:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150830.001\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; E:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150830.001\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R1 SRTSP; E:\Windows\System32\Drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; E:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; E:\Windows\System32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; E:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-24] (Symantec Corporation)
R1 SymIRON; E:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; E:\Windows\System32\Drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 17:13 - 2015-08-31 17:14 - 00000000 ____D E:\FRST
2015-08-30 21:00 - 2015-08-30 21:01 - 00010128 _____ E:\Windows\DPINST.LOG
2015-08-30 20:59 - 2015-08-30 20:59 - 00000000 ____D E:\Program Files\Western Digital
2015-08-30 20:48 - 2015-08-30 21:00 - 00008192 _____ E:\Windows\SysWOW64\WDPABKP.dat
2015-08-29 15:34 - 2015-08-30 20:41 - 00000000 ____D E:\Program Files (x86)\Mozilla Firefox
2015-08-25 07:35 - 2015-08-25 07:35 - 00001848 _____ E:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-25 07:35 - 2015-08-25 07:35 - 00000000 ____D E:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-25 07:34 - 2015-08-25 07:35 - 00000000 ____D E:\Program Files (x86)\QuickTime
2015-08-23 19:58 - 2015-08-23 19:58 - 00000000 ____D E:\Users\Jody\AppData\Roaming\Sun
2015-08-23 19:58 - 2015-08-23 19:58 - 00000000 ____D E:\Users\Jody\.oracle_jre_usage
2015-08-20 03:01 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) E:\Windows\system32\mshtml.dll
2015-08-20 03:01 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) E:\Windows\system32\mshtml.tlb
2015-08-20 03:01 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) E:\Windows\SysWOW64\mshtml.tlb
2015-08-20 03:01 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) E:\Windows\SysWOW64\mshtml.dll
2015-08-18 08:27 - 2015-08-18 08:27 - 00001756 _____ E:\Users\Public\Desktop\iTunes.lnk
2015-08-18 08:27 - 2015-08-18 08:27 - 00000000 ____D E:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-18 08:26 - 2015-08-18 08:27 - 00000000 ____D E:\Program Files\iTunes
2015-08-18 08:26 - 2015-08-18 08:26 - 00000000 ____D E:\Program Files\iPod
2015-08-18 08:26 - 2015-08-18 08:26 - 00000000 ____D E:\Program Files (x86)\iTunes
2015-08-12 03:58 - 2015-08-12 03:58 - 00001152 _____ E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-08-12 03:58 - 2015-08-12 03:58 - 00001140 _____ E:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-08-12 03:16 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) E:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:16 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) E:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 14:54 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) E:\Windows\system32\CompatTelRunner.exe
2015-08-11 14:54 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) E:\Windows\system32\appraiser.dll
2015-08-11 14:54 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) E:\Windows\system32\invagent.dll
2015-08-11 14:54 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) E:\Windows\system32\generaltel.dll
2015-08-11 14:54 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) E:\Windows\system32\devinv.dll
2015-08-11 14:54 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) E:\Windows\system32\aepdu.dll
2015-08-11 14:54 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) E:\Windows\system32\acmigration.dll
2015-08-11 14:54 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) E:\Windows\system32\aeinv.dll
2015-08-11 14:54 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) E:\Windows\SysWOW64\mstscax.dll
2015-08-11 14:54 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) E:\Windows\SysWOW64\rdvidcrl.dll
2015-08-11 14:54 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) E:\Windows\SysWOW64\tsgqec.dll
2015-08-11 14:54 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) E:\Windows\system32\mstscax.dll
2015-08-11 14:54 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) E:\Windows\system32\rdvidcrl.dll
2015-08-11 14:54 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) E:\Windows\system32\tsgqec.dll
2015-08-11 14:54 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) E:\Windows\system32\ntoskrnl.exe
2015-08-11 14:54 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) E:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 14:54 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) E:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 14:54 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) E:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 14:54 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) E:\Windows\system32\ntdll.dll
2015-08-11 14:54 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) E:\Windows\system32\wow64win.dll
2015-08-11 14:54 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) E:\Windows\system32\wow64.dll
2015-08-11 14:54 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) E:\Windows\system32\winsrv.dll
2015-08-11 14:54 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) E:\Windows\system32\wdigest.dll
2015-08-11 14:54 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) E:\Windows\system32\wow64cpu.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) E:\Windows\system32\sysmain.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) E:\Windows\system32\lsasrv.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) E:\Windows\system32\rpcrt4.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) E:\Windows\system32\kernel32.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) E:\Windows\system32\kerberos.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) E:\Windows\system32\srcore.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) E:\Windows\system32\KernelBase.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) E:\Windows\system32\schannel.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) E:\Windows\system32\msv1_0.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) E:\Windows\system32\ncrypt.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) E:\Windows\system32\rstrui.exe
2015-08-11 14:54 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) E:\Windows\system32\sspicli.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) E:\Windows\system32\smss.exe
2015-08-11 14:54 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) E:\Windows\system32\TSpkg.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) E:\Windows\system32\srclient.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) E:\Windows\system32\cryptbase.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) E:\Windows\system32\csrsrv.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) E:\Windows\system32\lsass.exe
2015-08-11 14:54 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) E:\Windows\system32\sspisrv.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) E:\Windows\system32\secur32.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) E:\Windows\system32\credssp.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) E:\Windows\system32\ntvdm64.dll
2015-08-11 14:54 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) E:\Windows\system32\msmmsp.dll
2015-08-11 14:54 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) E:\Windows\system32\conhost.exe
2015-08-11 14:54 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) E:\Windows\system32\auditpol.exe
2015-08-11 14:54 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) E:\Windows\system32\msaudite.dll
2015-08-11 14:54 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) E:\Windows\system32\msobjs.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) E:\Windows\system32\adtschema.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) E:\Windows\system32\apisetschema.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) E:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 14:54 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 14:54 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ntdll.dll
2015-08-11 14:54 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) E:\Windows\SysWOW64\schannel.dll
2015-08-11 14:54 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) E:\Windows\SysWOW64\wdigest.dll
2015-08-11 14:54 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) E:\Windows\SysWOW64\TSpkg.dll
2015-08-11 14:54 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) E:\Windows\SysWOW64\srclient.dll
2015-08-11 14:54 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) E:\Windows\SysWOW64\secur32.dll
2015-08-11 14:54 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) E:\Windows\SysWOW64\kerberos.dll
2015-08-11 14:54 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msv1_0.dll
2015-08-11 14:54 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ncrypt.dll
2015-08-11 14:54 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) E:\Windows\SysWOW64\cryptbase.dll
2015-08-11 14:54 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) E:\Windows\SysWOW64\setup16.exe
2015-08-11 14:54 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) E:\Windows\SysWOW64\credssp.dll
2015-08-11 14:54 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 14:54 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) E:\Windows\SysWOW64\kernel32.dll
2015-08-11 14:54 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) E:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 14:54 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) E:\Windows\SysWOW64\KernelBase.dll
2015-08-11 14:54 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) E:\Windows\SysWOW64\sspicli.dll
2015-08-11 14:54 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) E:\Windows\SysWOW64\auditpol.exe
2015-08-11 14:54 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) E:\Windows\SysWOW64\wow32.dll
2015-08-11 14:54 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msobjs.dll
2015-08-11 14:54 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msaudite.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) E:\Windows\SysWOW64\adtschema.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) E:\Windows\SysWOW64\apisetschema.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) E:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 14:54 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) E:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 14:54 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) E:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 14:54 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) E:\Windows\SysWOW64\instnm.exe
2015-08-11 14:54 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) E:\Windows\SysWOW64\user.exe
2015-08-11 14:54 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 14:54 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) E:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 14:54 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) E:\Windows\system32\basesrv.dll
2015-08-11 14:54 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) E:\Windows\system32\wksprt.exe
2015-08-11 14:53 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) E:\Windows\system32\iedkcs32.dll
2015-08-11 14:53 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) E:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 14:53 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) E:\Windows\system32\ieetwcollectorres.dll
2015-08-11 14:53 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) E:\Windows\system32\iesetup.dll
2015-08-11 14:53 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) E:\Windows\system32\vbscript.dll
2015-08-11 14:53 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) E:\Windows\system32\html.iec
2015-08-11 14:53 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) E:\Windows\system32\ieetwproxystub.dll
2015-08-11 14:53 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) E:\Windows\system32\iertutil.dll
2015-08-11 14:53 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) E:\Windows\system32\MshtmlDac.dll
2015-08-11 14:53 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) E:\Windows\system32\jsproxy.dll
2015-08-11 14:53 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) E:\Windows\system32\jscript9.dll
2015-08-11 14:53 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) E:\Windows\system32\iernonce.dll
2015-08-11 14:53 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) E:\Windows\system32\ieui.dll
2015-08-11 14:53 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) E:\Windows\system32\jscript.dll
2015-08-11 14:53 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) E:\Windows\system32\jscript9diag.dll
2015-08-11 14:53 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) E:\Windows\system32\ieUnatt.exe
2015-08-11 14:53 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) E:\Windows\system32\ieetwcollector.exe
2015-08-11 14:53 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) E:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 14:53 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) E:\Windows\system32\dxtmsft.dll
2015-08-11 14:53 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) E:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 14:53 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) E:\Windows\system32\msrating.dll
2015-08-11 14:53 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) E:\Windows\system32\mshtmled.dll
2015-08-11 14:53 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) E:\Windows\SysWOW64\vbscript.dll
2015-08-11 14:53 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) E:\Windows\system32\dxtrans.dll
2015-08-11 14:53 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) E:\Windows\SysWOW64\iesetup.dll
2015-08-11 14:53 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) E:\Windows\SysWOW64\html.iec
2015-08-11 14:53 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 14:53 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) E:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 14:53 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) E:\Windows\SysWOW64\iertutil.dll
2015-08-11 14:53 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) E:\Windows\SysWOW64\jsproxy.dll
2015-08-11 14:53 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) E:\Windows\SysWOW64\iernonce.dll
2015-08-11 14:53 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ieui.dll
2015-08-11 14:53 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) E:\Windows\SysWOW64\jscript.dll
2015-08-11 14:53 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 14:53 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) E:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 14:53 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) E:\Windows\system32\msfeeds.dll
2015-08-11 14:53 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) E:\Windows\system32\ie4uinit.exe
2015-08-11 14:53 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) E:\Windows\system32\ieframe.dll
2015-08-11 14:53 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) E:\Windows\system32\mshtmlmedia.dll
2015-08-11 14:53 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) E:\Windows\system32\inetcpl.cpl
2015-08-11 14:53 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) E:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 14:53 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) E:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 14:53 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msrating.dll
2015-08-11 14:53 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) E:\Windows\SysWOW64\mshtmled.dll
2015-08-11 14:53 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) E:\Windows\SysWOW64\dxtrans.dll
2015-08-11 14:53 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) E:\Windows\SysWOW64\jscript9.dll
2015-08-11 14:53 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) E:\Windows\system32\wininet.dll
2015-08-11 14:53 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ieframe.dll
2015-08-11 14:53 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) E:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 14:53 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msfeeds.dll
2015-08-11 14:53 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) E:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 14:53 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) E:\Windows\system32\urlmon.dll
2015-08-11 14:53 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) E:\Windows\system32\ieapfltr.dll
2015-08-11 14:53 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) E:\Windows\SysWOW64\wininet.dll
2015-08-11 14:53 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) E:\Windows\SysWOW64\urlmon.dll
2015-08-11 14:53 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) E:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 14:53 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) E:\Windows\system32\msxml6.dll
2015-08-11 14:53 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) E:\Windows\system32\msxml3.dll
2015-08-11 14:53 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) E:\Windows\system32\msxml6r.dll
2015-08-11 14:53 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) E:\Windows\system32\msxml3r.dll
2015-08-11 14:53 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msxml6.dll
2015-08-11 14:53 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msxml3.dll
2015-08-11 14:53 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msxml6r.dll
2015-08-11 14:53 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) E:\Windows\SysWOW64\msxml3r.dll
2015-08-11 14:53 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) E:\Windows\system32\WebClnt.dll
2015-08-11 14:53 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) E:\Windows\system32\davclnt.dll
2015-08-11 14:53 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) E:\Windows\SysWOW64\WebClnt.dll
2015-08-11 14:53 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) E:\Windows\SysWOW64\davclnt.dll
2015-08-11 14:52 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) E:\Windows\system32\d3d10warp.dll
2015-08-11 14:52 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) E:\Windows\system32\DWrite.dll
2015-08-11 14:52 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) E:\Windows\system32\FntCache.dll
2015-08-11 14:52 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) E:\Windows\system32\fontsub.dll
2015-08-11 14:52 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) E:\Windows\system32\atmlib.dll
2015-08-11 14:52 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) E:\Windows\system32\lpk.dll
2015-08-11 14:52 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) E:\Windows\system32\dciman32.dll
2015-08-11 14:52 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) E:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 14:52 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) E:\Windows\SysWOW64\DWrite.dll
2015-08-11 14:52 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) E:\Windows\SysWOW64\fontsub.dll
2015-08-11 14:52 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) E:\Windows\SysWOW64\atmlib.dll
2015-08-11 14:52 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) E:\Windows\SysWOW64\dciman32.dll
2015-08-11 14:52 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) E:\Windows\SysWOW64\lpk.dll
2015-08-11 14:52 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) E:\Windows\system32\win32k.sys
2015-08-11 14:52 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) E:\Windows\system32\atmfd.dll
2015-08-11 14:52 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) E:\Windows\SysWOW64\atmfd.dll
2015-08-11 14:52 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) E:\Windows\system32\wucltux.dll
2015-08-11 14:52 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) E:\Windows\system32\wuaueng.dll
2015-08-11 14:52 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) E:\Windows\system32\wuapi.dll
2015-08-11 14:52 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) E:\Windows\system32\wuwebv.dll
2015-08-11 14:52 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) E:\Windows\system32\wuauclt.exe
2015-08-11 14:52 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) E:\Windows\system32\wudriver.dll
2015-08-11 14:52 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) E:\Windows\system32\WinSetupUI.dll
2015-08-11 14:52 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) E:\Windows\system32\wups2.dll
2015-08-11 14:52 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) E:\Windows\system32\wuapp.exe
2015-08-11 14:52 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) E:\Windows\system32\wups.dll
2015-08-11 14:52 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) E:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 14:52 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) E:\Windows\SysWOW64\wuapi.dll
2015-08-11 14:52 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) E:\Windows\SysWOW64\wuwebv.dll
2015-08-11 14:52 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) E:\Windows\SysWOW64\wudriver.dll
2015-08-11 14:52 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) E:\Windows\SysWOW64\wuapp.exe
2015-08-11 14:52 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) E:\Windows\SysWOW64\wups.dll
2015-08-11 14:52 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) E:\Windows\system32\shell32.dll
2015-08-11 14:52 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) E:\Windows\SysWOW64\shell32.dll
2015-08-11 14:52 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) E:\Windows\system32\notepad.exe
2015-08-11 14:52 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) E:\Windows\notepad.exe
2015-08-11 14:52 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) E:\Windows\SysWOW64\notepad.exe
2015-08-11 14:52 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) E:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) E:\Windows\SysWOW64\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) E:\Windows\SysWOW64\QuickTime.qts
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 17:11 - 2009-12-29 14:24 - 01905599 _____ E:\Windows\WindowsUpdate.log
2015-08-31 16:52 - 2013-10-02 15:28 - 00000898 _____ E:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 16:46 - 2014-09-23 11:33 - 00000830 _____ E:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-31 15:41 - 2014-11-02 15:31 - 00113880 _____ (Malwarebytes Corporation) E:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-31 12:57 - 2009-07-14 00:45 - 00020496 ____H E:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-31 12:57 - 2009-07-14 00:45 - 00020496 ____H E:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 02:00 - 2014-09-23 11:32 - 00000000 ____D E:\Users\Jody\AppData\Local\Adobe
2015-08-30 23:52 - 2013-10-02 15:28 - 00000894 _____ E:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-30 22:32 - 2015-03-29 10:19 - 00004966 _____ E:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jody-PC-Jody Jody-PC
2015-08-30 21:01 - 2014-09-23 12:02 - 00000000 ____D E:\ProgramData\Package Cache
2015-08-30 20:59 - 2014-09-29 10:15 - 00000000 ___HD E:\Program Files\Common Files\Western Digital
2015-08-30 20:59 - 2014-09-29 10:15 - 00000000 ____D E:\ProgramData\Western Digital
2015-08-30 20:59 - 2014-09-29 10:15 - 00000000 ____D E:\Program Files (x86)\Western Digital
2015-08-30 20:50 - 2015-04-08 08:31 - 00000000 ___RD E:\Users\Jody\Creative Cloud Files
2015-08-30 20:48 - 2015-06-13 03:41 - 00000000 ____D E:\ProgramData\boost_interprocess
2015-08-30 20:48 - 2014-10-17 16:33 - 00000000 ___RD E:\Users\Jody\iCloudDrive
2015-08-30 20:46 - 2015-03-08 02:00 - 00001960 _____ E:\Windows\setupact.log
2015-08-30 20:46 - 2009-07-14 01:08 - 00000006 ____H E:\Windows\Tasks\SA.DAT
2015-08-30 20:45 - 2015-03-12 03:42 - 01584250 _____ E:\Windows\PFRO.log
2015-08-30 20:45 - 2015-02-16 17:25 - 00000000 ____D E:\Program Files (x86)\Mozilla Maintenance Service
2015-08-30 13:37 - 2014-11-02 15:31 - 00000000 ____D E:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-30 13:37 - 2010-01-02 15:07 - 00000000 ____D E:\Program Files (x86)\Privoxy
2015-08-29 21:04 - 2014-10-21 18:30 - 00000000 ____D E:\Users\Jody\Documents\Outlook Files
2015-08-29 20:49 - 2014-10-17 16:34 - 00000000 ____D E:\Users\Jody\AppData\Local\9E46A793-0144-4AA1-9F2B-00798DB3FC7A.aplzod
2015-08-27 23:47 - 2013-10-02 15:28 - 00003894 _____ E:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 23:47 - 2013-10-02 15:28 - 00003642 _____ E:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-23 20:00 - 2014-12-28 21:29 - 00000000 ____D E:\Program Files (x86)\Java
2015-08-23 20:00 - 2014-12-17 13:32 - 00000000 ____D E:\ProgramData\Oracle
2015-08-23 20:00 - 2014-12-17 13:32 - 00000000 ____D E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-23 19:58 - 2009-12-29 14:24 - 00000000 ____D E:\Users\Jody
2015-08-23 19:57 - 2014-12-17 10:22 - 00000000 ____D E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-08-23 19:56 - 2014-12-28 21:29 - 00097888 _____ (Oracle Corporation) E:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-21 19:05 - 2015-05-11 22:40 - 00002186 _____ E:\Users\Public\Desktop\Google Chrome.lnk
2015-08-19 04:11 - 2014-09-23 11:29 - 00003828 _____ E:\Windows\System32\Tasks\Opera scheduled Autoupdate 1411486180
2015-08-19 04:11 - 2014-09-23 11:29 - 00000000 ____D E:\Program Files (x86)\Opera
2015-08-18 08:26 - 2014-09-25 13:11 - 00000000 ___HD E:\Program Files\Common Files\Apple
2015-08-12 14:46 - 2014-09-23 11:33 - 00778440 _____ (Adobe Systems Incorporated) E:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 14:46 - 2014-09-23 11:33 - 00142536 _____ (Adobe Systems Incorporated) E:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 14:46 - 2014-09-23 11:33 - 00003768 _____ E:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 03:57 - 2014-09-04 16:09 - 00000000 ____D E:\Program Files (x86)\Adobe
2015-08-12 03:43 - 2009-07-14 00:45 - 05055960 _____ E:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:41 - 2014-12-20 20:53 - 00000000 ____D E:\Program Files\Microsoft Silverlight
2015-08-12 03:41 - 2014-12-20 20:53 - 00000000 ____D E:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:35 - 2014-12-10 04:22 - 00000000 ____D E:\Windows\system32\appraiser
2015-08-12 03:35 - 2014-09-24 09:21 - 00000000 ___SD E:\Windows\system32\CompatTel
2015-08-12 03:09 - 2013-10-10 04:07 - 00000000 ____D E:\Windows\system32\MRT
2015-08-12 03:01 - 2010-01-02 14:54 - 132483416 _____ (Microsoft Corporation) E:\Windows\system32\MRT.exe
2015-08-11 22:38 - 2014-12-20 20:53 - 00000000 ____D E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2014-12-16 19:31 - 2014-12-16 19:31 - 0025155 __RSH () E:\Program Files (x86)\DLS8Uninstall.log
2014-11-18 13:04 - 2014-11-18 13:04 - 0000112 _____ () E:\Users\Jody\AppData\Roaming\JP2K CS6 Prefs
2014-09-29 09:17 - 2014-09-29 09:17 - 0000017 _____ () E:\Users\Jody\AppData\Local\resmon.resmoncfg
2014-09-25 16:00 - 2014-09-25 16:00 - 0000057 _____ () E:\ProgramData\Ament.ini
 
Files to move or delete:
====================
E:\Users\Jody\en_res.dll
E:\Users\Jody\es_res.dll
E:\Users\Jody\fr_res.dll
E:\Users\Jody\grm_res.dll
E:\Users\Jody\it_res.dll
E:\Users\Jody\jp_res.dll
E:\Users\Jody\mfc80u.dll
E:\Users\Jody\msvcr80.dll
E:\Users\Jody\PCPE Setup.exe
E:\Users\Jody\pt_res.dll
E:\Users\Jody\ResourceReader.dll
E:\Users\Jody\ru_res.dll
E:\Users\Jody\zh_res.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
E:\Windows\system32\winlogon.exe => File is digitally signed
E:\Windows\system32\wininit.exe => File is digitally signed
E:\Windows\SysWOW64\wininit.exe => File is digitally signed
E:\Windows\explorer.exe => File is digitally signed
E:\Windows\SysWOW64\explorer.exe => File is digitally signed
E:\Windows\system32\svchost.exe => File is digitally signed
E:\Windows\SysWOW64\svchost.exe => File is digitally signed
E:\Windows\system32\services.exe => File is digitally signed
E:\Windows\system32\User32.dll => File is digitally signed
E:\Windows\SysWOW64\User32.dll => File is digitally signed
E:\Windows\system32\userinit.exe => File is digitally signed
E:\Windows\SysWOW64\userinit.exe => File is digitally signed
E:\Windows\system32\rpcss.dll => File is digitally signed
E:\Windows\system32\dnsapi.dll => File is digitally signed
E:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
E:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-05 21:10
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Jody (2015-08-31 17:15:35)
Running from H:\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-965870668-2612282287-2506016020-500 - Administrator - Disabled)
Guest (S-1-5-21-965870668-2612282287-2506016020-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-965870668-2612282287-2506016020-1002 - Limited - Enabled)
Jody (S-1-5-21-965870668-2612282287-2506016020-1000 - Administrator - Enabled) => E:\Users\Jody
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   - )
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Command & Conquer Tiberian Sun (HKLM-x32\...\{52F25D7D-DEE1-42E7-AB48-D0F014E1F795}_is1) (Version:  - Command & Conquer Communications Center)
Company of Heroes 2 - Beta (HKLM-x32\...\Steam App 317170) (Version:  - )
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Dell System Detect (HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\73f463568823ebbe) (Version: 6.3.0.6 - Dell)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.2.0.794 - Sanford, L.P.)
EnterDigital (HKLM\...\EnterDigital) (Version: 2014.10.31.153040 - EnterDigital) <==== ATTENTION
exPressit SE (HKLM-x32\...\{BB42C935-456E-4A6C-B357-FDEE7A59FE21}) (Version: 3.10.0000 - Medea International Ltd)
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FrostWire 6.1.1 (HKLM-x32\...\FrostWire 6) (Version: 6.1.1.1 - FrostWire LLC)
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5 - GEAR Software) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Holdem Indicator 2.5.5 (HKLM-x32\...\Holdem Indicator_is1) (Version:  - http://www.HoldemIndicator.com)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LaserJet P1000 series (HKLM-x32\...\HP LaserJet P1000 series) (Version:  - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Norton 360 (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 31.0.1889.174 (HKLM-x32\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PrintProjects (HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\PrintProjects) (Version: 1.0.0.15322 - RocketLife Inc.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Privoxy (remove only) (HKLM-x32\...\Privoxy) (Version:  - )
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 12.1.1.2876 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Microsoft Outlook 97-2013 (x32 Version: 12.2.0.2734 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Outlook 2000-2013 (x32 Version: 12.2.0.2732 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Word 2000-2013 (x32 Version: 12.2.0.2734 - Stamps.com, Inc.) Hidden
Stamps.com support for Microsoft Outlook 2000-2013 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 2000-2013) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Outlook 97-2013 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 97-2013) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Word 2000-2013 (HKLM-x32\...\Stamps.com support for Microsoft Word 2000-2013) (Version:  - Stamps.com, Inc.)
Stamps.com Web Postage Plug-in (HKLM-x32\...\Stamps.com Web Postage Plug-in) (Version:  - Stamps.com, Inc.)
Stamps.com Web Postage Plug-in (x32 Version: 1.1.0.41 - Stamps.com) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
WD Quick View (HKLM-x32\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{02FD1EAD-43B8-4D63-AC31-8921005AF2E2}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WinCalendar V4 (HKLM-x32\...\WinCalendar V4) (Version: 4.27 - Sapro Systems)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
15-08-2015 19:34:59 Windows Update
19-08-2015 04:40:42 Windows Update
20-08-2015 03:00:26 Windows Update
23-08-2015 06:05:04 Windows Update
26-08-2015 18:39:53 Windows Update
30-08-2015 00:31:40 Windows Update
30-08-2015 20:52:16 WD SmartWare Installer
30-08-2015 21:01:11 WD SmartWare Installer
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-09-26 11:53 - 2014-11-21 10:32 - 00000081 ____N E:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 pokercheat.org
127.0.0.1 www.pokercheat.org
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {067F27E9-7BD1-436B-BCC6-FD08687D0D15} - System32\Tasks\AdobeAAMUpdater-1.0-Jody-PC-Jody => E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {085DCFF9-A343-465F-A354-86683A268A69} - System32\Tasks\Adobe Flash Player Updater => E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {15C8E170-844A-4A7C-A8AA-2065013FD99D} - System32\Tasks\{45394C6A-406D-436C-A070-D3460995A4A3} => pcalua.exe -a E:\Users\Jody\AppData\LocalLow\WINZIP_P1c37\Setup.exe -d E:\Users\Jody\AppData\LocalLow\WINZIP_P1c37
Task: {1A21F7F9-EFBC-4499-8F45-9E88E6629F0A} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe
Task: {1E0C6BD2-3629-4199-86F3-BBAE7B3B0220} - System32\Tasks\Adobe Acrobat Update Task => E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2562424C-98D4-4B5D-8CAF-FEE069FC1138} - System32\Tasks\{BB27D070-02F6-4C04-9C82-BDC4846C1920} => pcalua.exe -a "E:\Program Files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe"
Task: {289C2167-BE0D-4321-9D00-C90F00504871} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jody-PC-Jody Jody-PC => E:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {2F718805-18FD-4920-ADC3-02EC4FDEF6DC} - System32\Tasks\GoogleUpdateTaskMachineCore => E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {3CFA4DC7-FDB0-419C-A66B-E466FA001689} - System32\Tasks\GoogleUpdateTaskMachineUA => E:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {3F08A894-7D28-4D4F-8614-4FAB89197856} - System32\Tasks\Opera scheduled Autoupdate 1411486180 => E:\Program Files (x86)\Opera\launcher.exe [2015-08-17] (Opera Software)
Task: {41960A95-4584-4168-8D24-56DBA28B57A8} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {4EC30257-17F2-4726-9892-EA221AB82009} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {531E1647-65A0-4989-ACDC-6BE4E0CACC1B} - System32\Tasks\Norton WSC Integration => E:\Program Files (x86)\Norton 360\Engine\22.5.2.15\WSCStub.exe [2015-07-16] (Symantec Corporation)
Task: {599D109B-0CC9-4700-8DBD-1E7F9C5CCB33} - System32\Tasks\{D2332A6C-41F5-483D-A60F-71314CC5E989} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {71104322-7240-4D5A-AC5F-33D3B767507D} - System32\Tasks\Western Digital\SmartWare\____Volume_6c07928c_f4bf_11de_982d_806e6f6e6963______Volume_c9e0eea7_7c7a_11e2_a72b_001fc65f900d__ => E:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-07-20] (Western Digital Technologies, Inc.)
Task: {870DEA56-9E24-460E-989B-0BC4B6B4DAA3} - System32\Tasks\Western Digital\SmartWare\____Volume_6c07928a_f4bf_11de_982d_806e6f6e6963______Volume_c9e0eea7_7c7a_11e2_a72b_001fc65f900d__ => E:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-07-20] (Western Digital Technologies, Inc.)
Task: {918D1ADE-35A2-4D96-B463-0621BFA7FFD8} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => E:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A18B7657-12F0-4DE4-8F07-05FB9D83AC6E} - System32\Tasks\{C6A0D68B-BADF-48EF-A465-30370D08F9F0} => e:\program files (x86)\opera\launcher.exe [2015-08-17] (Opera Software)
Task: {AD1FFBE0-B40C-40C3-9012-19E1B1676F21} - System32\Tasks\Microsoft\Office\Office Automatic Updates => E:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {B074409C-2DE5-4486-88D8-F924D2A8E2B6} - System32\Tasks\Norton 360\Norton Error Analyzer => E:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {BA4FD2AA-6F26-4DF3-A620-407EA7D92AFC} - System32\Tasks\Norton 360\Norton Error Processor => E:\Program Files (x86)\Norton 360\Engine\22.5.2.15\SymErr.exe [2015-05-19] (Symantec Corporation)
Task: {C2AA5867-98E3-4693-80B7-151D674B70CA} - System32\Tasks\{4A8BD3B9-7FFA-4403-8246-804C75A92622} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {CDF6CF0A-4AAA-438E-A345-06ACDD323C91} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => E:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {E5AC775C-F1D1-4D6C-B25D-BE564762A12A} - System32\Tasks\Apple\AppleSoftwareUpdate => E:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F1EECF24-0364-4BDE-A0AE-CCFA0CA401A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => E:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: E:\Windows\Tasks\Adobe Flash Player Updater.job => E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: E:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => E:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: E:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => E:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-10-10 04:09 - 2013-04-15 11:50 - 00198144 _____ () E:\Windows\System32\HP1006LM.DLL
2013-10-10 04:10 - 2013-04-15 11:50 - 00065024 _____ () E:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-10-21 16:11 - 2014-09-09 10:59 - 08896160 ____H () E:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () E:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () E:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-19 06:32 - 2014-05-20 09:19 - 00105640 ____H () E:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 31535264 _____ () E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-10-10 04:09 - 2013-04-15 11:49 - 04003328 _____ () E:\Windows\system32\spool\DRIVERS\x64\3\HP1006SU.DLL
2013-10-10 04:09 - 2013-04-15 11:49 - 01236992 _____ () E:\Windows\system32\spool\DRIVERS\x64\3\HP1006GC.dll
2013-10-10 04:09 - 2013-04-15 11:50 - 00343552 _____ () E:\Windows\system32\spool\DRIVERS\x64\3\HP1006SD.DLL
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () E:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-21 16:11 - 2014-09-09 09:12 - 08896160 ____H () E:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-09-29 15:51 - 2009-09-29 15:51 - 00090112 _____ () E:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2009-10-10 23:30 - 2009-10-10 23:30 - 00086528 _____ () E:\Program Files (x86)\Privoxy\mgwz.dll
2015-07-22 15:32 - 2015-07-22 15:32 - 36732592 _____ () E:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2010-05-05 17:51 - 2010-05-05 17:51 - 00002560 _____ () E:\Windows\SysWOW64\CTXFIRES.DLL
2014-11-02 13:00 - 2009-03-26 15:46 - 00148480 _____ () E:\Windows\SysWOW64\APOMngr.DLL
2015-07-16 18:39 - 2015-07-16 18:39 - 00124416 _____ () E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2015-07-16 18:39 - 2015-07-16 18:39 - 00121856 _____ () E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ref\build\Release\binding.node
2015-07-16 18:39 - 2015-07-16 18:39 - 00122880 _____ () E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-imslib\node_modules\ffi\build\Release\ffi_bindings.node
2015-07-16 18:39 - 2015-07-16 18:39 - 00188416 _____ () E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2015-07-16 18:39 - 2015-07-16 18:39 - 00085504 _____ () E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2015-07-16 18:39 - 2015-07-16 18:39 - 00086016 _____ () E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2015-07-16 18:39 - 2015-07-16 18:39 - 00081408 _____ () E:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-08-19 04:10 - 2015-08-19 04:10 - 58600568 _____ () E:\Program Files (x86)\Opera\31.0.1889.174\opera.dll
2015-08-19 04:10 - 2015-08-19 04:10 - 01781368 _____ () E:\Program Files (x86)\Opera\31.0.1889.174\libglesv2.dll
2015-08-19 04:10 - 2015-08-19 04:10 - 00081528 _____ () E:\Program Files (x86)\Opera\31.0.1889.174\libegl.dll
2015-08-12 14:46 - 2015-08-12 14:46 - 16392904 _____ () E:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_232.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-965870668-2612282287-2506016020-1000\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-965870668-2612282287-2506016020-1000\Control Panel\Desktop\\Wallpaper -> E:\Users\Jody\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: DW6 => "E:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{D706B88E-03C3-484F-93DD-9638AD2067AE}E:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) E:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2AA2A298-02FC-4484-BE6F-69C5B739BF0A}E:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) E:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0669E69D-AA48-4D6F-816B-096B585D5A46}] => (Allow) E:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{AB56B441-9F23-44F1-B18F-C213F2CD73BB}] => (Allow) E:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{6181C9EF-D982-4F2A-8A8F-B136BE6F7683}] => (Allow) E:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{144A52AF-6BC0-4A36-A401-00ECBF85A24D}] => (Allow) E:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{FDD4C84C-0CE9-44B9-B6CD-1869770121A9}] => (Allow) E:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{9FBE8AE2-DE1B-4C8B-9FCF-D9DC43AB020E}] => (Allow) E:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{365DA440-AFC3-4265-A605-1CBB9168F776}] => (Allow) E:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFF9F639-764B-4D46-A321-DB49298AC5B1}] => (Allow) E:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EBAC7656-4C84-4D1E-A2CC-B917BA2DD270}] => (Allow) E:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2DFE2D4A-6840-4D03-9B6E-BCD62DE286E0}] => (Allow) E:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{64B4E994-F2B1-4E0E-8C8D-CD604AB7EFF4}] => (Allow) E:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{10BE39B1-E901-4556-B9BD-4CE72B2DE6E7}] => (Allow) E:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{064CF919-2D1C-4AC2-B71F-C74D9F774535}] => (Allow) E:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{225B6285-1300-4877-A013-1A0C151480CB}] => (Allow) E:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{535DC2A7-AF2A-4D6D-9C7F-07F93677BD74}] => (Allow) E:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{4AC35877-236A-4FC0-8167-C24DD2749CAD}] => (Allow) E:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{48D3547F-7DDA-40D5-92AA-B21E5AE12EF4}] => (Allow) E:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{AA2E13F4-FE16-46D0-8276-BB3149BCCBE1}] => (Allow) E:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{419E464A-5088-42EF-9E34-0CC70E13A91C}] => (Allow) E:\Users\Jody\FrostWire\FrostWire 5\FrostWire.exe
FirewallRules: [{F3BEFB4F-0D02-40C8-9053-CF2CC4E8AC62}] => (Allow) E:\Users\Jody\FrostWire\FrostWire 5\FrostWire.exe
FirewallRules: [TCP Query User{AA49BB79-C35C-4B58-A421-2701FBFC139F}E:\program files\pia_manager\openvpn.exe] => (Allow) E:\program files\pia_manager\openvpn.exe
FirewallRules: [UDP Query User{C2C5D5C2-3583-47BD-9736-2A9CCC990CE6}E:\program files\pia_manager\openvpn.exe] => (Allow) E:\program files\pia_manager\openvpn.exe
FirewallRules: [{11B522D7-F4C7-4D4C-8038-189C2D7A4238}] => (Allow) E:\Users\Jody\FrostWire\FrostWire 5\FrostWire.exe
FirewallRules: [{955AD8BA-0A36-4DA7-8BDD-59668CB76242}] => (Allow) E:\Users\Jody\FrostWire\FrostWire 5\FrostWire.exe
FirewallRules: [{AAFDE6DE-6FA2-4BB0-8D20-5950E73E1762}] => (Allow) E:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{9652B871-ECF3-43B4-8C6C-7E90743632FE}] => (Allow) E:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{4597C965-BAE5-4038-A8A6-F69C473DAD8C}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{02B43079-2114-4B33-B3A7-261EC42C1E16}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F55ED265-A6BC-4755-8492-35965604E0D3}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F9223314-5FC7-4BCE-AAB7-4E1ABA268D2F}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8E50B402-A476-4B77-B3E4-34153DC54BDE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{48B70A55-106D-4F51-BFCE-FEFB6005B4EA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{D8DF0418-8C5C-4646-91A4-28952198915B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{934A2F91-B596-424E-8C02-ACA542C8123A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{3361D4F2-FB9F-48AA-AD80-A183B4824E00}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{C1BBB6EE-B444-41F8-AD3D-96C378401723}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{25B3D5F0-EBF0-42A2-B903-8BAE5C271B11}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2 - Beta\RelicCoH2.exe
FirewallRules: [{A59B7A25-B923-4C2B-8092-CC6EB978606F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2 - Beta\RelicCoH2.exe
FirewallRules: [{D3AA2ECD-CFED-46AD-8755-C05FF3DE86E4}] => (Allow) E:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{3853B15E-FE32-4787-B0AC-4D30ED223B27}] => (Allow) E:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{C6C2AF5D-D632-4233-A781-909E11A70611}] => (Allow) E:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{9B1541E9-8BA4-40F9-96FB-B8CAE679A69C}] => (Allow) E:\Program Files (x86)\FrostWire 6\FrostWire.exe
FirewallRules: [{A4F10881-E4BC-4E7E-9999-1B4E185A3A6F}] => (Allow) E:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{5C0A1973-1CD0-43FD-BEB3-3F06B5E16A6A}] => (Allow) E:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{3EA5773B-B755-412A-AB26-7D9275541165}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0F5C502-F09A-4278-81AC-93A4E755C069}] => (Allow) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1798AA78-4526-4D95-A22D-4952EA5C95AA}] => (Allow) E:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B1397494-8C80-4626-95DA-A4803F416804}] => (Allow) E:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2015 08:58:13 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Jody-PC)
Description: Application or service 'WD Backup' could not be shut down.
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
 
 
System errors:
=============
Error: (08/31/2015 03:01:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
 
Error: (08/30/2015 08:57:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDBackup service.
 
Error: (08/30/2015 12:32:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
 
Error: (08/29/2015 03:35:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
 
Error: (08/28/2015 09:13:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
 
Error: (08/27/2015 12:51:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
 
Error: (08/26/2015 06:40:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
 
Error: (08/25/2015 09:41:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
 
Error: (08/25/2015 12:06:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
 
Error: (08/24/2015 03:42:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.
 
 
Microsoft Office:
=========================
Error: (08/30/2015 08:58:13 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Jody-PC)
Description: 0WDBackupEngine.exeWD Backup03026216132200
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
 
Error: (08/19/2015 11:39:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
 
 
CodeIntegrity:
===================================
  Date: 2015-07-28 15:49:21.981
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-28 15:49:21.973
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-28 15:49:21.965
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-28 15:49:21.957
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-28 15:49:21.872
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-28 15:49:21.864
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-28 15:49:21.857
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-28 15:49:21.849
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-28 15:49:21.803
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
  Date: 2015-07-28 15:49:21.796
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q9450 @ 2.66GHz
Percentage of memory in use: 74%
Total physical RAM: 6143.29 MB
Available physical RAM: 1569.07 MB
Total Virtual: 12284.78 MB
Available Virtual: 5917.62 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:454.64 GB) (Free:357.9 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.12 GB) (Free:1.19 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP2) (Fixed) (Total:465.76 GB) (Free:298.17 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:465.64 GB) (Free:393.33 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ED244A76)
Partition 1: (Active) - (Size=454.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BE7B56BD)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: B074C539)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Please remove this program, from the programs & Features list. Start > ControlPannel > programs an features.
EnterDigital

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file on your C drive"

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.

    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

    In your next reply post;
  • Malwarebytes log.
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

    Thanks
    Joe :)



  • 0

#3
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Thank you Joe for helping me.  It is really appreciated.  

 

I did the first two steps in your list and will add the txt of the logs.  I already have the Malwarebytes program running.  I have the Premium version v2105.09.01.01 running and will post that log too

 

Oh, and the Enterdigital thing said it was already deleted 

 

Thanks again,

 

# AdwCleaner v5.005 - Logfile created 31/08/2015 at 23:15:47
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Jody - JODY-PC
# Running from : H:\Downloads\adwcleaner_5.005.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : E:\Users\Jody\AppData\Local\PackageAware
Folder Found : E:\Users\Jody\Documents\Updater
 
***** [ Files ] *****
 
File Found : E:\Users\Jody\AppData\Roaming\Mozilla\Firefox\Profiles\uv4sgpcg.default\searchplugins\safesearch.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\EnterDigital
Key Found : HKLM\SOFTWARE\EnterDigital
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\EnterDigital
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-965870668-2612282287-2506016020-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
 
***** [ Web browsers ] *****
 
[E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com_
[E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : blekko.com
[E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : toolbar.ask.com
[E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch.ask.com
[E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : feed.helperbar.com
[E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - E:\AdwCleaner\AdwCleaner[S1].txt - [2640 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Ultimate x64
Ran by Jody on Mon 08/31/2015 at 23:22:28.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\APN PIP
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update EnterDigital
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util EnterDigital
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] E:\Program Files (x86)\convert audio free
Successfully deleted: [Folder] E:\Users\Jody\Appdata\Local\packageaware
 
 
 
~~~ FireFox
 
Successfully deleted: [File] E:\Users\Jody\AppData\Roaming\mozilla\firefox\profiles\uv4sgpcg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Successfully deleted: [File] E:\Users\Jody\AppData\Roaming\mozilla\firefox\profiles\uv4sgpcg.default\searchplugins\safesearch.xml
 
 
 
~~~ Chrome
 
 
[E:\Users\Jody\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[E:\Users\Jody\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[E:\Users\Jody\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[E:\Users\Jody\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/31/2015 at 23:28:41.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/31/2015
Scan Time: 4:40 AM
Logfile: Malware log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.30.01
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jody
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393458
Time Elapsed: 21 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,

Please rerun adwCleaner and use the "Clean" option this time. You currently show that you only scanned with it. The clean option will move the file.
To do that
Open adwCleaner again, press scan, press logfile, then press clean
Post the adwCleaner [SO].txt log found on "E" DRIVE

Next a fix using FRST
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-08-30 20:48 - 2015-06-13 03:41 - 00000000 ____D E:\ProgramData\boost_interprocess
E:\Users\Jody\en_res.dll
E:\Users\Jody\es_res.dll
E:\Users\Jody\fr_res.dll
E:\Users\Jody\grm_res.dll
E:\Users\Jody\it_res.dll
E:\Users\Jody\jp_res.dll
E:\Users\Jody\mfc80u.dll
E:\Users\Jody\msvcr80.dll
E:\Users\Jody\PCPE Setup.exe
E:\Users\Jody\pt_res.dll
E:\Users\Jody\ResourceReader.dll
E:\Users\Jody\ru_res.dll
E:\Users\Jody\zh_res.dll
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to H:\Downloads (Must be in this location)<-----Important to save the fixlist to H:\Downloads
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log in H:\Downloads called (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and
  • 0

#5
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Here you go.  Thanks,

 

# AdwCleaner v5.005 - Logfile created 01/09/2015 at 17:48:57
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Jody - JODY-PC
# Running from : H:\Downloads\adwcleaner_5.005.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : E:\Users\Jody\Documents\Updater
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A07E5BFF-B16C-4ABA-A30F-514213A945E6}
[-] Key Deleted : HKCU\Software\EnterDigital
[-] Key Deleted : HKLM\SOFTWARE\EnterDigital
[!] Key Not Deleted : [x64] HKCU\Software\EnterDigital
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
 
***** [ Web browsers ] *****
 
[-] [E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com_
[-] [E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : blekko.com
[-] [E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : toolbar.ask.com
[-] [E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : feed.helperbar.com
[-] [E:\Users\Jody\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Winsock settings cleared
 
########## EOF - E:\AdwCleaner\AdwCleaner[C1].txt - [2083 bytes] ##########
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Jody (2015-09-02 00:36:36) Run:1
Running from H:\Downloads
Loaded Profiles: Jody (Available Profiles: Jody)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-08-30 20:48 - 2015-06-13 03:41 - 00000000 ____D E:\ProgramData\boost_interprocess
E:\Users\Jody\en_res.dll
E:\Users\Jody\es_res.dll
E:\Users\Jody\fr_res.dll
E:\Users\Jody\grm_res.dll
E:\Users\Jody\it_res.dll
E:\Users\Jody\jp_res.dll
E:\Users\Jody\mfc80u.dll
E:\Users\Jody\msvcr80.dll
E:\Users\Jody\PCPE Setup.exe
E:\Users\Jody\pt_res.dll
E:\Users\Jody\ResourceReader.dll
E:\Users\Jody\ru_res.dll
E:\Users\Jody\zh_res.dll
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
E:\Windows\system32\GroupPolicy\Machine => moved successfully
E:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
E:\ProgramData\boost_interprocess => moved successfully
E:\Users\Jody\en_res.dll => moved successfully
E:\Users\Jody\es_res.dll => moved successfully
E:\Users\Jody\fr_res.dll => moved successfully
E:\Users\Jody\grm_res.dll => moved successfully
E:\Users\Jody\it_res.dll => moved successfully
E:\Users\Jody\jp_res.dll => moved successfully
E:\Users\Jody\mfc80u.dll => moved successfully
E:\Users\Jody\msvcr80.dll => moved successfully
E:\Users\Jody\PCPE Setup.exe => moved successfully
E:\Users\Jody\pt_res.dll => moved successfully
E:\Users\Jody\ResourceReader.dll => moved successfully
E:\Users\Jody\ru_res.dll => moved successfully
E:\Users\Jody\zh_res.dll => moved successfully
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
E:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 5.5 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 00:38:49 ====

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,

Checking in before work. Please run a Malwarebytes scan.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#7
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Not much, that I can see, in this one.  Thanks

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/2/2015
Scan Time: 6:34 PM
Logfile: Sept 2 scan log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.02.09
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jody
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385576
Time Elapsed: 17 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Do we still have the issue in Opera ?

If so I suggest we reset the Opera browser.

Try resetting Opera

See Here.

Joe
  • 0

#9
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

So far, so good.  It has not opened a page by itself since I started this thread.  "How does it know?"

 

Appreciate the help.


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Keep your eyes on it for a while and let me know. I'll leave the topic open for a bit. Then at some point we will close the topic a few days.

Thanks
Joe
  • 0

#11
Jdpowell

Jdpowell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Thank you, thank you, thank you!  I really appreciate your help.  

 

So far, so good.  I think you did it.


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
I think so,

Lets remove the tools that I had you install and the log files that were gererated by running delfix. Then I'll close the topic.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP