Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 pro HP microtower "I have been infected w/ransom trogen&

1-877 call alerts audio warningsms can not use internet my isp is dial up 1-877 ransom blocks all attempts to remove internet explorer 11

  • Please log in to reply

#1
bonezz777

bonezz777

    Member

  • Member
  • PipPip
  • 99 posts

SNAG-16030916085700.png      Hello  I need some one to Please help me get my computer back, & explain "slowly" how & where I got this , email ?, web page ?,.. I have no idea, my Wife & I was playing "pch  mahjong" then out of no where, a voice came over the speakers saying to call MS NOW! You have been infected so call 1-877.......Now our computer stinks more than it already did.  (dial up) so it wont let us browse now; Thanks Guy's & Gal's for Your Time & hard Work.   Tim

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Tim (administrator) on TIM-HP (09-03-2016 15:20:40)
Running from C:\Downloads
Loaded Profiles: Tim (Available Profiles: Tim & General Log In & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Hewlett-Packard Company) C:\Windows\SysWOW64\flcdlock.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-14] (Realtek Semiconductor)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe" /run:"C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2014-02-05] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TweakDUN] => C:\Program Files (x86)\TweakDUN\tweakdun.exe splash
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Lsa: [Notification Packages] DPPassFilter scecli
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{2F1E699D-E62A-4FF1-A81B-78F8012F36FF}: [NameServer] 207.69.188.165 207.69.188.166
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.peoplepc.com/
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-02-05] (Hewlett-Packard)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~2\FRESHD~1\FRESHD~1\fdiebar.dll No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-02-10] (DigitalPersona, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2015-12-12] [not signed]
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-02-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-03-31] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-02-10] (DigitalPersona, Inc.)
R2 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [79440 2015-08-14] (Advanced Micro Devices, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\System32\DRIVERS\amdkmcsp.sys [114456 2015-08-14] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [298776 2015-08-14] (Advanced Micro Devices, Inc. )
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
R2 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-08] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3599840 2013-10-14] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 15:20 - 2016-03-09 15:20 - 00000000 ____D C:\FRST
2016-03-08 07:38 - 2016-02-19 14:02 - 00038336 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-08 07:38 - 2016-02-19 13:54 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-08 07:38 - 2016-02-19 09:07 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-08 07:38 - 2016-02-11 09:07 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-08 07:38 - 2016-02-05 09:07 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-08 07:38 - 2016-02-05 09:07 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-08 07:38 - 2016-02-05 09:07 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-07 18:31 - 2016-03-07 18:31 - 00001026 _____ C:\Users\Public\Desktop\WOLFCODERS ScreenSnag.lnk
2016-03-07 18:31 - 2016-03-07 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WOLFCODERS ScreenSnag
2016-03-07 18:31 - 2016-03-07 18:31 - 00000000 ____D C:\Program Files (x86)\WOLFCODERS ScreenSnag
2016-03-07 16:40 - 2016-03-08 05:06 - 13388686 _____ C:\Users\Tim\Downloads\msert.exe
2016-03-07 10:16 - 2016-03-07 15:06 - 23807881 _____ C:\Users\Tim\Downloads\mpas-fe.exe.26wgabc.partial
2016-03-07 10:07 - 2016-03-07 15:06 - 23800577 _____ C:\Users\Tim\Downloads\mpam-fe (1).exe.erzic1p.partial
2016-03-05 17:06 - 2016-03-09 10:18 - 00000000 ____D C:\Users\General Log In\AppData\Roaming\Free Download Manager
2016-03-05 17:06 - 2016-03-05 17:06 - 00001331 _____ C:\Users\General Log In\Desktop\Free Download Manager.lnk
2016-03-05 13:03 - 2016-03-09 14:26 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-05 13:03 - 2016-03-05 13:03 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-03-05 11:28 - 2016-03-05 11:28 - 00000673 _____ C:\windows\system32\Drivers\etc\hosts.bak
2016-03-05 11:19 - 2000-05-22 00:00 - 00140488 _____ (Microsoft Corporation) C:\windows\SysWOW64\Comdlg32.ocx
2016-03-05 11:19 - 2000-05-22 00:00 - 00115920 _____ (Microsoft Corporation) C:\windows\SysWOW64\Msinet.ocx
2016-03-05 10:24 - 2016-03-05 10:24 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\Oracle
2016-03-05 10:24 - 2016-03-05 10:24 - 00000000 ____D C:\ProgramData\Oracle
2016-03-05 10:17 - 2016-03-05 10:23 - 00735328 _____ (Oracle Corporation) C:\Users\General Log In\Downloads\JavaSetup8u73.exe
2016-03-05 08:54 - 2016-03-05 13:03 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-03-05 08:54 - 2016-03-05 13:03 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-05 08:54 - 2016-03-05 08:54 - 00000000 ____D C:\windows\system32\Macromed
2016-03-05 06:18 - 2016-03-05 06:58 - 02735752 _____ C:\Users\General Log In\Downloads\install_flash_player_18_active_x.exe.ibz20af.partial
2016-03-04 08:07 - 2016-03-04 08:07 - 00000000 ____D C:\Users\General Log In\AppData\Local\DigitalPersona,_Inc
2016-03-02 21:08 - 2016-02-12 13:52 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-02 21:08 - 2016-02-12 13:52 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-02 21:08 - 2016-02-12 13:52 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-02 21:08 - 2016-02-12 13:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-03-02 21:08 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-03-02 21:08 - 2016-02-12 13:22 - 02610688 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-02 21:08 - 2016-02-12 13:19 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-02 21:08 - 2016-02-12 13:18 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-02 21:08 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-03-02 21:08 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-02 21:08 - 2016-02-12 13:18 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-03-02 21:08 - 2016-02-12 13:18 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-03-02 21:08 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-03-02 21:08 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-03-02 21:08 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-03-02 21:08 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-03-01 14:32 - 1999-10-10 15:48 - 00206700 ____R C:\Users\General Log In\Downloads\_SETUP.LIB
2016-03-01 14:31 - 2016-03-05 17:09 - 00000000 ____D C:\Users\General Log In\AppData\Local\Adobe
2016-03-01 13:15 - 2016-03-01 13:15 - 00000000 ____D C:\Users\General Log In\AppData\Roaming\FreeDownloadManager.ORG
2016-03-01 13:15 - 2016-03-01 13:15 - 00000000 ____D C:\Users\General Log In\AppData\Local\Free Download Manager
2016-03-01 13:15 - 2016-03-01 13:15 - 00000000 ____D C:\ProgramData\FreeDownloadManager.ORG
2016-03-01 13:15 - 2016-03-01 13:15 - 00000000 ____D C:\ProgramData\Free Download Manager
2016-02-29 16:53 - 2016-03-08 23:27 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-29 16:53 - 2016-02-29 16:53 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-29 16:53 - 2016-02-29 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-29 16:52 - 2016-02-29 16:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-29 16:52 - 2016-02-29 16:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-29 16:52 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-29 16:52 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-29 15:09 - 2016-02-29 17:59 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-29 15:06 - 2016-02-29 15:06 - 00000000 ____D C:\Users\General Log In\Downloads\mbam-chameleon-3.1.28.0
2016-02-29 14:39 - 2016-02-29 15:05 - 06392130 _____ C:\Users\General Log In\Downloads\mbam-chameleon-3.1.28.0.zip
2016-02-28 13:08 - 2016-02-28 13:08 - 47258812 _____ C:\Users\General Log In\Downloads\Windows6.1-KB947821-v34-x64.msu.zxduuzn.partial
2016-02-28 11:39 - 2016-02-28 11:39 - 00002988 _____ C:\windows\System32\Tasks\{4678693A-7E1D-4D5A-8B9C-88C09315D8A0}
2016-02-28 11:38 - 2016-02-28 11:40 - 00000000 ____D C:\ProgramData\SUPERSetup
2016-02-28 11:37 - 2016-02-28 11:37 - 00002048 _____ C:\Uninstall.dat
2016-02-28 08:56 - 2016-02-28 08:56 - 00000000 ____D C:\Users\General Log In\AppData\Local\GWX
2016-02-28 08:15 - 2016-02-28 08:16 - 00302011 _____ C:\Users\General Log In\Downloads\WindowsUpdateDiagnostic.diagcab
2016-02-28 05:53 - 2016-02-28 05:53 - 00058016 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-28 05:53 - 2016-02-28 05:53 - 00001421 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-28 05:53 - 2016-02-28 05:53 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2016-02-28 05:53 - 2016-02-28 05:53 - 00000000 ____D C:\Users\Guest\AppData\Local\Power2Go8
2016-02-28 05:52 - 2016-02-28 05:53 - 00000000 ____D C:\Users\Guest
2016-02-28 05:52 - 2016-02-28 05:52 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2016-02-28 05:52 - 2016-02-28 05:52 - 00000000 _SHDL C:\Users\Guest\My Documents
2016-02-28 05:52 - 2016-02-28 05:52 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2016-02-28 05:52 - 2016-02-28 05:52 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2016-02-28 05:52 - 2016-02-28 05:52 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2016-02-28 05:52 - 2016-02-28 05:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Intel
2016-02-28 05:52 - 2016-02-28 05:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\EagleGet
2016-02-28 05:52 - 2016-02-28 05:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\DigitalPersona
2016-02-28 05:52 - 2016-02-28 05:52 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2016-02-28 05:52 - 2016-02-28 05:52 - 00000000 ____D C:\Users\Guest\AppData\Local\DigitalPersona
2016-02-28 05:52 - 2015-12-12 02:32 - 00000000 ___HD C:\Users\Guest\Documents\hp.system.package.metadata
2016-02-28 05:52 - 2015-12-12 02:32 - 00000000 ___HD C:\Users\Guest\Documents\hp.applications.package.appdata
2016-02-28 05:52 - 2010-11-21 02:16 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2016-02-27 09:44 - 2016-02-27 09:44 - 00000000 ____D C:\Users\General Log In\AppData\Roaming\Macromedia
2016-02-27 08:06 - 2016-03-06 16:02 - 00003954 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{27A3E11A-B801-4AD0-9748-248E17739A1A}
2016-02-27 08:06 - 2016-03-01 14:31 - 00000000 ____D C:\Users\General Log In\AppData\Roaming\Adobe
2016-02-27 08:06 - 2016-02-27 08:06 - 00058016 _____ C:\Users\General Log In\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-27 08:06 - 2016-02-27 08:06 - 00001421 _____ C:\Users\General Log In\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-27 08:06 - 2016-02-27 08:06 - 00000000 ____D C:\Users\General Log In\AppData\Roaming\Hewlett-Packard
2016-02-27 08:06 - 2016-02-27 08:06 - 00000000 ____D C:\Users\General Log In\AppData\Local\Power2Go8
2016-02-27 08:05 - 2016-03-05 17:01 - 00000000 ____D C:\Users\General Log In\AppData\Local\VirtualStore
2016-02-27 08:05 - 2016-02-27 08:06 - 00000000 ____D C:\Users\General Log In
2016-02-27 08:05 - 2016-02-27 08:05 - 00000020 ___SH C:\Users\General Log In\ntuser.ini
2016-02-27 08:05 - 2016-02-27 08:05 - 00000000 _SHDL C:\Users\General Log In\My Documents
2016-02-27 08:05 - 2016-02-27 08:05 - 00000000 _SHDL C:\Users\General Log In\Documents\My Videos
2016-02-27 08:05 - 2016-02-27 08:05 - 00000000 _SHDL C:\Users\General Log In\Documents\My Pictures
2016-02-27 08:05 - 2016-02-27 08:05 - 00000000 _SHDL C:\Users\General Log In\Documents\My Music
2016-02-27 08:05 - 2016-02-27 08:05 - 00000000 ____D C:\Users\General Log In\AppData\Roaming\Intel
2016-02-27 08:05 - 2016-02-27 08:05 - 00000000 ____D C:\Users\General Log In\AppData\Roaming\DigitalPersona
2016-02-27 08:05 - 2016-02-27 08:05 - 00000000 ____D C:\Users\General Log In\AppData\Local\DigitalPersona
2016-02-27 08:05 - 2015-12-12 02:32 - 00000000 ___HD C:\Users\General Log In\Documents\hp.system.package.metadata
2016-02-27 08:05 - 2015-12-12 02:32 - 00000000 ___HD C:\Users\General Log In\Documents\hp.applications.package.appdata
2016-02-27 08:05 - 2010-11-21 02:16 - 00000000 ____D C:\Users\General Log In\AppData\Roaming\Media Center Programs
2016-02-26 13:59 - 2016-02-26 14:55 - 05236326 _____ C:\Users\Tim\Downloads\Windows6.1-KB947821-v34-x64 (1).msu.vc8llaf.partial
2016-02-25 15:52 - 2016-02-25 20:28 - 20707770 _____ C:\Users\Tim\Downloads\mpam-feX64.exe.7srche2.partial
2016-02-25 14:38 - 2016-02-25 20:19 - 23087326 _____ C:\Users\Tim\Downloads\mpam-fe.exe.ku2pm7u.partial
2016-02-24 22:25 - 2016-02-27 08:07 - 00002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-24 22:25 - 2016-02-27 08:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-24 22:25 - 2016-02-27 08:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-24 20:58 - 2016-02-25 21:01 - 14243008 _____ (Microsoft Corporation) C:\Users\Tim\Downloads\mseinstall.exe
2016-02-24 14:40 - 2016-02-26 07:24 - 00000000 ____D C:\Users\Tim\AppData\Local\FSDART
2016-02-24 08:26 - 2016-02-24 16:29 - 00000000 ____D C:\Users\Tim\AppData\Local\F-Secure
2016-02-24 08:26 - 2016-02-24 16:29 - 00000000 ____D C:\ProgramData\F-Secure
2016-02-23 09:57 - 2016-03-07 09:57 - 00000324 _____ C:\windows\Tasks\HPCeeScheduleForTim.job
2016-02-21 16:26 - 2016-02-21 16:28 - 00357932 _____ C:\Users\Tim\Downloads\Windows6.1-KB947821-v34-x64.msu.2mnrw7p.partial
2016-02-21 07:47 - 2016-02-21 07:48 - 00248048 _____ C:\Users\Tim\Downloads\es2282-adobe8.pdf
2016-02-21 06:44 - 2016-02-21 07:18 - 00000000 ____D C:\Users\Tim\AppData\Local\Deployment
2016-02-21 06:44 - 2016-02-21 06:44 - 00000000 ____D C:\Users\Tim\AppData\Local\Apps\2.0
2016-02-20 10:51 - 2016-02-20 10:51 - 00007597 _____ C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2016-02-18 09:19 - 2015-11-19 09:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-02-18 09:19 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-02-18 09:18 - 2016-01-11 14:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-02-17 10:37 - 2016-02-17 10:37 - 07970904 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiumdva.dll
2016-02-17 10:37 - 2016-02-17 10:37 - 07238984 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiumdag.dll
2016-02-17 10:37 - 2016-02-17 10:37 - 00159768 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiu9p64.dll
2016-02-17 10:37 - 2016-02-17 10:37 - 00119744 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atimpc64.dll
2016-02-17 10:37 - 2016-02-17 10:37 - 00119744 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdpcom64.dll
2016-02-17 10:37 - 2016-02-17 10:37 - 00102040 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atimpc32.dll
2016-02-17 10:37 - 2016-02-17 10:37 - 00102040 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdpcom32.dll
2016-02-17 10:35 - 2016-02-17 10:35 - 00148840 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdave64.dll
2016-02-17 10:35 - 2016-02-17 10:35 - 00135280 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\amdhcp32.dll
2016-02-17 10:35 - 2016-02-17 10:35 - 00130616 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdave32.dll
2016-02-17 10:34 - 2016-02-17 10:34 - 00874008 _____ (AMD) C:\windows\system32\coinst_15.20.dll
2016-02-17 10:34 - 2016-02-17 10:34 - 00243736 _____ C:\windows\system32\clinfo.exe
2016-02-17 10:34 - 2016-02-17 10:34 - 00161296 _____ C:\windows\system32\hsa-thunk64.dll
2016-02-17 10:34 - 2016-02-17 10:34 - 00151576 _____ C:\windows\SysWOW64\hsa-thunk.dll
2016-02-17 10:34 - 2016-02-17 10:34 - 00151064 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\mantle64.dll
2016-02-17 10:34 - 2016-02-17 10:34 - 00126488 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\mantle32.dll
2016-02-17 10:34 - 2016-02-17 10:34 - 00117776 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\mantleaxl64.dll
2016-02-17 10:34 - 2016-02-17 10:34 - 00098328 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\mantleaxl32.dll
2016-02-17 10:34 - 2016-02-17 10:34 - 00012824 _____ (Microsoft Corporation) C:\windows\system32\detoured.dll
2016-02-17 10:34 - 2016-02-17 10:34 - 00012816 _____ (Microsoft Corporation) C:\windows\SysWOW64\detoured.dll
2016-02-17 10:33 - 2016-02-17 10:33 - 25059344 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\atioglxx.dll
2016-02-17 10:33 - 2016-02-17 10:33 - 00199704 _____ (AMD) C:\windows\system32\atitmm64.dll
2016-02-17 10:33 - 2016-02-17 10:33 - 00128536 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atisamu64.dll
2016-02-17 10:33 - 2016-02-17 10:33 - 00110104 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atisamu32.dll
2016-02-17 10:32 - 2016-02-17 10:32 - 30554640 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atio6axx.dll
2016-02-17 10:32 - 2016-02-17 10:32 - 21527568 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\atikmdag.sys
2016-02-17 10:32 - 2016-02-17 10:32 - 00493592 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\atikmpag.sys
2016-02-17 10:32 - 2016-02-17 10:32 - 00341528 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\ATIODE.exe
2016-02-17 10:32 - 2016-02-17 10:32 - 00059928 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\ATIODCLI.exe
2016-02-17 10:32 - 2016-02-17 10:32 - 00038424 _____ (AMD) C:\windows\system32\atimuixx.dll
2016-02-17 10:31 - 2016-02-17 10:31 - 14310936 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\aticaldd.dll
2016-02-17 10:31 - 2016-02-17 10:31 - 00451096 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atidemgy.dll
2016-02-17 10:31 - 2016-02-17 10:31 - 00219152 _____ C:\windows\system32\atieah64.exe
2016-02-17 10:31 - 2016-02-17 10:31 - 00198160 _____ C:\windows\SysWOW64\atieah32.exe
2016-02-17 10:31 - 2016-02-17 10:31 - 00166928 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atigktxx.dll
2016-02-17 10:31 - 2016-02-17 10:31 - 00114200 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atig6pxx.dll
2016-02-17 10:31 - 2016-02-17 10:31 - 00099352 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiglpxx.dll
2016-02-17 10:31 - 2016-02-17 10:31 - 00099352 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiglpxx.dll
2016-02-17 10:31 - 2016-02-17 10:31 - 00071192 _____ (Advanced Micro Devices Inc.) C:\windows\system32\aticalrt64.dll
2016-02-17 10:30 - 2016-02-17 10:30 - 00945680 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\atiadlxy.dll
2016-02-17 10:30 - 2016-02-17 10:30 - 00945680 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\atiadlxx.dll
2016-02-17 10:30 - 2016-02-17 10:30 - 00394256 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atiapfxx.exe
2016-02-17 10:30 - 2016-02-17 10:30 - 00064528 _____ (Advanced Micro Devices Inc.) C:\windows\system32\aticalcl64.dll
2016-02-17 10:30 - 2016-02-17 10:30 - 00057880 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\aticalcl.dll
2016-02-17 10:30 - 2016-02-17 10:30 - 00052248 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\ati2erec.dll
2016-02-17 10:29 - 2016-02-17 10:29 - 27544600 _____ (Advanced Micro Devices Inc.) C:\windows\system32\amdocl12cl64.dll
2016-02-17 10:29 - 2016-02-17 10:29 - 22327312 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\amdocl12cl.dll
2016-02-17 10:29 - 2016-02-17 10:29 - 01196064 _____ C:\windows\system32\amdocl_as64.exe
2016-02-17 10:29 - 2016-02-17 10:29 - 01070624 _____ C:\windows\system32\amdocl_ld64.exe
2016-02-17 10:29 - 2016-02-17 10:29 - 01004064 _____ C:\windows\SysWOW64\amdocl_as32.exe
2016-02-17 10:29 - 2016-02-17 10:29 - 00807456 _____ C:\windows\SysWOW64\amdocl_ld32.exe
2016-02-17 10:28 - 2016-02-17 10:28 - 39721496 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\amdocl.dll
2016-02-17 10:28 - 2016-02-17 10:28 - 06354456 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdmantle64.dll
2016-02-17 10:28 - 2016-02-17 10:28 - 05138448 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdmantle32.dll
2016-02-17 10:28 - 2016-02-17 10:28 - 00237584 _____ C:\windows\system32\amdgfxinfo64.dll
2016-02-17 10:28 - 2016-02-17 10:28 - 00059408 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdmmcl6.dll
2016-02-17 10:28 - 2016-02-17 10:28 - 00047120 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdmmcl.dll
2016-02-17 10:27 - 2016-02-17 10:27 - 00209936 _____ C:\windows\SysWOW64\amdgfxinfo32.dll
2016-02-17 10:27 - 2016-02-17 10:27 - 00068112 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2016-02-17 10:22 - 2016-02-17 10:22 - 15725584 _____ (Advanced Micro Devices Inc.) C:\windows\system32\aticaldd64.dll
2016-02-17 10:22 - 2016-02-17 10:22 - 00060952 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\aticalrt.dll
2016-02-17 10:21 - 2016-02-17 10:21 - 08705552 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiumd64.dll
2016-02-17 10:21 - 2016-02-17 10:21 - 00151456 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\amdhcp64.dll
2016-02-17 10:21 - 2016-02-17 10:21 - 00133240 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiu9pag.dll
2016-02-17 09:42 - 2016-02-17 09:42 - 00140240 _____ C:\windows\system32\samu_krnl_ci.sbin
2016-02-17 09:42 - 2016-02-17 09:42 - 00047664 _____ C:\windows\system32\kapp_ci.sbin
2016-02-17 09:42 - 2016-02-17 09:42 - 00043536 _____ C:\windows\system32\kapp_si.sbin
2016-02-17 09:41 - 2016-02-17 09:41 - 03471376 _____ C:\windows\SysWOW64\atiumdva.cap
2016-02-17 09:41 - 2016-02-17 09:41 - 03437632 _____ C:\windows\system32\atiumd6a.cap
2016-02-17 09:41 - 2016-02-17 09:41 - 00842001 _____ C:\windows\system32\amdicdxx.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00737410 _____ C:\windows\system32\atiicdxx.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00663856 _____ C:\windows\SysWOW64\atiapfxx.blb
2016-02-17 09:41 - 2016-02-17 09:41 - 00663856 _____ C:\windows\system32\atiapfxx.blb
2016-02-17 09:41 - 2016-02-17 09:41 - 00322868 _____ C:\windows\system32\ativvaxy_vi.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00321200 _____ C:\windows\system32\ativvaxy_vi_nd.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00255808 _____ C:\windows\system32\ativvaxy_cz_nd.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00250884 _____ C:\windows\system32\ativvaxy_FJ.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00249088 _____ C:\windows\system32\ativvaxy_FJ_nd.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00234420 _____ C:\windows\system32\ativvaxy_cik.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00232752 _____ C:\windows\system32\ativvaxy_cik_nd.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00177344 _____ C:\windows\system32\ativce03.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00175648 _____ C:\windows\system32\amde31a.dat
2016-02-17 09:41 - 2016-02-17 09:41 - 00100816 _____ C:\windows\system32\ativce02.dat
2016-02-15 20:25 - 2016-02-16 05:37 - 22908888 _____ (Malwarebytes ) C:\Users\Tim\Downloads\mbam-setup-majorgeeks-2.2.0.1024.exe
2016-02-13 14:13 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-02-13 14:13 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-02-13 14:13 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-02-13 14:13 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-02-13 14:13 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-02-13 14:13 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-02-13 14:13 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-02-13 14:13 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-02-13 14:13 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-02-13 14:13 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-02-13 14:13 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-02-13 14:13 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-02-13 14:13 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-02-13 14:13 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-02-13 12:40 - 2016-01-22 15:31 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-02-13 12:40 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-02-13 12:40 - 2016-01-22 01:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-02-13 12:40 - 2016-01-22 01:41 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-02-13 12:40 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-02-13 12:40 - 2016-01-22 01:40 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-02-13 12:40 - 2016-01-22 01:40 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-02-13 12:40 - 2016-01-22 01:40 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-02-13 12:40 - 2016-01-22 01:33 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-02-13 12:40 - 2016-01-22 01:32 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-02-13 12:40 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-02-13 12:40 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-02-13 12:40 - 2016-01-22 01:27 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-02-13 12:40 - 2016-01-22 01:27 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-02-13 12:40 - 2016-01-22 01:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-02-13 12:40 - 2016-01-22 01:17 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-02-13 12:40 - 2016-01-22 01:09 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-13 12:40 - 2016-01-22 01:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-02-13 12:40 - 2016-01-22 01:05 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-02-13 12:40 - 2016-01-22 01:04 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-02-13 12:40 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-02-13 12:40 - 2016-01-22 01:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-02-13 12:40 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-02-13 12:40 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-02-13 12:40 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-02-13 12:40 - 2016-01-22 01:00 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-02-13 12:40 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-02-13 12:40 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-02-13 12:40 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-02-13 12:40 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-02-13 12:40 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-02-13 12:40 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-02-13 12:40 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-02-13 12:40 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-02-13 12:40 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-02-13 12:40 - 2016-01-22 00:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-02-13 12:40 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-02-13 12:40 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-13 12:40 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-02-13 12:40 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-02-13 12:40 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-02-13 12:40 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-02-13 12:40 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-02-13 12:40 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-02-13 12:40 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-02-13 12:40 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-02-13 12:40 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-02-13 12:40 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-02-13 12:40 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-02-13 12:40 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-02-13 12:40 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-02-13 12:40 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-02-13 09:04 - 2016-02-13 09:04 - 00841698 _____ C:\Users\Tim\Documents\Independent Living Presents___ Establishing a State of Ultimate Self Reliance_php.mht
2016-02-12 09:28 - 2016-01-22 01:27 - 05573056 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-02-12 09:28 - 2016-01-22 01:27 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-02-12 09:28 - 2016-01-22 01:27 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-02-12 09:28 - 2016-01-22 01:24 - 01733592 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-02-12 09:28 - 2016-01-22 01:20 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-02-12 09:28 - 2016-01-22 01:19 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-02-12 09:28 - 2016-01-22 01:19 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-02-12 09:28 - 2016-01-22 01:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-02-12 09:28 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-02-12 09:28 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-02-12 09:28 - 2016-01-22 01:18 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-02-12 09:28 - 2016-01-22 01:17 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-02-12 09:28 - 2016-01-22 01:17 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-02-12 09:28 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-02-12 09:28 - 2016-01-22 01:16 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-02-12 09:28 - 2016-01-22 01:16 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-02-12 09:28 - 2016-01-22 01:16 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-02-12 09:28 - 2016-01-22 01:15 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-02-12 09:28 - 2016-01-22 01:15 - 00730112 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-02-12 09:28 - 2016-01-22 01:15 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-02-12 09:28 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-02-12 09:28 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-02-12 09:28 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-02-12 09:28 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-02-12 09:28 - 2016-01-22 01:13 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00880128 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 01:09 - 01314328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-02-12 09:28 - 2016-01-22 01:06 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-02-12 09:28 - 2016-01-22 01:06 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-02-12 09:28 - 2016-01-22 01:06 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-02-12 09:28 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-02-12 09:28 - 2016-01-22 01:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-02-12 09:28 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-02-12 09:28 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-02-12 09:28 - 2016-01-22 01:06 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-02-12 09:28 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-02-12 09:28 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-02-12 09:28 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-02-12 09:28 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-02-12 09:28 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-02-12 09:28 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-02-12 09:28 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-02-12 09:28 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-02-12 09:28 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-02-12 09:28 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-02-12 09:28 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-12 09:28 - 2016-01-22 00:13 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-02-12 09:28 - 2016-01-22 00:07 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-02-12 09:28 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-02-12 09:28 - 2016-01-22 00:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-02-12 09:28 - 2016-01-21 23:59 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-02-12 09:28 - 2016-01-21 23:58 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-02-12 09:28 - 2016-01-21 23:58 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-02-12 09:28 - 2016-01-21 23:57 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-02-12 09:28 - 2016-01-21 23:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-02-12 09:28 - 2016-01-21 23:53 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-02-12 09:28 - 2016-01-21 23:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-02-12 09:28 - 2016-01-21 23:53 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-02-12 09:28 - 2016-01-21 23:53 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-02-12 09:28 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-02-12 09:28 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-12 09:28 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-12 09:28 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-12 09:28 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-12 07:49 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-02-12 07:49 - 2016-01-06 14:02 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-02-12 07:49 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-02-12 07:39 - 2016-01-16 14:01 - 02085888 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-02-12 07:39 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-02-10 12:37 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-02-10 12:36 - 2015-12-20 13:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-02-10 12:36 - 2015-12-20 13:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 12:36 - 2015-12-20 09:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-02-10 12:31 - 2016-01-07 12:53 - 03211776 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-02-09 18:04 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-09 18:04 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-02-08 11:49 - 2016-02-08 11:49 - 00058410 _____ C:\Users\Tim\Downloads\ACCESS_FLORIDA_APPLICATION_DETAILS_668081505.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 15:20 - 2016-01-14 08:31 - 00003910 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6E4A02F4-3E64-41F3-896C-220F4F605540}
2016-03-09 13:29 - 2009-07-13 23:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-09 13:29 - 2009-07-13 23:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-09 11:11 - 2009-07-14 00:13 - 00781302 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-09 11:11 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-03-09 11:07 - 2015-12-12 02:31 - 03910742 _____ C:\windows\SysWOW64\rootpa.e2e
2016-03-09 11:07 - 2009-07-14 00:08 - 00032612 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-03-09 11:07 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-09 11:02 - 2016-01-04 17:26 - 03303492 _____ C:\windows\ntbtlog.txt
2016-03-09 11:01 - 2015-12-12 02:28 - 00065536 _____ C:\windows\system32\spu_storage.bin
2016-03-08 11:41 - 2015-12-28 15:22 - 00000000 ____D C:\Users\Tim\AppData\Local\ElevatedDiagnostics
2016-03-08 07:39 - 2016-01-12 06:17 - 00000000 ____D C:\windows\system32\appraiser
2016-03-07 18:32 - 2015-12-28 14:04 - 00000000 ____D C:\Users\Tim\AppData\Local\VirtualStore
2016-03-07 09:57 - 2015-12-29 20:23 - 00003174 _____ C:\windows\System32\Tasks\HPCeeScheduleForTim
2016-03-06 07:37 - 2016-01-01 11:12 - 00000000 ____D C:\Users\Tim\Documents\EGDownloads
2016-03-05 17:09 - 2016-01-07 07:12 - 00000000 ____D C:\Users\Tim\AppData\Local\Adobe
2016-03-04 13:00 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2016-03-04 07:56 - 2015-12-28 14:04 - 00000000 ____D C:\Users\Tim
2016-02-27 19:23 - 2016-01-04 17:26 - 00000000 ____D C:\windows\Minidump
2016-02-27 19:23 - 2015-12-28 18:59 - 00342324 ____N C:\windows\Minidump\022716-20997-01.dmp
2016-02-27 19:22 - 2009-07-13 22:20 - 00000000 ____D C:\windows\LiveKernelReports
2016-02-27 08:07 - 2015-12-12 02:43 - 00002155 _____ C:\windows\epplauncher.mif
2016-02-27 00:52 - 2015-12-12 02:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-02-27 00:52 - 2013-12-03 15:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-27 00:45 - 2016-01-16 05:30 - 00000000 ____D C:\windows\system32\appmgmt
2016-02-26 15:34 - 2009-07-13 22:20 - 00000000 ____D C:\windows\tracing
2016-02-24 18:00 - 2016-01-03 05:33 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-24 18:00 - 2016-01-03 05:33 - 00000000 ___SD C:\windows\system32\GWX
2016-02-24 06:19 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2016-02-23 08:04 - 2015-12-12 02:39 - 00000000 ___HD C:\windows\system32\WLANProfiles
2016-02-23 08:04 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-23 08:04 - 2009-07-13 22:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2016-02-23 08:04 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2016-02-17 10:37 - 2014-04-02 07:06 - 08910672 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiumd6a.dll
2016-02-17 10:37 - 2014-04-02 07:06 - 00176848 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiuxp64.dll
2016-02-17 10:37 - 2014-04-02 07:06 - 00146728 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiuxpag.dll
2016-02-17 10:36 - 2014-04-02 07:06 - 09561688 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atidxx32.dll
2016-02-17 10:36 - 2014-04-02 07:06 - 01469808 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\aticfx64.dll
2016-02-17 10:36 - 2014-04-02 07:06 - 01214248 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\aticfx32.dll
2016-02-17 10:31 - 2014-04-02 05:58 - 00704536 _____ (AMD) C:\windows\system32\atieclxx.exe
2016-02-17 10:31 - 2014-04-02 05:57 - 00305176 _____ (AMD) C:\windows\system32\atiesrxx.exe
2016-02-17 10:31 - 2014-04-02 05:22 - 00193560 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atig6txx.dll
2016-02-17 10:30 - 2014-04-02 06:44 - 47793680 _____ (Advanced Micro Devices Inc.) C:\windows\system32\amdocl64.dll
2016-02-17 10:30 - 2014-04-02 05:23 - 01258000 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atiadlxx.dll
2016-02-17 10:27 - 2014-04-02 06:39 - 00073744 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2016-02-17 10:21 - 2014-04-02 07:06 - 11266224 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atidxx64.dll
2016-02-15 17:38 - 2015-12-28 14:16 - 00000000 ____D C:\Users\Tim\AppData\Local\Hewlett-Packard
2016-02-12 17:53 - 2016-01-12 06:17 - 00000000 ___SD C:\windows\system32\CompatTel
2016-02-12 17:53 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 16:31 - 2009-07-13 23:45 - 00267672 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-10 15:30 - 2016-01-31 18:50 - 00000000 ____D C:\windows\system32\MRT
2016-02-10 15:27 - 2016-01-31 18:50 - 146614896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2016-02-20 10:51 - 2016-02-20 10:51 - 0007597 _____ () C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
2016-01-15 10:35 - 2016-01-15 10:35 - 0043158 _____ () C:\ProgramData\1452872097.bdinstall.bin
2016-01-15 10:36 - 2016-01-15 10:37 - 0040235 _____ () C:\ProgramData\1452872215.12020.bin
2016-01-15 10:37 - 2016-01-15 10:37 - 0001156 _____ () C:\ProgramData\1452872215.7672.bin
2016-01-15 16:50 - 2016-01-15 16:50 - 1409157 _____ () C:\ProgramData\1452872494.bdinstall.bin
2016-01-15 18:13 - 2016-01-15 18:13 - 0038453 _____ () C:\ProgramData\1452899595.bdinstall.bin
2016-01-15 18:13 - 2016-01-15 18:14 - 0004107 _____ () C:\ProgramData\1452899603.4068.bin
2016-01-15 18:13 - 2016-01-15 18:14 - 0027721 _____ () C:\ProgramData\1452899603.4640.bin
2016-01-15 18:13 - 2016-01-15 18:14 - 0003515 _____ () C:\ProgramData\1452899603.4652.bin
2016-01-15 18:13 - 2016-01-15 18:14 - 0039796 _____ () C:\ProgramData\1452899603.6328.bin
2016-01-15 19:08 - 2016-01-15 19:08 - 0032109 _____ () C:\ProgramData\1452902927.bdinstall.bin
2016-01-15 19:08 - 2016-01-15 19:08 - 0032109 _____ () C:\ProgramData\1452902928.bdinstall.bin
2016-01-15 19:09 - 2016-01-15 19:09 - 0032109 _____ () C:\ProgramData\1452902986.bdinstall.bin
2016-01-16 05:26 - 2016-01-16 05:27 - 0039479 _____ () C:\ProgramData\1452939960.1056.bin
2016-01-16 05:26 - 2016-01-16 05:27 - 0003977 _____ () C:\ProgramData\1452939960.172.bin
2016-01-16 05:26 - 2016-01-16 05:27 - 0003514 _____ () C:\ProgramData\1452939960.220.bin
2016-01-16 05:26 - 2016-01-16 05:27 - 0028823 _____ () C:\ProgramData\1452939960.4292.bin
2016-01-20 07:33 - 2016-01-20 07:44 - 0039603 _____ () C:\ProgramData\1453293207.4864.bin
2016-01-20 07:33 - 2016-01-20 07:33 - 0002898 _____ () C:\ProgramData\1453293207.4956.bin
2016-01-20 07:33 - 2016-01-20 07:44 - 0004110 _____ () C:\ProgramData\1453293207.4960.bin
2016-01-20 07:33 - 2016-01-20 07:33 - 0028823 _____ () C:\ProgramData\1453293207.5100.bin
2016-01-20 17:43 - 2016-01-20 17:43 - 0092523 _____ () C:\ProgramData\1453329302.bdinstall.bin
2016-01-22 07:54 - 2016-01-22 07:54 - 0091818 _____ () C:\ProgramData\1453467220.bdinstall.bin
2015-12-12 02:34 - 2015-12-12 02:36 - 8864026 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-12-12 02:42 - 2015-12-12 02:42 - 1278780 _____ () C:\ProgramData\hpdam_install_log.txt
2015-12-12 02:42 - 2015-12-12 02:42 - 0544502 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
 
Some files in TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\Extract.exe
C:\Users\Tim\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Tim\AppData\Local\Temp\HPSFUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-09 12:19
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Tim (2016-03-09 15:22:01)
Running from C:\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-12-28 19:04:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3386813744-1969293527-735481815-500 - Administrator - Disabled)
General Log In (S-1-5-21-3386813744-1969293527-735481815-1002 - Limited - Enabled) => C:\Users\General Log In
Guest (S-1-5-21-3386813744-1969293527-735481815-501 - Limited - Enabled) => C:\Users\Guest
Tim (S-1-5-21-3386813744-1969293527-735481815-1001 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Out of date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Out of date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
Bejeweled Twist (HKLM-x32\...\Bejeweled Twist) (Version:  - PopCap Games)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.3.1786 - Hewlett-Packard Company)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{F7A8FF27-1B85-4C23-A6FA-97DE491ECC9A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM-x32\...\{59202086-BEA1-411A-8AA4-A5DCD28FF537}) (Version: 1.0.13.1 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{23544215-E6E6-448B-B6E9-6268D5B3E74D}) (Version: 3.5.0.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Theft Recovery (HKLM-x32\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation)
K-Lite Codec Pack 11.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
LSI USB 2.0 Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.102 - LSI Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
Peggle Nights (HKLM-x32\...\Peggle Nights) (Version:  - PopCap Games)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
WOLFCODERS ScreenSnag (HKLM-x32\...\{481875AB-8D00-46D0-92E2-27BB13B20975}_is1) (Version:  - WOLFCODERS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0EAF5B38-B5E3-4853-9C3B-ABC026D20D6E} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-12-23] ()
Task: {220ECEBE-27F2-49F6-B940-105C91A5710F} - System32\Tasks\{AD6719E0-A35B-4FB0-9469-F3ECA6E98920} => F:\Setup.exe
Task: {2BDFECED-24B7-4D8C-9025-C1502F04228B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {574C1531-DEB3-4B46-87BF-D18E1D1B893E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2014-01-13] (Hewlett-Packard Company)
Task: {5A8AB509-63B9-4177-8BFB-37259FE9108F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {6ACD3DA3-8CDC-45B3-9B7A-E23AF4FD5272} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {6F56ADC2-45B8-40B8-ACEB-CE95EE0AF0EC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-05] (Adobe Systems Incorporated)
Task: {8773223F-C0F6-4256-B6AE-37485593ED18} - System32\Tasks\{B1BDA461-F2FB-4735-911B-8466740BEE40} => pcalua.exe -a F:\ISP5900\setup.exe -d F:\ISP5900
Task: {92A5803E-5154-441D-983A-B74D0B2F9E1B} - System32\Tasks\{4678693A-7E1D-4D5A-8B9C-88C09315D8A0} => C:\Users\General Log In\Downloads\SUPERAntiSpyware.exe
Task: {A3201F91-388D-4F70-8D35-5431639892AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2015-11-30] (Hewlett-Packard)
Task: {C27BFDA4-CAB4-4ADA-BF3A-7685ABADCB4A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Service Update Utility => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Service\ServiceUpdater.exe [2015-05-20] (Hewlett-Packard Company)
Task: {D518CAEF-FE54-4352-840C-A96CB408FEAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {DF3F0AF7-6913-4840-8E0F-214B56FB6E4E} - System32\Tasks\{AC256CE6-2226-4B88-90C3-CDD2A645EA89} => F:\Setup.exe
Task: {E09B7320-43EB-4211-85A0-531DAC68FA3C} - System32\Tasks\HPCeeScheduleForTim => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\HPCeeScheduleForTim.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-31 16:28 - 2014-03-31 16:28 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2014-02-05 14:56 - 2014-02-05 14:56 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2015-12-12 02:41 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\peoplepc.com -> hxxp://webmail.c.peoplepc.com
IE trusted site: HKU\S-1-5-21-3386813744-1969293527-735481815-1001\...\winndixie.com -> hxxps://www.winndixie.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-03-05 11:28 - 2016-03-05 21:46 - 00000835 ____A C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 207.69.188.165 - 207.69.188.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
 
==================== Restore Points =========================
 
07-03-2016 07:28:02 Windows Update
07-03-2016 10:46:55 Windows Update
07-03-2016 10:54:19 Windows Update
08-03-2016 06:35:03 Windows Update
08-03-2016 07:38:57 Windows Update
08-03-2016 10:00:10 Windows Update
08-03-2016 11:42:15 Windows Update
09-03-2016 10:00:13 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2016 11:08:51 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (03/09/2016 11:08:51 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (03/09/2016 11:08:50 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (03/09/2016 11:08:49 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (03/09/2016 11:08:49 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (03/09/2016 11:08:47 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (03/09/2016 11:08:07 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (03/09/2016 11:08:07 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (03/09/2016 11:07:21 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
Error: (03/09/2016 11:07:20 AM) (Source: flcdlock) (EventID: 1055) (User: )
Description: An error occurred enumerating device {4D36E972-E325-11CE-BFC1-08002BE10318}Microsoft Virtual WiFi Miniport Adapter #2.
 
 
The system error code is 0xe0000231:-
 
** The error code could not be translated **
 
 
System errors:
=============
Error: (03/09/2016 12:20:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 115.39.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/09/2016 12:19:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.213.7751.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/09/2016 12:19:49 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.213.7751.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/09/2016 12:18:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.213.7751.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/09/2016 11:47:24 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 115.39.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/09/2016 11:47:00 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.213.7751.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/09/2016 11:47:00 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.213.7751.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/09/2016 11:46:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.213.7751.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/09/2016 11:46:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.213.7751.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/09/2016 11:07:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 115.39.0.0
 
Update Source: %NT AUTHORITY51
 
Update Stage: 4.9.0218.00
 
Source Path: 4.9.0218.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
CodeIntegrity:
===================================
  Date: 2016-02-27 03:00:18.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-27 03:00:18.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-27 03:00:18.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-27 02:44:54.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-27 02:44:54.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-27 02:44:54.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-26 16:22:08.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-26 16:22:08.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-26 16:22:08.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-26 16:22:08.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\EagleGet\eagleGet_x86.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 27%
Total physical RAM: 7612.08 MB
Available physical RAM: 5544.01 MB
Total Virtual: 15222.37 MB
Available Virtual: 13158.62 MB
 
==================== Drives ================================
 
Drive c: (Windows ) (Fixed) (Total:919.11 GB) (Free:861.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.3 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
Drive f: () (CDROM) (Total:4.38 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6F9E5779)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

I searched to see if I could find anything, I found this::SNAG-16031006484800.png Notice "mark Williams" in the mail, no clue, but maybe BUG?, I don't open email if not recognized., Also notice on page 21 of email look at the date of 1st one; And again on page 19, these had really strange email addresses & the suspect email date weird, could this be the problem, or maybe when I tried to down load java, or flash player...That's all I know....Thanks

Attached Thumbnails

  • SNAG-16031006501200.png
  • SNAG-16031006533200.png
  • SNAG-16031006563200.png
  • SNAG-16031006583500.png

  • 0

#3
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)



I do not see anything bad here, but let's deploy an additional tool to perform some procedures.


51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    emptyiecache;
    autoclean;
    process;
    drivers-services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
  • 0

#4
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hello Naat, I did what you requested, but it's been running over 5 hours; Also did You have time to look at those emails ?  and or farbar  results..Thanks


  • 0

#5
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts
Hi Naat, after about 10 hrs I tried to shut the tool and computer off, it wouldn't let me, had to force it off; Okay so around 7:00am Florida time, I restarted the tool and it went rite to work as it should, here are the results::
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Tim on Fri 03/11/2016 at 7:01:03.28.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/11/2016 7:11:56 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\COMMON~1\AV deleted successfully
C:\PROGRA~3\HPQLOG deleted successfully
C:\Users\Tim\AppData\Roaming\hpqlog deleted successfully
C:\Users\Tim\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\Tim\AppData\Local\FSDART deleted successfully
C:\Users\Tim\AppData\Local\MediaShow deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\windows\SysWOW64\tbaseprovisioning.exe
C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\flcdlock.exe
c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Downloads\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AERTFilters] - Andrea RT Filters Service - c:\program files\realtek\audio\hda\aertsr64.exe
R2 - [AgereModemAudio] - Agere Modem Call Progress Audio - c:\program files\lsi softmodem\agr64svc.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [CtAgentService] - Absolute Software Agent Service - c:\program files (x86)\hewlett-packard\hp theft recovery\ctservice.exe
R2 - [DpHost] - DigitalPersona Authentication Service - c:\program files\hewlett-packard\hp protecttools security manager\bin\dphostw.exe
R2 - [EvtEng] - Intel® PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe
R2 - [FLCDLOCK] - HP Device Locking / Auditing - c:\windows\syswow64\flcdlock.exe
R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
R2 - [HpDamServiceHost] - HP Device Access Manager Usage Service - c:\program files (x86)\hewlett-packard\hp device access manager\hp.protecttools.deviceaccessmanager.servicehost.exe
R2 - [HPFSService] - HP File Sanitizer - c:\program files (x86)\hewlett-packard\file sanitizer\hpfsservice.exe
R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [RegSrvc] - Intel® PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe
R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe
R2 - [tbaseprovisioning] - tbaseprovisioning - c:\windows\syswow64\tbaseprovisioning.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [ZeroConfigService] - Intel® PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe
R3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
R3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\windows\system32\Drivers\FltMgr.sys
R0 - [MpFilter] - Microsoft Malware Protection Driver - C:\windows\system32\Drivers\MpFilter.sys
R0 - [Mup] - Mup - C:\windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Server SMB 1.xxx Driver - C:\windows\system32\Drivers\srv.sys
R3 - [srv2] - Server SMB 2.xxx Driver - C:\windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\windows\system32\Drivers\ACPI.sys
R0 - [amd_sata] - amd_sata - C:\windows\system32\Drivers\amd_sata.sys
R0 - [amd_xata] - amd_xata - C:\windows\system32\Drivers\amd_xata.sys
R0 - [amdkmpfd] - AMD PCI Root Bus Lower Filter - C:\windows\system32\Drivers\amdkmpfd.sys
R0 - [amdsata] - amdsata - C:\windows\system32\Drivers\amdsata.sys
R0 - [amdxata] - amdxata - C:\windows\system32\Drivers\amdxata.sys
R0 - [CLFS] - Common Log (CLFS) - C:\windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\windows\system32\Drivers\CNG.sys
R0 - [Disk] - Disk Driver - C:\windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Bitlocker Drive Encryption Filter Driver - C:\windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Mount Point Manager - C:\windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - NDIS System Driver - C:\windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Partition Manager - C:\windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\windows\system32\Drivers\spldr.sys
R0 - [storflt] - Disk Virtual Machine Bus Acceleration Filter Driver - C:\windows\system32\Drivers\storflt.sys [x]
R0 - [Tcpip] - TCP/IP Protocol Driver - C:\windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Dynamic Volume Manager - C:\windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Storage volumes - C:\windows\system32\Drivers\volsnap.sys
R0 - [Wd] - Microsoft Watchdog Timer Driver - C:\windows\system32\Drivers\Wd.sys
R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\windows\system32\Drivers\Beep.sys
R1 - [tdx] - NetIO Legacy TDI Support Driver - C:\windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\windows\system32\Drivers\tcpipreg.sys
S3 - [atapi] - atapi - C:\windows\system32\Drivers\atapi.sys

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Coupons deleted
C:\PROGRA~3\hpdam_install_log.txt deleted
C:\PROGRA~3\HPFileSanitizer_Install_Log.txt deleted
C:\PROGRA~3\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE} deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\Syswow64\GroupPolicy\gpt.ini deleted

==== System Specs ======================

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 7613 MB
CPU Info: AMD A8-6410 APU with AMD Radeon R5 Graphics
CPU Speed: 2001.0 MHz
Sound Card: Speakers (Realtek High Definiti |
Modem #3 Line Playback |
Display Adapters: AMD Radeon™ R5 Graphics | AMD Radeon™ R5 Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Dial-up Connectionpeoplepc123 | Microsoft Virtual WiFi Miniport Adapter | Intel® Dual Band Wireless-N 7260 | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (F: | ) F: hp DVD A DS8ACSH
Ports: COM1 | COM3 LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 919.1GB | D: 11.3GB | E: 96.0MB
Hard Disks - Free: C: 864.8GB | D: 1.2GB | E: 56.5MB
Manufacturer *: AMI
BIOS Info: AT/AT COMPATIBLE | 09/12/14 | HPQOEM - 1072009
Time Zone: Eastern Standard Time
Motherboard *: Hewlett-Packard 2240
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Internet Explorer Version: 11.0.9600.18204
Adobe Reader version: 9.3.0.148

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer_For_P2G8"="c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"CLVirtualDrive"="c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"
"HP File Sanitizer"="C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe"
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"TweakDUN"="C:\Program Files (x86)\TweakDUN\tweakdun.exe splash"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"InstallerLauncher"="C:\Program Files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe /run:C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\windows\tasks\HPCeeScheduleForTim.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 07:43 AM]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\HPCeeScheduleForTim" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\windows\SysNative\tasks\klcp_update" ["C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe"]
"C:\windows\SysNative\tasks\User_Feed_Synchronization-{27A3E11A-B801-4AD0-9748-248E17739A1A}" [C:\windows\system32\msfeedssync.exe]
"C:\windows\SysNative\tasks\User_Feed_Synchronization-{6E4A02F4-3E64-41F3-896C-220F4F605540}" [C:\windows\system32\msfeedssync.exe]
"C:\windows\SysNative\tasks\{4678693A-7E1D-4D5A-8B9C-88C09315D8A0}" [C:\Users\General Log In\Downloads\SUPERAntiSpyware.exe]
"C:\windows\SysNative\tasks\{AC256CE6-2226-4B88-90C3-CDD2A645EA89}" [F:\Setup.exe]
"C:\windows\SysNative\tasks\{AD6719E0-A35B-4FB0-9469-F3ECA6E98920}" [F:\Setup.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Service Update Utility" ["C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\Service\ServiceUpdater.exe"]
"C:\windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome" [12/12/2015 02:35 AM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ncffjdbbodifgldkcbhmiiljfcnbgjab - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx[02/10/2014 08:35 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://home.peoplepc.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://home.peoplepc.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...1TR&pc=CMDTDFJS
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...1TR&pc=CMDTDFJS
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...Box&FORM=IESR02

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED0E8CA5-42FB-4B18-997B-769E0408E79D} deleted successfully
HKEY_USERS\S-1-5-21-3386813744-1969293527-735481815-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ED0E8CA5-42FB-4B18-997B-769E0408E79D} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ED0E8CA5-42FB-4B18-997B-769E0408E79D} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ED0E8CA5-42FB-4B18-997B-769E0408E79D} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0 deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\General Log In\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\General Log In\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=43 folders=27 153395827 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\General Log In\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Tim\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Tim\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 03/11/2016 at 7:38:40.51 ======================
  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)


Yes, I have reviewed the logfiles and based upon that I have placed certain commands in ZOEK.


Just some minor corrections. How is your computer running?



51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    C:\windows\tasks\Adobe Flash Player Updater.job;f
    bitsadmin /reset /allusers>"%temp%\log.txt";b
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.


adwcleaner_new.png Scan with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.
  • 0

#7
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi Naat, here is the last scan You requested, & I have not ran adwcleaner yet will do that now, after I post these results; Thanks:

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Tim on Fri 03/11/2016 at  8:36:36.70.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-03-11-123840.log 21728 bytes

==== System Restore Info ======================

3/11/2016 8:37:47 AM Zoek.exe System Restore Point Created Successfully.

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {0FD801D2-0E9C-4341-90B1-FAB573ABD0FF}.
Unable to cancel {C95CDBED-25DA-42F7-A6B0-783E772797E0}.
Unable to cancel {8C330FF0-030E-438E-B19E-E1194175F8CD}.
Unable to cancel {1FD86035-C6CE-4DEF-B772-C5B5B0D23776}.
0 out of 4 jobs canceled.

==== Deleting Files \ Folders ======================

"C:\windows\tasks\Adobe Flash Player Updater.job" deleted

==== C:\zoek_backup content ======================

C:\zoek_backup (files=44 folders=27 153396766 bytes)

==== EOF on Fri 03/11/2016 at  8:38:23.16 ======================


  • 0

#8
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Okay Naat, here are the results:

# AdwCleaner v5.101 - Logfile created 11/03/2016 at 09:27:10
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Tim - TIM-HP
# Running from : C:\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

***** [ Web browsers ] *****

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [795 bytes] - [11/03/2016 09:27:10]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [887 bytes] ##########   Oh the computer seem to be working, but it keeps telling me "page cannot be found" so I F5 & it will come to view; Thanks...PSS It wont show pictures on the page, So I rite click, & click "show picture" that works, but not normal,tis a new computer, got too many things "settings?" not rite...


Edited by bonezz777, 11 March 2016 - 08:45 AM.

  • 0

#9
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi Naat, I'm sure You took the weekend off to enjoy a few cold ones, I know I did; I was going over g2g site & read a lot of your security page, to learn how to be more aware to be more safe & secure; Idwn loaded spywareblaster & p.s.I., But did not install until I hear from You, hope that's okay....Tim 


  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi bonezz,

No, I was just very busy whole day with work and couldn't reply any later, apologies for that.


Let's do an FRST fix now as well as AdwCleaner second run.


adwcleaner_new.png Fix with AdwCleaner

Re-run AdwCleaner by Xplode and save the file to your desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[C*].txt) will open.
Please include the contents of that file in your reply.


FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CreateRestorePoint:
    CloseProcesses: 
    CMD: bitsadmin /reset /allusers
    RemoveProxy:
    EmptyTemp:
    Reboot: 
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
  • 0

Advertisements


#11
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi Naat, No problem; Here is the adw cleaner txt, I will do the 2nd step now, Thank You....

# AdwCleaner v5.101 - Logfile created 13/03/2016 at 07:50:08
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Tim - TIM-HP
# Running from : C:\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [896 bytes] - [13/03/2016 07:50:08]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [985 bytes] - [11/03/2016 10:27:10]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S3].txt - [1076 bytes] - [12/03/2016 06:18:41]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S4].txt - [1170 bytes] - [12/03/2016 06:29:03]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S6].txt - [1265 bytes] - [13/03/2016 07:47:58]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1359 bytes] ##########


  • 0

#12
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi Naat, Please could You explain a little clearer what You mean by "Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

" I don't want to do it wrong, I will wait for Your answer, Thanks.. Okay, it finally sunk in, they both will be in windows "C" file location; working on it now...okay Naat, I did some thing wrong, it scanned & made a frst text but the fix said "there is no file?" or something like that, I'll wait..Tim....Okay finally figured out what was going on, I'm old & don't know very much about computers; Here is Your report:: Thanks, Will be gone a couple hrs, back around 2:00pm eastern time...Later.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Tim (2016-03-13 10:57:23) Run:1
Running from C:\Downloads
Loaded Profiles: Tim (Available Profiles: Tim & General Log In & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {0FD801D2-0E9C-4341-90B1-FAB573ABD0FF}.
Unable to cancel {C95CDBED-25DA-42F7-A6B0-783E772797E0}.
Unable to cancel {8C330FF0-030E-438E-B19E-E1194175F8CD}.
Unable to cancel {B3437CDB-4FDC-4B5E-9EC3-70F75CE0A249}.
Unable to cancel {93B250A7-349B-414F-A9BD-729817AAD342}.
0 out of 5 jobs canceled.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3386813744-1969293527-735481815-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

EmptyTemp: => 25.3 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 10:57:47 ====

 


Edited by bonezz777, 13 March 2016 - 09:30 AM.

  • 0

#13
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi,


Please could You explain a little clearer what You mean by "Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!


you did that right.

Just two more final scans and you should be good to go. Any other issues that you see?


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.



ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
  • 0

#14
bonezz777

bonezz777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 99 posts

Hi Naat, I'm on dial up, so MBAM is trying to update, & failing & trying, So I will respond after it updates, I have noticed, on all places I go, "page cannot be found", after hitting f5 several times, just saying....Thanks Naat

 


  • 0

#15
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi,

whole day & night in the hospital - I will come back to you tomorrow.
  • 0






Similar Topics


Also tagged with one or more of these keywords: 1-877 call alerts, audio warningsms, can not use internet, my isp is dial up, 1-877 ransom, blocks all attempts to remove, internet explorer 11

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP