[RESOLVED] Lots of ads

Printable View

Show 40 post(s) from this thread on one page

January 25th, 2016, 11:30 AM
Rodney M

[RESOLVED] Lots of ads

Have Bitdefender Internet Security 2015 and Malwarebytes Anti-Malware Premiun Installed

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by Rod (administrator) on ROD-PC (25-01-2016 08:19:34)
Running from C:\Downloads
Loaded Profiles: Rod (Available Profiles: Rod)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Windows\SysWOW64\PSIService.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1603544 2015-11-04] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3931728 2015-12-18] (Tonec Inc.)
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-11-04] (Bitdefender)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{FFEE75C2-49BD-481C-A4F9-A9483E4DF6C1}: [DhcpNameServer] 24.116.0.53 24.116.2.50

Internet Explorer:
==================
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ighome.com/?t=395658&s=12
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-12-16] (Bitdefender)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL [2012-04-23] (AuthenTec Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-12-16] (Bitdefender)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll [2012-04-23] (AuthenTec Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-12-16] (Bitdefender)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-12-16] (Bitdefender)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\npffwloplugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-12-16]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Rod\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Rod\AppData\Roaming\IDM\idmmzcc5 [2015-12-24] [not signed]
FF HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-12-09]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.ighome.com/
CHR StartupUrls: Default -> "hxxp://www.ighome.com/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Poper Blocker) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2016-01-15]
CHR Extension: (YouTube) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]
CHR Extension: (Google Search) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Block site) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-01-12]
CHR Extension: (Bitdefender Wallet) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Flash Playlist) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbajclanpfajnmiiihhnllgfobjbhpem [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-21]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2016-01-22]
CHR Extension: (Website Logon) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\iihnfacppckhlolhipenbiachkjioanm [2014-11-15]
CHR Extension: (IDM Integration Module) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-12-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iihnfacppckhlolhipenbiachkjioanm] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-03-31]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-11-04] (Bitdefender)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [296776 2012-04-23] (AuthenTec, Inc)
R2 MachineTokenService; C:\Mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe [57344 2011-05-10] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [100816 2015-11-04] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1561344 2015-11-18] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2015-10-28] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [282000 2015-09-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2015-09-17] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [130656 2015-12-07] (Bitdefender SRL)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-06-25] (Phoenix Technologies) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 NWDellModem; C:\Windows\System32\DRIVERS\nwdelmdm.sys [203392 2009-10-12] (Novatel Wireless Inc.) [File not signed]
S3 NWDellPort; C:\Windows\System32\DRIVERS\nwdelser.sys [203392 2009-10-12] (Novatel Wireless Inc.) [File not signed]
S2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2009-06-25] (REDC) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-07-10] (Oracle Corporation)
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-25 08:19 - 2016-01-25 08:19 - 00000000 ____D C:\FRST
2016-01-23 20:24 - 2016-01-23 20:30 - 00037376 _____ C:\Users\Rod\Documents\spice labels 1 sheet.zds
2016-01-23 13:31 - 2016-01-23 14:47 - 00008660 _____ C:\Users\Rod\Documents\Drugs I'm on.xlsx
2016-01-22 18:25 - 2016-01-22 18:26 - 00000000 ____D C:\ProgramData\DriverGenius
2016-01-22 18:25 - 2016-01-22 18:25 - 00000000 ____D C:\Program Files (x86)\Driver-Soft
2016-01-22 17:44 - 2016-01-22 17:44 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2016-01-22 17:44 - 2016-01-22 17:44 - 00000000 ____D C:\Program Files (x86)\MakeMKV
2016-01-16 15:06 - 2016-01-16 15:06 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Hewlett-Packard
2016-01-16 14:48 - 2016-01-16 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-01-16 14:47 - 2016-01-16 14:47 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-01-16 14:47 - 2016-01-16 14:47 - 00000000 ____D C:\System.sav
2016-01-16 14:46 - 2016-01-16 14:46 - 00000000 ____D C:\Users\Rod\AppData\Roaming\hpqLog
2016-01-16 12:22 - 2016-01-16 12:22 - 00000000 ____D C:\Users\Rod\AppData\Roaming\ieSpell
2016-01-13 07:13 - 2016-01-13 07:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-01-13 07:13 - 2016-01-13 07:13 - 00000000 ____D C:\Program Files\Classic Shell
2016-01-13 06:37 - 2016-01-13 06:37 - 06968048 _____ (IvoSoft) C:\Users\Rod\Downloads\ClassicShellSetup_4_2_5.exe
2016-01-12 22:17 - 2015-12-11 11:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 22:17 - 2015-12-08 14:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 22:17 - 2015-12-08 14:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-12 22:17 - 2015-12-08 14:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 22:17 - 2015-12-08 14:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-12 22:17 - 2015-12-08 14:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-12 22:17 - 2015-12-08 14:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-12 22:17 - 2015-12-08 14:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-12 22:17 - 2015-12-08 12:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-12 22:17 - 2015-12-08 12:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 22:17 - 2015-12-08 12:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-12 22:17 - 2015-12-08 12:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-12 22:17 - 2015-12-08 11:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-12 22:17 - 2015-12-08 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-12 22:17 - 2015-12-08 11:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-12 22:17 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-12 22:17 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-12 22:17 - 2015-11-13 16:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-12 22:17 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-12 22:17 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-12 22:17 - 2015-11-13 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-12 22:16 - 2015-12-23 16:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-12 22:16 - 2015-12-23 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-12 22:16 - 2015-12-12 11:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 22:16 - 2015-12-12 11:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 22:16 - 2015-12-12 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-12 22:16 - 2015-12-12 11:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-12 22:16 - 2015-12-12 11:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 22:16 - 2015-12-12 11:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 22:16 - 2015-12-12 11:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 22:16 - 2015-12-12 11:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-12 22:16 - 2015-12-12 11:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-12 22:16 - 2015-12-12 11:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 22:16 - 2015-12-12 11:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 22:16 - 2015-12-12 11:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-12 22:16 - 2015-12-12 11:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 22:16 - 2015-12-12 11:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 22:16 - 2015-12-12 11:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 22:16 - 2015-12-12 11:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-12 22:16 - 2015-12-12 11:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 22:16 - 2015-12-12 11:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-12 22:16 - 2015-12-12 10:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-12 22:16 - 2015-12-12 10:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 22:16 - 2015-12-12 10:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-12 22:16 - 2015-12-12 10:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-12 22:16 - 2015-12-12 10:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-12 22:16 - 2015-12-12 10:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 22:16 - 2015-12-12 10:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 22:16 - 2015-12-12 10:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 22:16 - 2015-12-12 10:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-12 22:16 - 2015-12-12 10:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-12 22:16 - 2015-12-12 10:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-12 22:16 - 2015-12-12 10:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-12 22:16 - 2015-12-12 10:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-12 22:16 - 2015-12-12 10:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-12 22:16 - 2015-12-12 10:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-12 22:16 - 2015-12-12 10:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-12 22:16 - 2015-12-12 10:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-12 22:16 - 2015-12-12 10:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 22:16 - 2015-12-12 10:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-12 22:16 - 2015-12-12 10:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-12 22:16 - 2015-12-12 10:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-12 22:16 - 2015-12-12 10:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 22:16 - 2015-12-12 10:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-12 22:16 - 2015-12-12 10:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-12 22:16 - 2015-12-12 10:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 22:16 - 2015-12-12 10:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-12 22:16 - 2015-12-12 10:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 22:16 - 2015-12-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-12 22:16 - 2015-12-12 10:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-12 22:16 - 2015-12-12 10:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-12 22:16 - 2015-12-12 10:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-12 22:16 - 2015-12-12 10:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 22:16 - 2015-12-12 10:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-12 22:16 - 2015-12-12 10:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 22:16 - 2015-12-12 10:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-12 22:16 - 2015-12-12 10:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 22:16 - 2015-12-12 10:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-12 22:16 - 2015-12-12 10:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-12 22:16 - 2015-12-12 10:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 22:16 - 2015-12-12 09:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 22:16 - 2015-12-12 09:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 22:16 - 2015-12-12 09:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 22:16 - 2015-12-12 09:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 22:16 - 2015-12-12 09:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 22:16 - 2015-12-08 10:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-12 22:12 - 2015-12-30 12:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 22:12 - 2015-12-30 12:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 22:12 - 2015-12-30 12:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-12 22:12 - 2015-12-30 12:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-12 22:12 - 2015-12-30 12:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-12 22:12 - 2015-12-30 11:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-12 22:12 - 2015-12-30 11:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 22:12 - 2015-12-30 11:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 22:12 - 2015-12-30 11:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-12 22:12 - 2015-12-30 11:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-12 22:12 - 2015-12-30 11:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-12 22:12 - 2015-12-30 11:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-12 22:12 - 2015-12-30 11:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-12 22:12 - 2015-12-30 11:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
January 25th, 2016, 11:34 AM
Rodney M

2016-01-12 22:12 - 2015-12-30 11:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-12 22:12 - 2015-12-30 11:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-12 22:12 - 2015-12-30 11:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-12 22:12 - 2015-12-30 11:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 22:12 - 2015-12-30 11:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-12 22:12 - 2015-12-30 11:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-12 22:12 - 2015-12-30 11:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 22:12 - 2015-12-30 11:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-12 22:12 - 2015-12-30 11:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 10:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-12 22:12 - 2015-12-30 10:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-12 22:12 - 2015-12-30 10:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-12 22:12 - 2015-12-30 10:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-12 22:12 - 2015-12-30 10:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 22:12 - 2015-12-30 10:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-12 22:12 - 2015-12-30 10:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 22:12 - 2015-12-30 10:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-12 22:12 - 2015-12-30 10:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-12 22:12 - 2015-12-30 10:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-12 22:12 - 2015-12-30 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-12 22:12 - 2015-12-30 10:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-12 22:12 - 2015-12-30 10:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-12 22:12 - 2015-12-30 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 22:12 - 2015-12-08 14:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 22:12 - 2015-12-08 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 22:12 - 2015-12-08 12:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 22:12 - 2015-12-08 12:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 22:12 - 2015-11-16 18:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 22:12 - 2015-11-16 18:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 22:12 - 2015-11-16 18:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 22:12 - 2015-11-16 18:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 22:12 - 2015-11-16 18:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 22:12 - 2015-11-16 18:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 22:12 - 2015-11-16 13:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 22:11 - 2015-12-30 11:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-12 22:11 - 2015-12-30 11:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-12 22:11 - 2015-12-30 11:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-12 22:11 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 11:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-12 22:11 - 2015-12-30 11:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-12 22:11 - 2015-12-30 11:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-12 22:11 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-12 22:11 - 2015-12-30 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-08 18:07 - 2016-01-08 22:39 - 00009502 _____ C:\Users\Rod\Documents\pass.xlsx
2016-01-03 15:42 - 2016-01-03 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-03 15:42 - 2016-01-03 15:42 - 00000000 ____D C:\Program Files\iTunes
2016-01-03 15:42 - 2016-01-03 15:42 - 00000000 ____D C:\Program Files\iPod
2016-01-03 15:42 - 2016-01-03 15:42 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-02 08:58 - 2016-01-02 08:58 - 00000000 ____D C:\Users\Rod\Documents\PcSetup
2016-01-02 05:08 - 2016-01-02 05:08 - 00477743 _____ C:\ProgramData\1451736334.bdinstall.bin
2016-01-02 05:08 - 2016-01-02 05:08 - 00000684 ____H C:\bdr-cf01
2016-01-02 05:07 - 2015-10-28 13:01 - 01600512 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-01-02 05:07 - 2015-09-17 22:24 - 00282000 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2016-01-02 05:07 - 2015-09-17 22:23 - 00775424 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-01-02 05:07 - 2014-12-15 18:04 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2016-01-02 05:06 - 2016-01-02 05:13 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Bitdefender
2016-01-02 05:06 - 2016-01-02 05:08 - 00253404 ____H C:\bdr-ld01
2016-01-02 05:06 - 2016-01-02 05:08 - 00009216 ____H C:\bdr-ld01.mbr
2016-01-02 05:06 - 2015-07-15 17:13 - 49737193 ____H C:\bdr-im01.gz
2016-01-02 05:06 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2016-01-02 05:05 - 2016-01-02 05:08 - 00000000 ____D C:\ProgramData\Bitdefender
2016-01-02 05:05 - 2015-06-02 14:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-01-02 05:05 - 2015-04-29 13:32 - 00160032 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-01-02 04:55 - 2016-01-02 04:55 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2016-01-02 04:17 - 2016-01-02 04:17 - 00079268 _____ C:\Windows\ntbtlog.txt
2016-01-02 03:48 - 2016-01-02 03:48 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2015-12-29 05:23 - 2015-12-29 05:18 - 00199152 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-12-27 20:23 - 2015-12-27 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arrowkey
2015-12-27 20:23 - 2015-12-27 20:32 - 00000000 ____D C:\Program Files (x86)\Arrowkey
2015-12-27 20:13 - 2015-12-27 20:13 - 00000000 ____D C:\Users\Rod\Documents\Emicsoft Studio
2015-12-27 20:13 - 2015-12-27 20:13 - 00000000 ____D C:\ProgramData\Emicsoft Studio
2015-12-27 20:13 - 2015-12-27 20:13 - 00000000 ____D C:\Program Files (x86)\Emicsoft Studio
2015-12-27 20:09 - 2015-12-27 21:52 - 00000000 ____D C:\Users\Public\Documents\Wondershare

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-25 08:19 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2016-01-25 08:14 - 2014-08-16 22:23 - 00000000 ____D C:\Users\Rod\AppData\LocalLow\AuthenTec
2016-01-25 07:49 - 2015-07-19 05:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-25 07:42 - 2009-07-13 21:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-25 07:42 - 2009-07-13 21:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-25 07:15 - 2014-08-17 08:53 - 00000000 ____D C:\Users\Rod\AppData\Roaming\vlc
2016-01-25 06:52 - 2015-06-27 08:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-25 06:08 - 2009-07-13 22:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-25 06:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-01-25 06:01 - 2014-11-15 08:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-25 06:01 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-24 21:18 - 2015-07-15 19:10 - 00375370 _____ C:\bdlog.txt
2016-01-24 21:18 - 2015-05-03 02:54 - 00000000 ____D C:\Users\Rod\AppData\Local\ClassicShell
2016-01-24 21:18 - 2014-08-16 22:01 - 00000000 ____D C:\Users\Rod\AppData\Roaming\DMCache
2016-01-24 20:45 - 2014-08-17 21:05 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Hoyle Puzzle and Board Games
2016-01-24 20:16 - 2014-08-17 20:43 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Hoyle
2016-01-23 13:59 - 2015-11-29 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pocket Tanks Deluxe
2016-01-23 13:59 - 2015-11-29 19:26 - 00000000 ____D C:\Program Files (x86)\Pocket Tanks Deluxe
2016-01-23 12:28 - 2014-12-26 18:49 - 00000000 ____D C:\Program Files (x86)\Firegraphic 11
2016-01-23 11:31 - 2015-09-17 07:07 - 00000000 ____D C:\Users\Rod\Documents\NoteBurner M4V Converter Plus
2016-01-22 19:30 - 2014-08-18 20:27 - 00000000 ____D C:\Users\Rod\Desktop\Thumb
2016-01-22 18:34 - 2014-08-16 22:03 - 00000000 ____D C:\ProgramData\TEMP
2016-01-22 17:44 - 2014-08-16 21:53 - 00000995 _____ C:\Users\Rod\Desktop\MakeMKV.lnk
2016-01-19 21:49 - 2015-07-19 05:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 21:49 - 2015-07-15 07:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 21:49 - 2015-07-15 07:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-17 08:19 - 2009-07-13 21:45 - 05110152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-16 16:12 - 2015-08-11 08:25 - 00000000 ____D C:\Users\Rod\AppData\Local\CrashDumps
2016-01-16 15:51 - 2014-12-26 18:50 - 00000000 ____D C:\Users\Rod\Documents\Firegraphic 11
2016-01-16 14:48 - 2014-11-14 21:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-16 14:47 - 2014-08-16 21:48 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-16 14:35 - 2014-08-16 22:03 - 00161520 _____ C:\Users\Rod\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-14 07:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-01-13 06:30 - 2014-12-10 11:36 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 06:30 - 2014-08-17 09:33 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-12 23:06 - 2014-08-17 07:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-12 23:05 - 2014-08-17 08:57 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-12 23:04 - 2014-08-17 08:57 - 00000000 ___HD C:\Program Files (x86)\Microsoft Silverlight
2016-01-12 23:04 - 2014-08-17 08:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-12 23:03 - 2014-08-17 08:59 - 00000000 ____D C:\Windows\system32\MRT
2016-01-12 22:58 - 2014-08-17 08:59 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-12 22:56 - 2015-07-23 17:48 - 00000039 _____ C:\Windows\vbaddin.ini
2016-01-10 21:23 - 2015-04-12 14:14 - 00000000 ____D C:\Users\Rod\Documents\My Kindle Content
2016-01-09 11:52 - 2015-04-12 14:14 - 00002219 _____ C:\Users\Rod\Desktop\Kindle.lnk
2016-01-08 22:30 - 2014-08-28 06:09 - 00000243 _____ C:\Users\Rod\Desktop\Pass.txt
2016-01-08 18:18 - 2014-08-17 07:20 - 00000000 ____D C:\Users\Rod\AppData\Local\Microsoft Help
2016-01-03 15:42 - 2014-09-14 16:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-02 08:58 - 2014-08-16 22:15 - 00099384 _____ C:\Users\Rod\AppData\Roaming\inst.exe
2016-01-02 08:58 - 2014-08-16 22:15 - 00082816 _____ (VSO Software) C:\Users\Rod\AppData\Roaming\pcouffin.sys
2016-01-02 08:58 - 2014-08-16 22:15 - 00007859 _____ C:\Users\Rod\AppData\Roaming\pcouffin.cat
2016-01-02 08:58 - 2014-08-16 22:15 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Vso
2016-01-02 05:08 - 2014-08-16 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2016-01-02 05:05 - 2014-08-16 22:24 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-01-02 05:04 - 2014-08-16 22:34 - 00000000 ____D C:\Program Files\Bitdefender
2016-01-02 04:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-01 06:12 - 2015-08-09 20:03 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-01 06:07 - 2014-08-16 22:01 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-12-31 21:12 - 2014-08-16 22:01 - 00000000 ____D C:\Users\Rod\AppData\Roaming\IDM
2015-12-29 21:41 - 2015-11-16 15:09 - 00028160 _____ C:\Users\Rod\Documents\Emergence Contacts.zdl
2015-12-27 19:37 - 2014-10-20 17:30 - 00000000 ____D C:\Video

==================== Files in the root of some directories =======

2015-08-02 06:32 - 2015-08-02 06:35 - 0000473 _____ () C:\Users\Rod\AppData\Roaming\burnaware.ini
2014-10-30 20:19 - 2014-10-30 20:19 - 0579828 _____ () C:\Users\Rod\AppData\Roaming\CompatAdmin.log
2014-08-16 22:15 - 2016-01-02 08:58 - 0099384 _____ () C:\Users\Rod\AppData\Roaming\inst.exe
2014-08-16 22:15 - 2016-01-02 08:58 - 0007859 _____ () C:\Users\Rod\AppData\Roaming\pcouffin.cat
2014-08-16 22:15 - 2016-01-02 08:58 - 0001167 _____ () C:\Users\Rod\AppData\Roaming\pcouffin.inf
2014-08-16 22:15 - 2016-01-02 08:58 - 0000055 _____ () C:\Users\Rod\AppData\Roaming\pcouffin.log
2014-08-16 22:15 - 2016-01-02 08:58 - 0082816 _____ (VSO Software) C:\Users\Rod\AppData\Roaming\pcouffin.sys
2014-10-30 19:54 - 2014-10-30 19:54 - 0000017 _____ () C:\Users\Rod\AppData\Local\resmon.resmoncfg
2016-01-02 05:08 - 2016-01-02 05:08 - 0477743 _____ () C:\ProgramData\1451736334.bdinstall.bin

Some files in TEMP:
====================
C:\Users\Rod\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Rod\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-19 08:50

==================== End of FRST.txt ============================
January 25th, 2016, 11:34 AM
Rodney M

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by Rod (2016-01-25 08:20:10)
Running from C:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-08-17 04:44:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4087158600-3634752490-1465999267-500 - Administrator - Disabled)
Guest (S-1-5-21-4087158600-3634752490-1465999267-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4087158600-3634752490-1465999267-1002 - Limited - Enabled)
Rod (S-1-5-21-4087158600-3634752490-1465999267-1001 - Administrator - Enabled) => C:\Users\Rod

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: - )
Amazon Kindle (HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Ambush Pack 1.00 for Pocket Tanks Deluxe (HKLM-x32\...\Ambush Pack for Pocket Tanks Deluxe_is1) (Version: - BlitWise Productions, LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AuthenTec TrueSuite (HKLM\...\{DB7812C8-D23E-41B4-B655-4C3D93662EBD}) (Version: 5.2.2.62 - AuthenTec, Inc.)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 19.5.0.284 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chaos Pack 1.00 for Pocket Tanks Deluxe (HKLM-x32\...\Chaos Pack for Pocket Tanks Deluxe_is1) (Version: - BlitWise Productions, LLC)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Dell System Detect (HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: - )
DesignPro 5 (HKLM-x32\...\InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
DVDFab 9.2.1.0 (20/08/2015) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Fire Pack for Pocket Tanks Deluxe (HKLM-x32\...\Fire Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Firegraphic 11 (HKLM-x32\...\Firegraphic 11) (Version: 10 - Firegraphic.com)
Fireworks Pack v1.0 for Pocket Tanks Deluxe (HKLM-x32\...\Fireworks Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Flamethrower Pack 1.00a for Pocket Tanks Deluxe (HKLM-x32\...\Flamethrower Pack for Pocket Tanks Deluxe_is1) (Version: - BlitWise Productions, LLC)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Fuzz Pack v1.0 for Pocket Tanks Deluxe (HKLM-x32\...\Fuzz Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Gold Pack v1.0 for Pocket Tanks Deluxe (HKLM-x32\...\Gold Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gravity Pack v1.0 for Pocket Tanks Deluxe (HKLM-x32\...\Gravity Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Hoyle Puzzle and Board Games 2011 (remove only) (HKLM-x32\...\Hoyle Puzzle and Board Games 2011) (Version: - )
hppCP1520LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
hppTLBXFXCP1520 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden
Ice Pack for Pocket Tanks Deluxe (HKLM-x32\...\Ice Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
M4VGear 5.1.5 (HKLM-x32\...\M4VGear_is1) (Version: - M4VGear.com Inc.)
Magic Pack v1.0 for Pocket Tanks Deluxe (HKLM-x32\...\Magic Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
MakeMKV v1.9.9 (HKLM-x32\...\MakeMKV) (Version: v1.9.9 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Meteor Pack 1.00 for Pocket Tanks Deluxe (HKLM-x32\...\Meteor Pack for Pocket Tanks Deluxe_is1) (Version: - BlitWise Productions, LLC)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 8.6.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.6.1 - Moritz Bunkus)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nano Pack v1.0 for Pocket Tanks Deluxe (HKLM-x32\...\Nano Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Nero 12 (HKLM-x32\...\{4744E147-F0F2-4140-825E-B3071FC079F1}) (Version: 12.5.01300 - Nero AG)
Nero Prerequisite Installer 2.0 (HKLM-x32\...\{F4C242B4-2973-43F3-93F2-ED1B47AE8848}) (Version: 12.0.02000 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NoteBurner M4V Converter Plus 5.1.5 (HKLM-x32\...\NoteBurner M4V Converter Plus_is1) (Version: - noteburner.com Inc.)
Nuke Pack 1.00 for Pocket Tanks Deluxe (HKLM-x32\...\Nuke Pack for Pocket Tanks Deluxe_is1) (Version: - BlitWise Productions, LLC)
OnDemand5 (HKLM-x32\...\{5F7DFDFA-27B3-4E06-BCDE-B371424C0032}) (Version: 5.8.2.35 - )
Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation)
Party Pack for Pocket Tanks Deluxe (HKLM-x32\...\Party Pack for Pocket Tanks Deluxe_is1) (Version: 1.1 - BlitWise Productions, LLC)
Plasma Pack for Pocket Tanks Deluxe (HKLM-x32\...\Plasma Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC)
Pocket Tanks Deluxe v1.3 Integrated (HKLM-x32\...\{735341BD-661B-4B68-B799-CEEBFC753747}) (Version: - )
Power Pack 1.00 for Pocket Tanks Deluxe (HKLM-x32\...\Power Pack for Pocket Tanks Deluxe_is1) (Version: - BlitWise Productions, LLC)
Prerequisite installer (x32 Version: 12.0.0008 - Nero AG) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Rocket Pack v1.0 for Pocket Tanks Deluxe (HKLM-x32\...\Rocket Pack for Pocket Tanks Deluxe_is1) (Version: 1.0 - BlitWise Productions, LLC) <==== ATTENTION
Snowball Pack v1.1 for Pocket Tanks Deluxe (HKLM-x32\...\Snowball Pack for Pocket Tanks Deluxe_is1) (Version: 1.1 - BlitWise Productions, LLC)
Super Pack v1.1 for Pocket Tanks Deluxe (HKLM-x32\...\Super Pack for Pocket Tanks Deluxe_is1) (Version: 1.1 - BlitWise Productions, LLC)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\'{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}'_is1) (Version: 5.3.0.30 - VSO Software)
VSO ConvertXToDVD 5 (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.43 - VSO Software)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B0305E6-AE91-4F7F-86FF-F763CA5CAFEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1CA4F630-8C09-460E-89E2-3D74B5F5CB60} - System32\Tasks\{FAFC05DD-0950-4AB5-9952-3C0B55B1BEE8} => pcalua.exe -a C:\Downloads\VirtualBox-4.3.12-93733-Win.exe -d C:\Downloads
Task: {22DA799A-5DC4-48FA-A8A8-8A0AE2A7B11D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {236ECC91-14B6-4D42-A449-8C0E7EFECF7A} - System32\Tasks\{29057814-6FE4-4D72-8782-5F39BD3333B0} => pcalua.exe -a "G:\Software Legal\A PC Fix\HijackThis.exe" -d "G:\Software Legal\A PC Fix"
Task: {411E429A-BDF6-43B7-95CC-E41E3AED4B73} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {66945866-85DA-4AFC-9BAB-35F05CC4E4ED} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {7FB644F1-4687-46B2-96D3-E7E0C5FA0481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {8CEAC241-3846-4026-A682-727F839DB541} - System32\Tasks\{5618FF4B-DE23-4EA4-95E2-1C56A02B94EB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Far Cry" -c /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Task: {9ADFD815-BD76-4081-A897-7E3C6B897847} - System32\Tasks\{B62127F2-1B7D-41F0-8571-15E6039977F6} => C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Hoyle Puzzle Games.exe [2009-07-13] ()
Task: {AE62ADE5-C01D-4A22-8BD9-D61181F52B3F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {CFBE3A4E-B16E-4B00-A60C-64BAE6BEAB6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {D1940812-C395-42BA-A105-2013BB448A93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {D8052F10-151D-4DFB-B922-6CAD037A1202} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {DB98626D-2554-4D5C-BD6D-6C4CE1AF4DFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {F29B5FD6-8DE6-4FF8-A9A7-A03E80E3F540} - System32\Tasks\{D2DCEF1B-05B6-4D6B-AF07-05D8B9588876} => C:\Program Files (x86)\NoteBurner M4V Converter\NoteBurner M4V Converter.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-02 05:07 - 2015-11-04 14:06 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2016-01-02 05:07 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2016-01-02 05:07 - 2015-12-16 14:25 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2016-01-02 05:07 - 2015-11-10 14:23 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2016-01-21 09:09 - 2016-01-21 09:09 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01751_005\ashttpbr.mdl
2016-01-21 09:09 - 2016-01-21 09:09 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01751_005\ashttpdsp.mdl
2016-01-21 09:09 - 2016-01-21 09:09 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01751_005\ashttpph.mdl
2016-01-21 09:09 - 2016-01-21 09:09 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01751_005\ashttprbl.mdl
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-29 09:55 - 2011-05-10 08:30 - 00057344 _____ () C:\Mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe
2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-04-23 00:12 - 2012-04-23 00:12 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2012-04-23 00:11 - 2012-04-23 00:11 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-04-23 00:12 - 2012-04-23 00:12 - 00423240 _____ () C:\Program Files\AuthenTec TrueSuite\x86\DataManager.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:3BFCBF1C
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:A5514ABC
AlternateDataStreams: C:\Users\Rod\Desktop\CookTimer-0.9.3.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-01-02 04:55 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.116.0.53 - 24.116.2.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AMD External Events Utility => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\startupreg: 20090604 => C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.exe /r "C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.rpd"
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: systray => C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6EF11F68-F277-4B7F-B1A9-9FF5F16B8CF9}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{61315B5E-0E1C-44BF-ACD9-F7F071467B2B}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{8777A1CE-83D1-4057-856E-05411F325D45}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2008D677-FBC2-4F26-8C71-49D12EB71EF9}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{4BB3B12B-FBF3-4EA2-A71F-F6C8BBA8B3DD}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{317E40D1-DF10-451A-AA48-B1A7AE19D41D}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{10E7A4E3-7914-47BE-B4FC-92B63D90D929}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CC28B050-5451-4D6D-AA91-9A76970B6922}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7475F49C-7AA8-4AAC-89EF-111BCA620AC9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EE73B041-9177-472D-9DEB-377D1C676479}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{36AE53AF-DFCD-4EB6-BACE-9E3682DFEC61}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{8A74F6A6-543C-4BC5-BBC1-E28B84B2E4AA}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{BCDF703C-2A55-4489-99D5-E65939751F71}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{75FDD7AE-5AC9-4557-AB97-A18DB22FDC85}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F84FE6C3-C015-441D-B37D-A3BBDBBC7505}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{105FF2DD-0DEB-415C-94EB-5F1E3B739B37}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7620F473-EEE8-40D8-A248-B5110948885B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB139A44-0100-44F6-AA27-4C8588418D8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2D285A67-2C93-4DB3-8C11-9F4E30A1F691}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1BA54513-9DBC-4812-817C-F6733389F241}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7974C629-AA83-4C10-99BE-6E7C2D98998F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Data Interface
Description: Data Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Data Interface
Description: Data Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2016 08:07:59 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000144,0x0053c008,000000000032CAA0,0,000000000032DAB0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (01/25/2016 07:57:43 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (01/25/2016 07:57:43 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (01/23/2016 04:19:20 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000144,0x0053c008,000000000032CAA0,0,000000000032DAB0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (01/23/2016 04:09:05 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (01/23/2016 04:09:05 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (01/22/2016 08:50:55 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000144,0x0053c008,00000000001ECAA0,0,00000000001EDAB0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (01/22/2016 08:40:39 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (01/22/2016 08:40:39 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (01/21/2016 09:30:34 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 000000000000014C,0x0053c008,000000000048CD80,0,000000000048DD90,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

System errors:
=============
Error: (01/25/2016 08:07:59 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (01/25/2016 06:03:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

Error: (01/25/2016 06:01:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

Error: (01/24/2016 04:16:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

Error: (01/24/2016 04:14:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

Error: (01/24/2016 03:41:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

Error: (01/24/2016 03:39:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

Error: (01/23/2016 08:46:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/23/2016 04:19:20 PM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (01/23/2016 10:19:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

CodeIntegrity:
===================================
Date: 2016-01-25 06:01:46.924
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-25 06:01:46.862
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-24 16:14:55.737
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-24 16:14:55.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-24 03:39:33.308
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-24 03:39:33.261
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-23 10:17:41.161
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-23 10:17:41.098
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-23 03:39:09.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-23 03:39:09.174
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz
Percentage of memory in use: 52%
Total physical RAM: 4093.97 MB
Available physical RAM: 1932.28 MB
Total Virtual: 8186.14 MB
Available Virtual: 5671.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.84 GB) (Free:320.6 GB) NTFS
Drive g: (500 GB) (Fixed) (Total:465.76 GB) (Free:263.29 GB) NTFS
Drive h: (2 TB) (Fixed) (Total:1863.01 GB) (Free:922.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 77C1B5A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 6863B98A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 5FF139CC)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
January 25th, 2016, 05:18 PM
Broni
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
============================

http://dev.discussions.virtualdr.forums.relay.cool/ Uninstall following unwanted program: Rocket Pack v1.0 for Pocket Tanks Deluxe.

http://dev.discussions.virtualdr.forums.relay.cool/ Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
- Close all the running programs
- Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
- Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
- Click Finish.
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Export'.
- Click 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type a name for your scan log.
- A message box named 'File Saved' should appear stating "Your file has been successfully exported".
- Click Ok
- Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://dev.discussions.virtualdr.forums.relay.cool/ Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
January 26th, 2016, 01:40 AM
Rodney M

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rod [Administrator]
Started from : C:\Users\Rod\Desktop\RogueKiller.exe
Mode : Delete -- Date : 01/25/2016 22:36:48

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4087158600-3634752490-1465999267-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.ighome.com/?t=395658&s=12 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4087158600-3634752490-1465999267-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.ighome.com/?t=395658&s=12 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT512MX100SSD1 +++++
--- User ---
[MBR] 0fef7e7ab2fd325538daf7b49f640944
[BSP] dccd471c0da72d40c930ccfb7510dc06 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 488284 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
January 26th, 2016, 01:59 AM
Rodney M

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/25/2016
Scan Time: 10:44 PM
Logfile: mal.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.26.01
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rod

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356395
Time Elapsed: 12 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
January 26th, 2016, 09:10 AM
Rodney M

# AdwCleaner v5.031 - Logfile created 26/01/2016 at 06:07:09
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Rod - ROD-PC
# Running from : C:\Users\Rod\Desktop\adwcleaner_5.031.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [582 bytes] ##########
January 26th, 2016, 09:28 AM
Rodney M

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by Rod (Administrator) on Tue 01/26/2016 at 6:12:31.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 15

Successfully deleted: C:\ProgramData\1451736334.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\drivergenius (Folder)
Successfully deleted: C:\Program Files (x86)\driver-soft (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5KURDNWM (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFTU7OXB (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ3JKUXL (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IX2934FN (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEBKEDH7 (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSFYS8IH (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SA8R7HDP (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SX5BMM71 (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO8EW480 (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2FNI440 (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRI1OUVZ (Folder)
Successfully deleted: C:\Users\Rod\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWT6HWB6 (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/26/2016 at 6:27:00.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
January 26th, 2016, 09:00 PM
Broni
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
- Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
January 27th, 2016, 01:19 AM
Rodney M

ComboFix 16-01-24.01 - Rod 01/26/2016 22:04:42.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2547 [GMT -7:00]
Running from: c:\users\Rod\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\ar\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\bg\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\ca\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\cs\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\da\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\de\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\el\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\en\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\es\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\fi\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\fr\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\gu\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\he\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\hr\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\hu\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\id\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\it\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\ja\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\ko\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\nb\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\nl\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\pl\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\pt_BR\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\pt_PT\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\ro\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\ru\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\sk\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\sl\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\sr\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\sv\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\te\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\tr\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\uk\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\vi\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\zh_CN\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_locales\zh_TW\messages.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\_metadata\verified_contents.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\adblock_safari_beforeload.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\adblock_safari_contentblocking.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\adblock_start_chrome.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\adblock_start_common.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\background.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\bandaids.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\button\popup.css
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\button\popup.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\button\popup.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\CHANGELOG.txt
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\checkupdates.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\chrome_oauth_receiver.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\chrome_oauth_receiver.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\datacollection.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\dropbox-datastores.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\filtering\declarativewebrequest.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\filtering\domainset.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\filtering\filternormalizer.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\filtering\filteroptions.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\filtering\filterset.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\filtering\filtertypes.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\filtering\myfilters.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\functions.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\gab_question.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\idlehandler.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\delete.gif
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\dropbox1.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\dropbox2.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\dropbox3.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\facebook-sprite.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\gplus-sprite.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon128.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon16.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon16_grayscale.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\[email protected]
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon19-grayscale.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon19-whitelisted.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon19.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon24.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon32.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon38-grayscale.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon38-whitelisted.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon38.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\icon48.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\loader.gif
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\logo.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\search\check.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\search\magnifying_glass.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\search\search-engine-card_no-shadow.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\search\search-engine-icons.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\search\search-omnibox-card_no-shadow.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\search\search_engine_select_arrow.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\img\twitter-sprite.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\jquery-ui.custom.css
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\css\override-page.css
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\jquery-ui.custom.min.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\jquery.cookie.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\jquery\jquery.min.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\LICENSE
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\manifest.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\notificationoverlay.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\customize.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\customize.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\filters.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\filters.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\general.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\general.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\index.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\index.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\options.css
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\support.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\options\support.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\pages\adreport.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\pages\adreport.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\pages\resourceblock.css
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\pages\resourceblock.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\pages\resourceblock.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\pages\subscribe.css
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\pages\subscribe.html
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\pages\subscribe.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\port.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\punycode.min.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\README.markdown
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\stats.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\survey.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\translators.json
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\uiscripts\blacklisting\blacklistui.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\uiscripts\blacklisting\clickwatcher.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\uiscripts\blacklisting\elementchain.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\uiscripts\blacklisting\overlay.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\uiscripts\load_jquery_ui.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\uiscripts\send_content_to_back.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\uiscripts\top_open_blacklist_ui.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\uiscripts\top_open_whitelist_ui.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.47_0\ytchannel.js
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\Rod\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Files Created from 2015-12-27 to 2016-01-27 )))))))))))))))))))))))))))))))
.
.
2016-01-27 05:13 . 2016-01-27 05:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-01-27 05:13 . 2016-01-27 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-26 13:07 . 2016-01-26 13:07 -------- d-----w- C:\AdwCleaner
2016-01-25 15:19 . 2016-01-25 15:20 -------- d-----w- C:\FRST
2016-01-23 00:44 . 2016-01-23 00:44 -------- d-----w- c:\program files (x86)\MakeMKV
2016-01-16 22:06 . 2016-01-16 22:06 -------- d-----w- c:\users\Rod\AppData\Roaming\Hewlett-Packard
2016-01-16 21:47 . 2016-01-16 21:47 -------- d-----w- C:\System.sav
2016-01-16 21:46 . 2016-01-16 21:46 -------- d-----w- c:\users\Rod\AppData\Roaming\hpqLog
2016-01-16 19:22 . 2016-01-16 19:22 -------- d-----w- c:\users\Rod\AppData\Roaming\ieSpell
2016-01-13 14:13 . 2016-01-13 14:13 -------- d-----w- c:\program files\Classic Shell
2016-01-13 05:16 . 2015-12-08 17:58 3211264 ----a-w- c:\windows\system32\win32k.sys
2016-01-13 05:12 . 2015-12-08 21:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2016-01-13 05:11 . 2015-12-30 18:59 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-01-13 05:11 . 2015-12-30 18:58 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-01-13 05:11 . 2015-12-30 18:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 05:11 . 2015-12-30 18:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 05:11 . 2015-12-30 18:54 686080 ----a-w- c:\windows\system32\adtschema.dll
2016-01-13 05:11 . 2015-12-30 18:39 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2016-01-13 05:11 . 2015-12-30 18:39 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2016-01-13 05:11 . 2015-12-30 18:37 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 05:11 . 2015-12-30 18:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 05:11 . 2015-12-30 18:37 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 05:11 . 2015-12-30 18:37 686080 ----a-w- c:\windows\SysWow64\adtschema.dll
2016-01-13 05:11 . 2015-12-30 17:32 2048 ----a-w- c:\windows\SysWow64\user.exe
2016-01-13 05:11 . 2015-12-30 17:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2016-01-03 22:42 . 2016-01-03 22:42 -------- d-----w- c:\program files (x86)\iTunes
2016-01-03 22:42 . 2016-01-03 22:42 -------- d-----w- c:\program files\iPod
2016-01-03 22:42 . 2016-01-03 22:42 -------- d-----w- c:\program files\iTunes
2016-01-02 12:07 . 2014-12-16 01:04 93600 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2016-01-02 12:07 . 2015-10-28 20:01 1600512 ----a-w- c:\windows\system32\drivers\avc3.sys
2016-01-02 12:07 . 2015-09-18 05:24 282000 ----a-w- c:\windows\system32\drivers\avchv.sys
2016-01-02 12:07 . 2015-09-18 05:23 775424 ----a-w- c:\windows\system32\drivers\avckf.sys
2016-01-02 12:06 . 2016-01-02 12:13 -------- d-----w- c:\users\Rod\AppData\Roaming\Bitdefender
2016-01-02 12:06 . 2013-08-13 20:38 3271472 ---ha-w- C:\bdr-bz01
2016-01-02 12:05 . 2016-01-02 12:08 -------- d-----w- c:\programdata\Bitdefender
2016-01-02 12:05 . 2015-04-29 20:32 160032 ----a-w- c:\windows\system32\drivers\gzflt.sys
2016-01-02 12:05 . 2015-06-02 21:21 477272 ----a-w- c:\windows\system32\drivers\trufos.sys
2016-01-02 10:48 . 2016-01-02 10:48 -------- d-----w- c:\programdata\Bitdefender Agent
2015-12-29 12:23 . 2015-12-29 12:18 199152 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-27 04:47 . 2015-06-27 15:35 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-01-26 05:21 . 2015-08-10 03:03 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-01-20 04:49 . 2015-07-15 14:20 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-20 04:49 . 2015-07-15 14:20 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-13 05:58 . 2014-08-17 15:59 143671360 ----a-w- c:\windows\system32\MRT.exe
2016-01-02 15:58 . 2014-08-17 05:15 99384 ----a-w- c:\users\Rod\AppData\Roaming\inst.exe
2016-01-02 15:58 . 2014-08-17 05:15 82816 ----a-w- c:\users\Rod\AppData\Roaming\pcouffin.sys
2015-12-30 18:37 . 2016-01-13 05:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-12-10 02:58 . 2015-12-10 02:58 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2015-11-20 18:54 . 2015-12-09 00:57 98816 ----a-w- c:\windows\system32\wudriver.dll
2015-11-20 18:54 . 2015-12-09 00:57 37888 ----a-w- c:\windows\system32\wups2.dll
2015-11-20 18:54 . 2015-12-09 00:57 36864 ----a-w- c:\windows\system32\wups.dll
2015-11-20 18:54 . 2015-12-09 00:57 3170304 ----a-w- c:\windows\system32\wucltux.dll
2015-11-20 18:54 . 2015-12-09 00:57 2609152 ----a-w- c:\windows\system32\wuaueng.dll
2015-11-20 18:54 . 2015-12-09 00:57 192512 ----a-w- c:\windows\system32\wuwebv.dll
2015-11-20 18:54 . 2015-12-09 00:57 709632 ----a-w- c:\windows\system32\wuapi.dll
2015-11-20 18:54 . 2015-12-09 00:57 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-11-20 18:54 . 2015-12-09 00:57 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-11-20 18:54 . 2015-12-09 00:57 37888 ----a-w- c:\windows\system32\wuapp.exe
2015-11-20 18:54 . 2015-12-09 00:57 140288 ----a-w- c:\windows\system32\wuauclt.exe
2015-11-20 18:34 . 2015-12-09 00:57 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-11-20 18:34 . 2015-12-09 00:57 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-11-20 18:34 . 2015-12-09 00:57 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-11-20 18:34 . 2015-12-09 00:57 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-11-20 18:33 . 2015-12-09 00:57 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-11-13 05:55 . 2015-11-13 05:55 289216 ----a-w- c:\windows\system32\StartMenuHelper64.dll
2015-11-13 05:55 . 2015-11-13 05:55 247744 ----a-w- c:\windows\SysWow64\StartMenuHelper32.dll
2015-11-11 18:53 . 2015-12-09 00:57 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2015-11-11 18:53 . 2015-12-09 00:57 525312 ----a-w- c:\windows\system32\catsrvut.dll
2015-11-11 18:39 . 2015-12-09 00:57 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-11-11 18:39 . 2015-12-09 00:57 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-11-10 18:55 . 2015-12-09 00:57 1648128 ----a-w- c:\windows\system32\DWrite.dll
2015-11-10 18:55 . 2015-12-09 00:57 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-11-10 18:55 . 2015-12-09 00:57 1008640 ----a-w- c:\windows\system32\user32.dll
2015-11-10 18:39 . 2015-12-09 00:57 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-11-10 18:37 . 2015-12-09 00:57 833024 ----a-w- c:\windows\SysWow64\user32.dll
2015-11-05 19:05 . 2015-12-09 00:57 17408 ----a-w- c:\windows\system32\wshrm.dll
2015-11-05 19:02 . 2015-12-09 00:57 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2015-11-05 19:02 . 2015-12-09 00:58 2048 ----a-w- c:\windows\system32\tzres.dll
2015-11-05 19:00 . 2015-12-09 00:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-11-05 09:53 . 2015-12-09 00:57 146944 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-11-03 19:04 . 2015-12-09 00:57 802304 ----a-w- c:\windows\system32\usp10.dll
2015-11-03 19:04 . 2015-12-09 00:53 241664 ----a-w- c:\windows\system32\els.dll
2015-11-03 18:56 . 2015-12-09 00:57 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2015-11-03 18:55 . 2015-12-09 00:53 179712 ----a-w- c:\windows\SysWow64\els.dll
2015-10-29 17:50 . 2015-11-11 13:14 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-10-29 17:50 . 2015-11-11 13:14 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-10-29 17:50 . 2015-11-11 13:14 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-10-29 17:50 . 2015-11-11 13:14 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 13:14 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 13:14 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 13:14 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:50 . 2015-11-11 13:14 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-10-29 17:50 . 2015-11-11 13:14 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-10-29 17:49 . 2015-11-11 13:14 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-10-29 17:49 . 2015-11-11 13:14 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 13:14 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 13:14 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 13:14 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:49 . 2015-11-11 13:14 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-10-29 17:39 . 2015-11-11 13:14 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2015-11-13 05:55 687040 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-12-18 3931728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2015-11-04 790880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys;c:\windows\SYSNATIVE\DRIVERS\nwdelmdm.sys [x]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys;c:\windows\SYSNATIVE\DRIVERS\nwdelser.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MachineTokenService;SOMTS;c:\mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe;c:\mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-01-26 14:19 1090376 ----a-w- c:\program files (x86)\Google\Chrome\Application\48.0.2564.82\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 04:49]
.
2016-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15 10:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2015-11-13 05:55 809920 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}"
[HKEY_CLASSES_ROOT\CLSID\{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}]
2011-10-21 20:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{93BB455E-3D52-4fba-9733-E5103B30FC12}"
[HKEY_CLASSES_ROOT\CLSID\{93BB455E-3D52-4fba-9733-E5103B30FC12}]
2011-10-21 20:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KeepSafe"="c:\program files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe" [2011-10-21 38728]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2015-11-04 1603544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-18 170256]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2015-11-13 161728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ighome.com/?t=395658&s=12
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
Trusted Zone: dell.com
Trusted Zone: driversupport.com\apps
TCP: DhcpNameServer = 24.116.0.53 24.116.2.50
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4087158600-3634752490-1465999267-1001_Classes\Wow6432Node\CLSID\{61d9707f-e1d2-4e5f-b430-556f76b4c3e3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000015d
"Therad"=dword:0000001c
"MData"=hex(0):6d,fe,9a,a2,e9,f5,f7,1a,cb,46,d1,11,cc,3a,5a,87,1a,21,b9,b0,9e,
02,b6,de,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4087158600-3634752490-1465999267-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):db,a6,69,16,c8,9c,e9,42,7e,c6,d9,5d,f9,06,a8,c9,bc,32,6a,3f,83,
c0,82,d3,86,08,8e,fd,c2,9b,3f,90,8a,4d,31,e3,92,f9,a5,74,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-01-26 22:15:26
ComboFix-quarantined-files.txt 2016-01-27 05:15
.
Pre-Run: 339,978,121,216 bytes free
Post-Run: 343,089,725,440 bytes free
.
- - End Of File - - 3718B9A472C4F81C6EB2491124545B59
January 27th, 2016, 06:07 PM
Broni
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
- Double click to run it.
- Make sure you checkmark Addition.txt box.
- Press Scan button.
- Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
January 28th, 2016, 12:39 AM
Rodney M

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-01-2016
Ran by Rod (administrator) on ROD-PC (27-01-2016 21:35:11)
Running from C:\Users\Rod\Desktop
Loaded Profiles: Rod (Available Profiles: Rod)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Windows\SysWOW64\PSIService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1603544 2015-11-04] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3931728 2015-12-18] (Tonec Inc.)
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-11-04] (Bitdefender)
SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll No File
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll [2011-10-21] (Authentec)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{FFEE75C2-49BD-481C-A4F9-A9483E4DF6C1}: [DhcpNameServer] 24.116.0.53 24.116.2.50

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ighome.com/?t=395658&s=12
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-12-16] (Bitdefender)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL [2012-04-23] (AuthenTec Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-12-16] (Bitdefender)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll [2012-04-23] (AuthenTec Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-12-16] (Bitdefender)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-12-16] (Bitdefender)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\npffwloplugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-12-16]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Rod\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Rod\AppData\Roaming\IDM\idmmzcc5 [2015-12-24] [not signed]
FF HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-12-09]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.ighome.com/
CHR StartupUrls: Default -> "hxxp://www.ighome.com/"
CHR DefaultSearchKeyword: Default -> google.com_
CHR Profile: C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Poper Blocker) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2016-01-15]
CHR Extension: (YouTube) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]
CHR Extension: (Google Search) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Block site) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-01-12]
CHR Extension: (Bitdefender Wallet) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Flash Playlist) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbajclanpfajnmiiihhnllgfobjbhpem [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-27]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2016-01-22]
CHR Extension: (Website Logon) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\iihnfacppckhlolhipenbiachkjioanm [2014-11-15]
CHR Extension: (IDM Integration Module) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-12-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Gmail) - C:\Users\Rod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iihnfacppckhlolhipenbiachkjioanm] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-03-31]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-11-04] (Bitdefender)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [296776 2012-04-23] (AuthenTec, Inc)
R2 MachineTokenService; C:\Mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe [57344 2011-05-10] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [100816 2015-11-04] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1561344 2015-11-18] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2015-10-28] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [282000 2015-09-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2015-09-17] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [130656 2015-12-07] (Bitdefender SRL)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-06-25] (Phoenix Technologies) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 NWDellModem; C:\Windows\System32\DRIVERS\nwdelmdm.sys [203392 2009-10-12] (Novatel Wireless Inc.) [File not signed]
S3 NWDellPort; C:\Windows\System32\DRIVERS\nwdelser.sys [203392 2009-10-12] (Novatel Wireless Inc.) [File not signed]
S2 rimsptsk; C:\Windows\System32\DRIVERS\rimspx64.sys [55296 2009-06-25] (REDC) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-01-25] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-07-10] (Oracle Corporation)
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 21:35 - 2016-01-27 21:35 - 00020738 _____ C:\Users\Rod\Desktop\FRST.txt
2016-01-26 22:15 - 2016-01-26 22:15 - 00041309 _____ C:\ComboFix.txt
2016-01-26 21:53 - 2016-01-26 22:15 - 00000000 ____D C:\ComboFix
2016-01-26 21:52 - 2016-01-26 22:15 - 00000000 ____D C:\Qoobox
2016-01-26 21:47 - 2016-01-26 21:47 - 05653508 ____R (Swearware) C:\Users\Rod\Desktop\ComboFix.exe
2016-01-26 06:11 - 2016-01-25 22:39 - 01600184 _____ (Malwarebytes) C:\Users\Rod\Desktop\JRT.exe
2016-01-26 06:07 - 2016-01-26 06:07 - 00000000 ____D C:\AdwCleaner
2016-01-26 06:02 - 2016-01-25 22:39 - 01507840 _____ C:\Users\Rod\Desktop\adwcleaner_5.031.exe
2016-01-25 20:57 - 2016-01-25 20:58 - 20940872 _____ C:\Users\Rod\Desktop\RogueKiller.exe
2016-01-25 08:19 - 2016-01-27 21:35 - 00000000 ____D C:\FRST
2016-01-25 08:18 - 2016-01-25 08:19 - 02370560 _____ (Farbar) C:\Users\Rod\Desktop\FRST64.exe
2016-01-23 20:24 - 2016-01-23 20:30 - 00037376 _____ C:\Users\Rod\Documents\spice labels 1 sheet.zds
2016-01-23 13:31 - 2016-01-23 14:47 - 00008660 _____ C:\Users\Rod\Documents\Drugs I'm on.xlsx
2016-01-22 17:44 - 2016-01-22 17:44 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2016-01-22 17:44 - 2016-01-22 17:44 - 00000000 ____D C:\Program Files (x86)\MakeMKV
2016-01-16 15:06 - 2016-01-16 15:06 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Hewlett-Packard
2016-01-16 14:48 - 2016-01-16 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-01-16 14:47 - 2016-01-16 14:47 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-01-16 14:47 - 2016-01-16 14:47 - 00000000 ____D C:\System.sav
2016-01-16 14:46 - 2016-01-16 14:46 - 00000000 ____D C:\Users\Rod\AppData\Roaming\hpqLog
2016-01-16 12:22 - 2016-01-16 12:22 - 00000000 ____D C:\Users\Rod\AppData\Roaming\ieSpell
2016-01-13 07:13 - 2016-01-13 07:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2016-01-13 07:13 - 2016-01-13 07:13 - 00000000 ____D C:\Program Files\Classic Shell
2016-01-13 06:37 - 2016-01-13 06:37 - 06968048 _____ (IvoSoft) C:\Users\Rod\Downloads\ClassicShellSetup_4_2_5.exe
2016-01-12 22:17 - 2015-12-11 11:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 22:17 - 2015-12-08 14:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 22:17 - 2015-12-08 14:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-12 22:17 - 2015-12-08 14:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 22:17 - 2015-12-08 14:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 22:17 - 2015-12-08 14:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 22:17 - 2015-12-08 14:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 22:17 - 2015-12-08 14:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-12 22:17 - 2015-12-08 14:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-12 22:17 - 2015-12-08 14:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-12 22:17 - 2015-12-08 14:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 22:17 - 2015-12-08 12:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 22:17 - 2015-12-08 12:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-12 22:17 - 2015-12-08 12:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-12 22:17 - 2015-12-08 12:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 22:17 - 2015-12-08 12:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-12 22:17 - 2015-12-08 12:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-12 22:17 - 2015-12-08 11:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-12 22:17 - 2015-12-08 11:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-12 22:17 - 2015-12-08 11:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-12 22:17 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-12 22:17 - 2015-11-13 16:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-12 22:17 - 2015-11-13 16:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-12 22:17 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-12 22:17 - 2015-11-13 15:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-12 22:17 - 2015-11-13 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-12 22:16 - 2015-12-23 16:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-12 22:16 - 2015-12-23 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
January 28th, 2016, 12:39 AM
Rodney M

2016-01-12 22:16 - 2015-12-12 11:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 22:16 - 2015-12-12 11:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 22:16 - 2015-12-12 11:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-12 22:16 - 2015-12-12 11:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-12 22:16 - 2015-12-12 11:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 22:16 - 2015-12-12 11:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 22:16 - 2015-12-12 11:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 22:16 - 2015-12-12 11:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-12 22:16 - 2015-12-12 11:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-12 22:16 - 2015-12-12 11:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 22:16 - 2015-12-12 11:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 22:16 - 2015-12-12 11:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-12 22:16 - 2015-12-12 11:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 22:16 - 2015-12-12 11:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 22:16 - 2015-12-12 11:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 22:16 - 2015-12-12 11:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-12 22:16 - 2015-12-12 11:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-12 22:16 - 2015-12-12 11:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-12 22:16 - 2015-12-12 10:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-12 22:16 - 2015-12-12 10:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 22:16 - 2015-12-12 10:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-12 22:16 - 2015-12-12 10:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-12 22:16 - 2015-12-12 10:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-12 22:16 - 2015-12-12 10:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 22:16 - 2015-12-12 10:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 22:16 - 2015-12-12 10:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 22:16 - 2015-12-12 10:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-12 22:16 - 2015-12-12 10:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-12 22:16 - 2015-12-12 10:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-12 22:16 - 2015-12-12 10:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-12 22:16 - 2015-12-12 10:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-12 22:16 - 2015-12-12 10:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-12 22:16 - 2015-12-12 10:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-12 22:16 - 2015-12-12 10:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-12 22:16 - 2015-12-12 10:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-12 22:16 - 2015-12-12 10:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 22:16 - 2015-12-12 10:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-12 22:16 - 2015-12-12 10:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-12 22:16 - 2015-12-12 10:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-12 22:16 - 2015-12-12 10:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 22:16 - 2015-12-12 10:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-12 22:16 - 2015-12-12 10:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-12 22:16 - 2015-12-12 10:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 22:16 - 2015-12-12 10:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-12 22:16 - 2015-12-12 10:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 22:16 - 2015-12-12 10:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-12 22:16 - 2015-12-12 10:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-12 22:16 - 2015-12-12 10:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-12 22:16 - 2015-12-12 10:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-12 22:16 - 2015-12-12 10:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 22:16 - 2015-12-12 10:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-12 22:16 - 2015-12-12 10:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 22:16 - 2015-12-12 10:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-12 22:16 - 2015-12-12 10:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 22:16 - 2015-12-12 10:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-12 22:16 - 2015-12-12 10:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-12 22:16 - 2015-12-12 10:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 22:16 - 2015-12-12 09:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 22:16 - 2015-12-12 09:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-12 22:16 - 2015-12-12 09:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 22:16 - 2015-12-12 09:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 22:16 - 2015-12-12 09:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-12 22:16 - 2015-12-08 10:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-12 22:12 - 2015-12-30 12:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 22:12 - 2015-12-30 12:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 22:12 - 2015-12-30 12:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-12 22:12 - 2015-12-30 12:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-12 22:12 - 2015-12-30 12:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-12 22:12 - 2015-12-30 12:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-12 22:12 - 2015-12-30 12:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-12 22:12 - 2015-12-30 11:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-12 22:12 - 2015-12-30 11:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 22:12 - 2015-12-30 11:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 22:12 - 2015-12-30 11:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-12 22:12 - 2015-12-30 11:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-12 22:12 - 2015-12-30 11:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-12 22:12 - 2015-12-30 11:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-12 22:12 - 2015-12-30 11:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-12 22:12 - 2015-12-30 11:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-12 22:12 - 2015-12-30 11:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-12 22:12 - 2015-12-30 11:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-12 22:12 - 2015-12-30 11:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-12 22:12 - 2015-12-30 11:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 22:12 - 2015-12-30 11:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-12 22:12 - 2015-12-30 11:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-12 22:12 - 2015-12-30 11:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 22:12 - 2015-12-30 11:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-12 22:12 - 2015-12-30 11:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 10:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-12 22:12 - 2015-12-30 10:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-12 22:12 - 2015-12-30 10:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-12 22:12 - 2015-12-30 10:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-12 22:12 - 2015-12-30 10:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 22:12 - 2015-12-30 10:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-12 22:12 - 2015-12-30 10:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 22:12 - 2015-12-30 10:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-12 22:12 - 2015-12-30 10:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-12 22:12 - 2015-12-30 10:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-12 22:12 - 2015-12-30 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-12 22:12 - 2015-12-30 10:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-12 22:12 - 2015-12-30 10:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-12 22:12 - 2015-12-30 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 22:12 - 2015-12-30 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 22:12 - 2015-12-08 14:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 22:12 - 2015-12-08 14:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 22:12 - 2015-12-08 12:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 22:12 - 2015-12-08 12:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 22:12 - 2015-11-16 18:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 22:12 - 2015-11-16 18:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 22:12 - 2015-11-16 18:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 22:12 - 2015-11-16 18:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 22:12 - 2015-11-16 18:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 22:12 - 2015-11-16 18:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 22:12 - 2015-11-16 13:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-12 22:11 - 2015-12-30 11:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-12 22:11 - 2015-12-30 11:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-12 22:11 - 2015-12-30 11:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-12 22:11 - 2015-12-30 11:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 11:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 11:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-12 22:11 - 2015-12-30 11:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-12 22:11 - 2015-12-30 11:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-12 22:11 - 2015-12-30 11:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 22:11 - 2015-12-30 10:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-12 22:11 - 2015-12-30 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-08 18:07 - 2016-01-08 22:39 - 00009502 _____ C:\Users\Rod\Documents\pass.xlsx
2016-01-03 15:42 - 2016-01-03 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-03 15:42 - 2016-01-03 15:42 - 00000000 ____D C:\Program Files\iTunes
2016-01-03 15:42 - 2016-01-03 15:42 - 00000000 ____D C:\Program Files\iPod
2016-01-03 15:42 - 2016-01-03 15:42 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-02 08:58 - 2016-01-02 08:58 - 00000000 ____D C:\Users\Rod\Documents\PcSetup
2016-01-02 05:08 - 2016-01-02 05:08 - 00000684 ____H C:\bdr-cf01
2016-01-02 05:07 - 2015-10-28 13:01 - 01600512 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-01-02 05:07 - 2015-09-17 22:24 - 00282000 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2016-01-02 05:07 - 2015-09-17 22:23 - 00775424 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-01-02 05:07 - 2014-12-15 18:04 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2016-01-02 05:06 - 2016-01-02 05:13 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Bitdefender
2016-01-02 05:06 - 2016-01-02 05:08 - 00253404 ____H C:\bdr-ld01
2016-01-02 05:06 - 2016-01-02 05:08 - 00009216 ____H C:\bdr-ld01.mbr
2016-01-02 05:06 - 2015-07-15 17:13 - 49737193 ____H C:\bdr-im01.gz
2016-01-02 05:06 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2016-01-02 05:05 - 2016-01-02 05:08 - 00000000 ____D C:\ProgramData\Bitdefender
2016-01-02 05:05 - 2015-06-02 14:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-01-02 05:05 - 2015-04-29 13:32 - 00160032 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-01-02 04:55 - 2016-01-02 04:55 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2016-01-02 04:17 - 2016-01-02 04:17 - 00079268 _____ C:\Windows\ntbtlog.txt
2016-01-02 03:48 - 2016-01-02 03:48 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2015-12-29 05:23 - 2015-12-29 05:18 - 00199152 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 21:31 - 2014-08-16 22:01 - 00000000 ____D C:\Users\Rod\AppData\Roaming\DMCache
2016-01-27 20:58 - 2009-07-13 21:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-27 20:58 - 2009-07-13 21:45 - 00022592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-27 20:53 - 2015-06-27 08:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-27 20:51 - 2009-07-13 22:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-27 20:51 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-01-27 20:50 - 2014-11-15 08:51 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-27 20:49 - 2015-07-19 05:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-27 20:46 - 2014-11-15 08:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 20:46 - 2014-08-16 22:23 - 00000000 ____D C:\Users\Rod\AppData\LocalLow\AuthenTec
2016-01-27 20:46 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 11:14 - 2015-07-15 19:10 - 00382953 _____ C:\bdlog.txt
2016-01-27 11:14 - 2015-05-03 02:54 - 00000000 ____D C:\Users\Rod\AppData\Local\ClassicShell
2016-01-27 11:03 - 2014-08-17 08:53 - 00000000 ____D C:\Users\Rod\AppData\Roaming\vlc
2016-01-26 22:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2016-01-26 22:13 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2016-01-26 07:19 - 2014-11-12 20:43 - 00000000 ____D C:\Users\Rod\AppData\Temp
2016-01-25 22:42 - 2015-06-27 08:35 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-25 22:42 - 2015-06-27 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-25 22:42 - 2014-08-16 21:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-25 22:21 - 2015-08-09 20:03 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-25 21:37 - 2015-11-17 16:52 - 00058368 ___SH C:\Users\Rod\Thumbs.db
2016-01-25 21:04 - 2014-08-16 22:03 - 00000000 ____D C:\ProgramData\TEMP
2016-01-25 20:53 - 2015-11-29 19:26 - 00000000 ____D C:\Program Files (x86)\Pocket Tanks Deluxe
2016-01-25 20:51 - 2015-11-29 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pocket Tanks Deluxe
2016-01-25 10:03 - 2014-08-17 20:43 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Hoyle
2016-01-24 20:45 - 2014-08-17 21:05 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Hoyle Puzzle and Board Games
2016-01-23 12:28 - 2014-12-26 18:49 - 00000000 ____D C:\Program Files (x86)\Firegraphic 11
2016-01-23 11:31 - 2015-09-17 07:07 - 00000000 ____D C:\Users\Rod\Documents\NoteBurner M4V Converter Plus
2016-01-22 19:30 - 2014-08-18 20:27 - 00000000 ____D C:\Users\Rod\Desktop\Thumb
2016-01-22 17:44 - 2014-08-16 21:53 - 00000995 _____ C:\Users\Rod\Desktop\MakeMKV.lnk
2016-01-19 21:49 - 2015-07-19 05:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 21:49 - 2015-07-15 07:20 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-19 21:49 - 2015-07-15 07:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-17 08:19 - 2009-07-13 21:45 - 05110152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-16 16:12 - 2015-08-11 08:25 - 00000000 ____D C:\Users\Rod\AppData\Local\CrashDumps
2016-01-16 15:51 - 2014-12-26 18:50 - 00000000 ____D C:\Users\Rod\Documents\Firegraphic 11
2016-01-16 14:48 - 2014-11-14 21:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-16 14:47 - 2014-08-16 21:48 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-16 14:35 - 2014-08-16 22:03 - 00161520 _____ C:\Users\Rod\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-14 07:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-01-13 06:30 - 2014-12-10 11:36 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 06:30 - 2014-08-17 09:33 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-12 23:06 - 2014-08-17 07:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-12 23:05 - 2014-08-17 08:57 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-12 23:04 - 2014-08-17 08:57 - 00000000 ___HD C:\Program Files (x86)\Microsoft Silverlight
2016-01-12 23:04 - 2014-08-17 08:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-12 23:03 - 2014-08-17 08:59 - 00000000 ____D C:\Windows\system32\MRT
2016-01-12 22:58 - 2014-08-17 08:59 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-12 22:56 - 2015-07-23 17:48 - 00000039 _____ C:\Windows\vbaddin.ini
2016-01-10 21:23 - 2015-04-12 14:14 - 00000000 ____D C:\Users\Rod\Documents\My Kindle Content
2016-01-09 11:52 - 2015-04-12 14:14 - 00002219 _____ C:\Users\Rod\Desktop\Kindle.lnk
2016-01-08 22:30 - 2014-08-28 06:09 - 00000243 _____ C:\Users\Rod\Desktop\Pass.txt
2016-01-08 18:18 - 2014-08-17 07:20 - 00000000 ____D C:\Users\Rod\AppData\Local\Microsoft Help
2016-01-03 15:42 - 2014-09-14 16:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-02 08:58 - 2014-08-16 22:15 - 00099384 _____ C:\Users\Rod\AppData\Roaming\inst.exe
2016-01-02 08:58 - 2014-08-16 22:15 - 00082816 _____ (VSO Software) C:\Users\Rod\AppData\Roaming\pcouffin.sys
2016-01-02 08:58 - 2014-08-16 22:15 - 00007859 _____ C:\Users\Rod\AppData\Roaming\pcouffin.cat
2016-01-02 08:58 - 2014-08-16 22:15 - 00000000 ____D C:\Users\Rod\AppData\Roaming\Vso
2016-01-02 05:08 - 2014-08-16 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2016-01-02 05:05 - 2014-08-16 22:24 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-01-02 05:04 - 2014-08-16 22:34 - 00000000 ____D C:\Program Files\Bitdefender
2016-01-02 04:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-01 06:07 - 2014-08-16 22:01 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-12-31 21:12 - 2014-08-16 22:01 - 00000000 ____D C:\Users\Rod\AppData\Roaming\IDM
2015-12-29 21:41 - 2015-11-16 15:09 - 00028160 _____ C:\Users\Rod\Documents\Emergence Contacts.zdl

==================== Files in the root of some directories =======

2015-08-02 06:32 - 2015-08-02 06:35 - 0000473 _____ () C:\Users\Rod\AppData\Roaming\burnaware.ini
2014-10-30 20:19 - 2014-10-30 20:19 - 0579828 _____ () C:\Users\Rod\AppData\Roaming\CompatAdmin.log
2014-08-16 22:15 - 2016-01-02 08:58 - 0099384 _____ () C:\Users\Rod\AppData\Roaming\inst.exe
2014-08-16 22:15 - 2016-01-02 08:58 - 0007859 _____ () C:\Users\Rod\AppData\Roaming\pcouffin.cat
2014-08-16 22:15 - 2016-01-02 08:58 - 0001167 _____ () C:\Users\Rod\AppData\Roaming\pcouffin.inf
2014-08-16 22:15 - 2016-01-02 08:58 - 0000055 _____ () C:\Users\Rod\AppData\Roaming\pcouffin.log
2014-08-16 22:15 - 2016-01-02 08:58 - 0082816 _____ (VSO Software) C:\Users\Rod\AppData\Roaming\pcouffin.sys
2014-10-30 19:54 - 2014-10-30 19:54 - 0000017 _____ () C:\Users\Rod\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-19 08:50

==================== End of FRST.txt ============================
January 28th, 2016, 12:40 AM
Rodney M

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by Rod (2016-01-27 21:35:50)
Running from C:\Users\Rod\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-08-17 04:44:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4087158600-3634752490-1465999267-500 - Administrator - Disabled)
Guest (S-1-5-21-4087158600-3634752490-1465999267-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4087158600-3634752490-1465999267-1002 - Limited - Enabled)
Rod (S-1-5-21-4087158600-3634752490-1465999267-1001 - Administrator - Enabled) => C:\Users\Rod

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: - )
Amazon Kindle (HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AuthenTec TrueSuite (HKLM\...\{DB7812C8-D23E-41B4-B655-4C3D93662EBD}) (Version: 5.2.2.62 - AuthenTec, Inc.)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 19.5.0.284 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Dell System Detect (HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: - )
DesignPro 5 (HKLM-x32\...\InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
DVDFab 9.2.1.0 (20/08/2015) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Firegraphic 11 (HKLM-x32\...\Firegraphic 11) (Version: 10 - Firegraphic.com)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hoyle Puzzle and Board Games 2011 (remove only) (HKLM-x32\...\Hoyle Puzzle and Board Games 2011) (Version: - )
hppCP1520LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
hppTLBXFXCP1520 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
M4VGear 5.1.5 (HKLM-x32\...\M4VGear_is1) (Version: - M4VGear.com Inc.)
MakeMKV v1.9.9 (HKLM-x32\...\MakeMKV) (Version: v1.9.9 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 8.6.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.6.1 - Moritz Bunkus)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (HKLM-x32\...\{4744E147-F0F2-4140-825E-B3071FC079F1}) (Version: 12.5.01300 - Nero AG)
Nero Prerequisite Installer 2.0 (HKLM-x32\...\{F4C242B4-2973-43F3-93F2-ED1B47AE8848}) (Version: 12.0.02000 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NoteBurner M4V Converter Plus 5.1.5 (HKLM-x32\...\NoteBurner M4V Converter Plus_is1) (Version: - noteburner.com Inc.)
OnDemand5 (HKLM-x32\...\{5F7DFDFA-27B3-4E06-BCDE-B371424C0032}) (Version: 5.8.2.35 - )
Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation)
Prerequisite installer (x32 Version: 12.0.0008 - Nero AG) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\'{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}'_is1) (Version: 5.3.0.30 - VSO Software)
VSO ConvertXToDVD 5 (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.43 - VSO Software)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B0305E6-AE91-4F7F-86FF-F763CA5CAFEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1CA4F630-8C09-460E-89E2-3D74B5F5CB60} - System32\Tasks\{FAFC05DD-0950-4AB5-9952-3C0B55B1BEE8} => pcalua.exe -a C:\Downloads\VirtualBox-4.3.12-93733-Win.exe -d C:\Downloads
Task: {22DA799A-5DC4-48FA-A8A8-8A0AE2A7B11D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {236ECC91-14B6-4D42-A449-8C0E7EFECF7A} - System32\Tasks\{29057814-6FE4-4D72-8782-5F39BD3333B0} => pcalua.exe -a "G:\Software Legal\A PC Fix\HijackThis.exe" -d "G:\Software Legal\A PC Fix"
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {603582A5-906C-4DBA-A3CF-9ADD8549E166} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {66945866-85DA-4AFC-9BAB-35F05CC4E4ED} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {7AE63CED-3BA9-4D62-B920-83C7EB179367} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {7FB644F1-4687-46B2-96D3-E7E0C5FA0481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {8CEAC241-3846-4026-A682-727F839DB541} - System32\Tasks\{5618FF4B-DE23-4EA4-95E2-1C56A02B94EB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Far Cry" -c /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Task: {9ADFD815-BD76-4081-A897-7E3C6B897847} - System32\Tasks\{B62127F2-1B7D-41F0-8571-15E6039977F6} => C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Hoyle Puzzle Games.exe [2009-07-13] ()
Task: {AE62ADE5-C01D-4A22-8BD9-D61181F52B3F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {CFBE3A4E-B16E-4B00-A60C-64BAE6BEAB6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {D1940812-C395-42BA-A105-2013BB448A93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {DB98626D-2554-4D5C-BD6D-6C4CE1AF4DFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {F29B5FD6-8DE6-4FF8-A9A7-A03E80E3F540} - System32\Tasks\{D2DCEF1B-05B6-4D6B-AF07-05D8B9588876} => C:\Program Files (x86)\NoteBurner M4V Converter\NoteBurner M4V Converter.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-02 05:07 - 2015-11-04 14:06 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2016-01-02 05:07 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2016-01-02 05:07 - 2015-12-16 14:25 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2016-01-02 05:07 - 2015-11-10 14:23 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2016-01-25 20:42 - 2016-01-25 20:42 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_006\ashttpbr.mdl
2016-01-25 20:42 - 2016-01-25 20:42 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_006\ashttpdsp.mdl
2016-01-25 20:42 - 2016-01-25 20:42 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_006\ashttpph.mdl
2016-01-25 20:42 - 2016-01-25 20:42 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_006\ashttprbl.mdl
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-29 09:55 - 2011-05-10 08:30 - 00057344 _____ () C:\Mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe
2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-04-23 00:12 - 2012-04-23 00:12 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2012-04-23 00:11 - 2012-04-23 00:11 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:3BFCBF1C
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:A5514ABC
AlternateDataStreams: C:\Users\Rod\Desktop\adwcleaner_5.031.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\CookTimer-0.9.3.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\JRT.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\RogueKiller.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-01-26 22:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.116.0.53 - 24.116.2.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AMD External Events Utility => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\startupreg: 20090604 => C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.exe /r "C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.rpd"
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: systray => C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6EF11F68-F277-4B7F-B1A9-9FF5F16B8CF9}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{61315B5E-0E1C-44BF-ACD9-F7F071467B2B}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{8777A1CE-83D1-4057-856E-05411F325D45}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2008D677-FBC2-4F26-8C71-49D12EB71EF9}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{4BB3B12B-FBF3-4EA2-A71F-F6C8BBA8B3DD}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{317E40D1-DF10-451A-AA48-B1A7AE19D41D}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{10E7A4E3-7914-47BE-B4FC-92B63D90D929}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CC28B050-5451-4D6D-AA91-9A76970B6922}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7475F49C-7AA8-4AAC-89EF-111BCA620AC9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EE73B041-9177-472D-9DEB-377D1C676479}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{36AE53AF-DFCD-4EB6-BACE-9E3682DFEC61}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{8A74F6A6-543C-4BC5-BBC1-E28B84B2E4AA}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{BCDF703C-2A55-4489-99D5-E65939751F71}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{75FDD7AE-5AC9-4557-AB97-A18DB22FDC85}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F84FE6C3-C015-441D-B37D-A3BBDBBC7505}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{105FF2DD-0DEB-415C-94EB-5F1E3B739B37}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7620F473-EEE8-40D8-A248-B5110948885B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB139A44-0100-44F6-AA27-4C8588418D8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2D285A67-2C93-4DB3-8C11-9F4E30A1F691}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1BA54513-9DBC-4812-817C-F6733389F241}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9E22999F-14C9-4610-85A9-E3B8DC09CB18}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Data Interface
Description: Data Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Data Interface
Description: Data Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 09:34:00 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000144,0x0053c008,000000000059CAA0,0,000000000059DAB0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (01/27/2016 09:23:47 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (01/27/2016 09:23:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (01/26/2016 10:13:34 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000134,0x0053c008,00000000003DCAA0,0,00000000003DDAB0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (01/26/2016 10:03:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x81000101).

Error: (01/26/2016 06:32:43 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000134,0x0053c008,000000000019BB10,0,000000000035FFD0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (01/26/2016 06:22:31 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Rod\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x81000101).

Error: (01/25/2016 10:58:32 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (01/25/2016 10:58:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (01/25/2016 08:07:59 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000144,0x0053c008,000000000032CAA0,0,000000000032DAB0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

System errors:
=============
Error: (01/27/2016 09:31:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 09:31:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 09:31:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 08:48:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

Error: (01/27/2016 08:46:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

Error: (01/27/2016 09:34:00 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (01/27/2016 07:22:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

Error: (01/27/2016 07:19:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

Error: (01/26/2016 10:24:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

Error: (01/26/2016 10:22:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

CodeIntegrity:
===================================
Date: 2016-01-27 20:46:17.561
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-27 20:46:17.499
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-27 07:19:59.811
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-27 07:19:59.749
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:22:33.243
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:22:33.181
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:12:04.488
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:12:04.441
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:10:11.341
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Rod\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:10:11.278
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Rod\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 4093.97 MB
Available physical RAM: 2351.6 MB
Total Virtual: 8186.14 MB
Available Virtual: 6136.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.84 GB) (Free:318.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 77C1B5A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
January 28th, 2016, 12:41 AM
Rodney M

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-01-2016
Ran by Rod (2016-01-27 21:35:50)
Running from C:\Users\Rod\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-08-17 04:44:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4087158600-3634752490-1465999267-500 - Administrator - Disabled)
Guest (S-1-5-21-4087158600-3634752490-1465999267-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4087158600-3634752490-1465999267-1002 - Limited - Enabled)
Rod (S-1-5-21-4087158600-3634752490-1465999267-1001 - Administrator - Enabled) => C:\Users\Rod

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Out of date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Out of date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - )
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: - )
Amazon Kindle (HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AuthenTec TrueSuite (HKLM\...\{DB7812C8-D23E-41B4-B655-4C3D93662EBD}) (Version: 5.2.2.62 - AuthenTec, Inc.)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 19.5.0.284 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
Dell System Detect (HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: - )
DesignPro 5 (HKLM-x32\...\InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
DVDFab 9.2.1.0 (20/08/2015) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
Firegraphic 11 (HKLM-x32\...\Firegraphic 11) (Version: 10 - Firegraphic.com)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hoyle Puzzle and Board Games 2011 (remove only) (HKLM-x32\...\Hoyle Puzzle and Board Games 2011) (Version: - )
hppCP1520LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
hppTLBXFXCP1520 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
M4VGear 5.1.5 (HKLM-x32\...\M4VGear_is1) (Version: - M4VGear.com Inc.)
MakeMKV v1.9.9 (HKLM-x32\...\MakeMKV) (Version: v1.9.9 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 8.6.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.6.1 - Moritz Bunkus)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 12 (HKLM-x32\...\{4744E147-F0F2-4140-825E-B3071FC079F1}) (Version: 12.5.01300 - Nero AG)
Nero Prerequisite Installer 2.0 (HKLM-x32\...\{F4C242B4-2973-43F3-93F2-ED1B47AE8848}) (Version: 12.0.02000 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NoteBurner M4V Converter Plus 5.1.5 (HKLM-x32\...\NoteBurner M4V Converter Plus_is1) (Version: - noteburner.com Inc.)
OnDemand5 (HKLM-x32\...\{5F7DFDFA-27B3-4E06-BCDE-B371424C0032}) (Version: 5.8.2.35 - )
Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation)
Prerequisite installer (x32 Version: 12.0.0008 - Nero AG) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\'{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}'_is1) (Version: 5.3.0.30 - VSO Software)
VSO ConvertXToDVD 5 (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.43 - VSO Software)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B0305E6-AE91-4F7F-86FF-F763CA5CAFEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1CA4F630-8C09-460E-89E2-3D74B5F5CB60} - System32\Tasks\{FAFC05DD-0950-4AB5-9952-3C0B55B1BEE8} => pcalua.exe -a C:\Downloads\VirtualBox-4.3.12-93733-Win.exe -d C:\Downloads
Task: {22DA799A-5DC4-48FA-A8A8-8A0AE2A7B11D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {236ECC91-14B6-4D42-A449-8C0E7EFECF7A} - System32\Tasks\{29057814-6FE4-4D72-8782-5F39BD3333B0} => pcalua.exe -a "G:\Software Legal\A PC Fix\HijackThis.exe" -d "G:\Software Legal\A PC Fix"
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {603582A5-906C-4DBA-A3CF-9ADD8549E166} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {66945866-85DA-4AFC-9BAB-35F05CC4E4ED} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {7AE63CED-3BA9-4D62-B920-83C7EB179367} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {7FB644F1-4687-46B2-96D3-E7E0C5FA0481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {8CEAC241-3846-4026-A682-727F839DB541} - System32\Tasks\{5618FF4B-DE23-4EA4-95E2-1C56A02B94EB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Far Cry" -c /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}
Task: {9ADFD815-BD76-4081-A897-7E3C6B897847} - System32\Tasks\{B62127F2-1B7D-41F0-8571-15E6039977F6} => C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Hoyle Puzzle Games.exe [2009-07-13] ()
Task: {AE62ADE5-C01D-4A22-8BD9-D61181F52B3F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {CFBE3A4E-B16E-4B00-A60C-64BAE6BEAB6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {D1940812-C395-42BA-A105-2013BB448A93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {DB98626D-2554-4D5C-BD6D-6C4CE1AF4DFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {F29B5FD6-8DE6-4FF8-A9A7-A03E80E3F540} - System32\Tasks\{D2DCEF1B-05B6-4D6B-AF07-05D8B9588876} => C:\Program Files (x86)\NoteBurner M4V Converter\NoteBurner M4V Converter.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-02 05:07 - 2015-11-04 14:06 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2016-01-02 05:07 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2016-01-02 05:07 - 2015-12-16 14:25 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2016-01-02 05:07 - 2015-11-10 14:23 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2016-01-25 20:42 - 2016-01-25 20:42 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_006\ashttpbr.mdl
2016-01-25 20:42 - 2016-01-25 20:42 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_006\ashttpdsp.mdl
2016-01-25 20:42 - 2016-01-25 20:42 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_006\ashttpph.mdl
2016-01-25 20:42 - 2016-01-25 20:42 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01851_006\ashttprbl.mdl
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-29 09:55 - 2011-05-10 08:30 - 00057344 _____ () C:\Mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe
2007-06-05 12:20 - 2007-06-05 12:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-04-23 00:12 - 2012-04-23 00:12 - 00087880 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2012-04-23 00:11 - 2012-04-23 00:11 - 00556360 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:3BFCBF1C
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:A5514ABC
AlternateDataStreams: C:\Users\Rod\Desktop\adwcleaner_5.031.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\CookTimer-0.9.3.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\JRT.exe:BDU
AlternateDataStreams: C:\Users\Rod\Desktop\RogueKiller.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-01-26 22:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4087158600-3634752490-1465999267-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rod\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.116.0.53 - 24.116.2.50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AMD External Events Utility => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\startupreg: 20090604 => C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.exe /r "C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Ereg\encore_reg.rpd"
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: systray => C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6EF11F68-F277-4B7F-B1A9-9FF5F16B8CF9}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{61315B5E-0E1C-44BF-ACD9-F7F071467B2B}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{8777A1CE-83D1-4057-856E-05411F325D45}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{2008D677-FBC2-4F26-8C71-49D12EB71EF9}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{4BB3B12B-FBF3-4EA2-A71F-F6C8BBA8B3DD}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{317E40D1-DF10-451A-AA48-B1A7AE19D41D}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{10E7A4E3-7914-47BE-B4FC-92B63D90D929}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CC28B050-5451-4D6D-AA91-9A76970B6922}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7475F49C-7AA8-4AAC-89EF-111BCA620AC9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EE73B041-9177-472D-9DEB-377D1C676479}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{36AE53AF-DFCD-4EB6-BACE-9E3682DFEC61}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{8A74F6A6-543C-4BC5-BBC1-E28B84B2E4AA}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{BCDF703C-2A55-4489-99D5-E65939751F71}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{75FDD7AE-5AC9-4557-AB97-A18DB22FDC85}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{F84FE6C3-C015-441D-B37D-A3BBDBBC7505}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{105FF2DD-0DEB-415C-94EB-5F1E3B739B37}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7620F473-EEE8-40D8-A248-B5110948885B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB139A44-0100-44F6-AA27-4C8588418D8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2D285A67-2C93-4DB3-8C11-9F4E30A1F691}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1BA54513-9DBC-4812-817C-F6733389F241}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9E22999F-14C9-4610-85A9-E3B8DC09CB18}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Data Interface
Description: Data Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Data Interface
Description: Data Interface
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2016 09:34:00 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000144,0x0053c008,000000000059CAA0,0,000000000059DAB0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (01/27/2016 09:23:47 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (01/27/2016 09:23:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (01/26/2016 10:13:34 PM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000134,0x0053c008,00000000003DCAA0,0,00000000003DDAB0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (01/26/2016 10:03:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x81000101).

Error: (01/26/2016 06:32:43 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000134,0x0053c008,000000000019BB10,0,000000000035FFD0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

Error: (01/26/2016 06:22:31 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Rod\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x81000101).

Error: (01/25/2016 10:58:32 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (01/25/2016 10:58:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (01/25/2016 08:07:59 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{d239b50d-25d0-11e4-832b-806e6f6e6963} - 0000000000000144,0x0053c008,000000000032CAA0,0,000000000032DAB0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired.
.

Operation:
Processing EndPrepareSnapshots

Context:
Execution Context: System Provider

System errors:
=============
Error: (01/27/2016 09:31:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 09:31:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 09:31:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (01/27/2016 08:48:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

Error: (01/27/2016 08:46:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

Error: (01/27/2016 09:34:00 AM) (Source: volsnap) (EventID: 67) (User: )
Description: The shadow copy of volume C: being created failed to install.

Error: (01/27/2016 07:22:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

Error: (01/27/2016 07:19:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

Error: (01/26/2016 10:24:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%2

Error: (01/26/2016 10:22:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
%%577

CodeIntegrity:
===================================
Date: 2016-01-27 20:46:17.561
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-27 20:46:17.499
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-27 07:19:59.811
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-27 07:19:59.749
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:22:33.243
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:22:33.181
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rimspx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:12:04.488
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:12:04.441
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:10:11.341
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Rod\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-01-26 22:10:11.278
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Rod\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 4093.97 MB
Available physical RAM: 2351.6 MB
Total Virtual: 8186.14 MB
Available Virtual: 6136.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.84 GB) (Free:318.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 77C1B5A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=476.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Show 40 post(s) from this thread on one page