Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flash Redirect / Host File / BSOD or freezing with LOTS OF router problems


  • This topic is locked This topic is locked
83 replies to this topic

#1 abeattie3

abeattie3

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 31 January 2015 - 02:08 PM

This has been a consistent problem for so many months I can't remember its start  I have had a geek squad support contract for a couple of years and I have used it alot. the specific errors always seem to go back to Livecomm  and an error 41 with thew BSOD.  The flash rediret is every few times I log into Chrome I get the redirect and I have to hard start it to stop.  The Error message that comjes up is an error 1000 rundll32.exe error along with a RAlink  BluesolielCS error that also comes up all the time

 

 

 

Recently well the last 6 or 7 months , I have been getting a ton of port scan, udp flood, and syn flood attacks in my router however I checked and most of the ip's are to palaces they should be like Yahoo, google, Amazon so I am assuming its some type of Error in the router which is an all and 1 surfboard.  I would mention it at all as those are usually false positives I think, but i mention it anyway because as of lase when I log in and open up the computer the next morning files are jumbled, missing or inside each other.  I know it is ridiculous to think some hacker picked us out of a crowd, came across my  business card and then decided to move some files around and look like a ghost but that is exactly what it feels like

 

So far we have been unsuccessful in fixing a problem that never seems to have a culprit other than updates etc.  However the computer is supposed to be one of the faster ones I could get.  I know you cant get a virus in the router but I have never had a computer drop the service so much.  and it started toi do an internal click thing that does not sound like the hard drive but its very very intermitent.  

 

finally I did overstep my bounds a few days ago when researching the problem I found a thread that is currently active hereon BieepComp which is very very similar I stupidly tried to follow along and ended up downloading and Running Zoek.exe zip and couldn't stop it for over 15 hours.  I know I shouldn't have done that and I  know is not the right thing to day and I feel like a idiot for doing something that will never happen again.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by thedi_000 (administrator) on FINISHLINEIP on 31-01-2015 09:37:37
Running from C:\Users\thedi_000\Downloads
Loaded Profiles: thedi_000 (Available profiles: thedi_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files (x86)\Quickfilter Technologies\Profound Sound\ProfoundSoundService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft) C:\Program Files (x86)\Quickfilter Technologies\Profound Sound\SkpPopupSvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrobat_sl.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-12-21] (Synaptics Incorporated)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2007592 2014-11-27] (Trend Micro Inc.)
HKLM\...\Run: [Hightail Sync Agent] => C:\Program Files (x86)\Hightail Desktop App\Hightail.exe [7040056 2013-10-28] (Hightail Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [FreedomeAutoStart] => C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe [1985064 2015-01-20] (F-Secure Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [Amazon Music] => C:\Users\thedi_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-983936870-3653672844-3623726825-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-983936870-3653672844-3623726825-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-983936870-3653672844-3623726825-1002: @citrixonline.com/appdetectorplugin -> C:\Users\thedi_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-983936870-3653672844-3623726825-1002: hp.com/HPDetect -> C:\Users\thedi_000\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-29]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR Profile: C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TechSmith Snagit (Extension)) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\annopcfmbiofommjmcmcfmhklhgbhkce [2015-01-29]
CHR Extension: (Google Docs) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20]
CHR Extension: (WOT) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-17]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-01-03]
CHR Extension: (Business Hangouts) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbjchepdbjeemagnjpoihpkjghelnge [2014-12-15]
CHR Extension: (Adblock Plus) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-24]
CHR Extension: (Video download helper) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeknpmhkhngjefhkffihhmpmmdfakha [2015-01-29]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-11-08]
CHR Extension: (TechSmith Snagit) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnghgbgmemnlbckdipnmelbanpgneik [2015-01-29]
CHR Extension: (Chrome Notepad) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2014-12-21]
CHR Extension: (Citrix ShareFile) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjphemlndlpgcngpgbaofdbkccjomopc [2015-01-26]
CHR Extension: (Bookmark Manager) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-19]
CHR Extension: (EasyPrompter) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hamkbkcipeflbbmjllpcamjgdmiljdik [2014-12-21]
CHR Extension: (TeamGantt Project Management) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcoffgicdhbbbpdopfhaemdbdglnkcok [2015-01-15]
CHR Extension: (feedly) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-01-25]
CHR Extension: (EstiBot Add-on) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hncaclbgcflajbhailljkmakcdkgfcbo [2015-01-24]
CHR Extension: (Voice Broadcasting - SimplyCast) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkjclnkcegiaabdfimlklcfhcmeeldk [2015-01-18]
CHR Extension: (Podio) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfhmmbhaifchbdlhlfcoildocgmbleb [2015-01-29]
CHR Extension: (Hangouts) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-12-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-01-21]
CHR Extension: (TwistedWave) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhjkhabkkillndljkhedpfldghbpljij [2015-01-18]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-01-27]
CHR Extension: (Google Wallet) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Extension: (Trend Micro Password Manager) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2014-12-22]
CHR Extension: (Sticky Notes - Just popped up!) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpdjbappofmfbgdmhoaabefbobddchk [2014-12-17]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path
CHR HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THEDI_~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-20]
CHR HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1706744 2013-11-01] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-11-01] (IVT Corporation)
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Freedome Service; C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe [109608 2015-01-20] (F-Secure Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 ProfoundSound Service; C:\Program Files (x86)\Quickfilter Technologies\Profound Sound\ProfoundSoundService.exe [136056 2013-04-19] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [325656 2014-11-27] (Trend Micro Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 SkpPopupSvc; C:\Program Files (x86)\Quickfilter Technologies\Profound Sound\SkpPopupSvc.exe [18272 2013-04-19] (Microsoft)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-04-15] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-12-21] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-12-21] (Advanced Micro Devices)
S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-10-07] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-07] (Microsoft Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-28] (CyberLink Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2014-11-27] (Trend Micro Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [96472 2014-12-23] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\system32\drivers\ProfoundSound.sys [35104 2012-09-25] ()
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
S3 pneteth; C:\Windows\system32\DRIVERS\pneteth.sys [15360 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-12-21] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2014-12-21] (Ralink Technology, Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29936 2014-12-21] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U0 SR; No ImagePath
U2 srservice; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 09:37 - 2015-01-31 09:37 - 00000000 ____D () C:\Users\thedi_000\Downloads\FRST-OlderVersion
2015-01-30 23:51 - 2015-01-30 23:53 - 272567715 _____ () C:\Users\thedi_000\Downloads\iretmod3.mp4
2015-01-30 15:38 - 2015-01-30 18:09 - 00148851 _____ () C:\Users\thedi_000\Downloads\Addition.txt
2015-01-30 15:34 - 2015-01-31 09:37 - 00042134 _____ () C:\Users\thedi_000\Downloads\FRST.txt
2015-01-30 15:34 - 2015-01-31 09:37 - 00000000 ____D () C:\FRST
2015-01-30 15:32 - 2015-01-31 09:37 - 02130944 _____ (Farbar) C:\Users\thedi_000\Downloads\FRST64.exe
2015-01-30 10:12 - 2015-01-30 10:12 - 00002737 _____ () C:\Users\thedi_000\Desktop\Hangouts.lnk
2015-01-29 22:06 - 2015-01-29 22:06 - 00024357 _____ () C:\Users\thedi_000\Desktop\lender-investor breakdown.7z
2015-01-29 21:25 - 2015-01-29 21:25 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup (4).exe
2015-01-29 18:16 - 2015-01-29 18:16 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-01-29 18:16 - 2015-01-29 18:16 - 00002197 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-01-29 18:16 - 2015-01-29 18:16 - 00002127 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2015-01-29 18:16 - 2015-01-29 18:16 - 00002036 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-01-29 18:16 - 2015-01-29 18:16 - 00002013 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-01-29 15:45 - 2015-01-29 15:45 - 00026452 _____ () C:\Users\thedi_000\Downloads\Final_Valuation_-_5615_Happy_Pines_Dr__Foresthill_CA_95631 (1).xlsx
2015-01-29 15:35 - 2015-01-29 15:35 - 00041784 _____ () C:\Users\thedi_000\Downloads\Bank_Account_Review.xlsx
2015-01-29 15:11 - 2015-01-29 15:11 - 00001224 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-01-29 15:11 - 2015-01-29 15:11 - 00001212 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-01-29 04:47 - 2015-01-29 04:47 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\VS Revo Group
2015-01-29 04:45 - 2015-01-29 04:45 - 00001100 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-01-29 04:45 - 2015-01-29 04:45 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-29 04:45 - 2015-01-29 04:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-29 04:45 - 2015-01-29 04:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-29 04:45 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-01-29 04:43 - 2015-01-29 04:44 - 10801480 _____ (VS Revo Group ) C:\Users\thedi_000\Downloads\RevoUninProSetup.exe
2015-01-29 03:04 - 2015-01-31 09:24 - 01303566 _____ () C:\WINDOWS\PFRO.log
2015-01-29 01:15 - 2015-01-29 01:15 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-28 19:22 - 2015-01-28 19:22 - 00002639 _____ () C:\Users\thedi_000\Desktop\feedly.lnk
2015-01-28 18:04 - 2015-01-28 18:04 - 00081030 _____ () C:\Users\thedi_000\Desktop\Simple H2G Analyzer.xlsx
2015-01-28 06:16 - 2015-01-28 06:16 - 00000000 ____D () C:\zoek
2015-01-28 05:28 - 2015-01-28 06:20 - 00000128 _____ () C:\folders.log
2015-01-28 05:17 - 2015-01-28 06:56 - 00057121 _____ () C:\zoek-results.log
2015-01-28 05:09 - 2015-01-28 07:00 - 00003330 _____ () C:\runcheck.txt
2015-01-28 05:08 - 2015-01-28 06:20 - 00000000 ____D () C:\zoek_backup
2015-01-28 04:40 - 2015-01-28 04:41 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\thedi_000\Desktop\tdsskiller.exe
2015-01-27 19:04 - 2015-01-27 19:04 - 00048302 _____ () C:\Users\thedi_000\Desktop\download.htm
2015-01-27 12:31 - 2015-01-27 12:31 - 00849352 _____ () C:\Users\thedi_000\Downloads\AppManagerSetup_1.47.exe
2015-01-26 23:01 - 2015-01-26 23:01 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup (3).exe
2015-01-26 22:57 - 2015-01-26 22:58 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Windows Live Writer
2015-01-26 22:05 - 2015-01-28 19:12 - 00000000 ___RD () C:\Users\thedi_000\Hightail
2015-01-26 22:05 - 2015-01-26 22:05 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Hightail
2015-01-26 22:05 - 2015-01-26 22:05 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Hightail
2015-01-26 22:04 - 2015-01-26 22:04 - 00002008 _____ () C:\Users\Public\Desktop\Hightail Desktop App.lnk
2015-01-26 22:04 - 2015-01-26 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail Desktop App
2015-01-26 22:04 - 2015-01-26 22:04 - 00000000 ____D () C:\Program Files (x86)\Hightail Desktop App
2015-01-26 21:43 - 2015-01-26 21:43 - 00001764 _____ () C:\Users\thedi_000\Desktop\Domain Filpping Template Page.html
2015-01-26 21:27 - 2015-01-26 21:28 - 18699832 _____ (Hightail, inc) C:\Users\thedi_000\Downloads\HightailDesktop.exe
2015-01-26 16:13 - 2015-01-29 04:56 - 00000000 ____D () C:\Users\thedi_000\Documents\Business-in-a-Box Files
2015-01-26 16:11 - 2015-01-26 16:11 - 00519016 _____ (Biztree Inc.) C:\Users\thedi_000\Downloads\business-in-a-box_setup.exe
2015-01-26 12:31 - 2015-01-26 12:31 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup (2).exe
2015-01-26 12:28 - 2015-01-26 12:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\thedi_000\Downloads\HijackThis.exe
2015-01-25 22:59 - 2015-01-25 22:59 - 00017925 _____ () C:\Users\thedi_000\Downloads\freshdrop.com.export.csv
2015-01-25 16:31 - 2015-01-25 16:31 - 00002481 _____ () C:\Users\thedi_000\Downloads\export (2).csv
2015-01-25 14:12 - 2015-01-25 14:12 - 00000000 ____D () C:\Users\thedi_000\Downloads\rssowl-2.2.1.windows
2015-01-25 14:10 - 2015-01-25 14:10 - 15438567 _____ () C:\Users\thedi_000\Downloads\rssowl-2.2.1.windows.zip
2015-01-25 13:34 - 2015-01-25 13:34 - 04026436 _____ (RSSOwl Team) C:\Users\thedi_000\Downloads\RSSOwl Setup 2.2.1 (2).exe
2015-01-25 13:32 - 2015-01-25 13:32 - 04026436 _____ (RSSOwl Team) C:\Users\thedi_000\Downloads\RSSOwl Setup 2.2.1 (1).exe
2015-01-25 12:09 - 2015-01-25 12:09 - 00081176 _____ () C:\Users\thedi_000\Desktop\aab05708
2015-01-25 12:02 - 2015-01-25 12:03 - 00000000 ____D () C:\Users\thedi_000\.rssowl2
2015-01-25 12:02 - 2015-01-25 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSSOwl
2015-01-25 11:31 - 2015-01-25 11:31 - 04026436 _____ (RSSOwl Team) C:\Users\thedi_000\Downloads\RSSOwl Setup 2.2.1.exe
2015-01-25 11:17 - 2015-01-25 11:17 - 00022016 ____H () C:\Users\thedi_000\Downloads\~WRL0003.tmp
2015-01-25 00:15 - 2015-01-25 00:15 - 456685609 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-25 00:15 - 2015-01-25 00:15 - 00280808 _____ () C:\WINDOWS\Minidump\012515-37500-01.dmp
2015-01-24 17:51 - 2015-01-24 17:51 - 00000119 _____ () C:\Users\thedi_000\Downloads\Export (1).csv
2015-01-24 12:00 - 2015-01-24 13:21 - 00000000 ____D () C:\AdwCleaner
2015-01-24 11:51 - 2015-01-24 11:51 - 01402880 _____ () C:\Users\thedi_000\Downloads\HiJackThis.msi
2015-01-24 11:49 - 2015-01-24 11:53 - 00002534 _____ () C:\Users\thedi_000\Desktop\Rkill.txt
2015-01-24 11:49 - 2015-01-24 11:49 - 02194432 _____ () C:\Users\thedi_000\Downloads\AdwCleaner.exe
2015-01-24 11:48 - 2015-01-24 11:48 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\thedi_000\Downloads\rkill.exe
2015-01-23 23:42 - 2015-01-24 06:30 - 00440880 _____ () C:\Users\thedi_000\Desktop\Untitled-1.psd
2015-01-23 18:59 - 2015-01-23 18:59 - 00001964 _____ () C:\Users\thedi_000\Downloads\Keyword Planner 2015-01-23 at 18-58-51.csv
2015-01-23 18:55 - 2015-01-23 18:55 - 00001964 _____ () C:\Users\thedi_000\Downloads\Keyword Planner 2015-01-23 at 18-55-36.csv
2015-01-23 09:39 - 2015-01-23 09:39 - 00000119 _____ () C:\Users\thedi_000\Downloads\Export.csv
2015-01-23 07:02 - 2015-01-23 07:02 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\googledrivesync (1).exe
2015-01-23 02:52 - 2015-01-23 02:52 - 00001271 _____ () C:\Users\thedi_000\Downloads\watchlist (1).csv
2015-01-23 02:37 - 2015-01-23 02:37 - 00001736 _____ () C:\Users\thedi_000\Downloads\Keyword Planner 2015-01-23 at 02-37-07.csv
2015-01-23 00:39 - 2015-01-23 00:39 - 00000676 _____ () C:\Users\thedi_000\Downloads\watchlist.csv
2015-01-22 23:05 - 2015-01-22 23:13 - 00010752 ___SH () C:\Users\thedi_000\Documents\Thumbs.db
2015-01-22 07:08 - 2015-01-22 07:08 - 00008232 _____ () C:\Users\thedi_000\Downloads\Keyword Planner 2015-01-22 at 07-08-04.csv
2015-01-22 02:44 - 2015-01-31 09:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-22 02:44 - 2015-01-22 02:44 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-22 02:35 - 2015-01-22 02:35 - 17534640 _____ (Adobe Systems Incorporated) C:\Users\thedi_000\Downloads\flashplayer16_install_win_ax.exe
2015-01-22 02:33 - 2015-01-22 02:33 - 17921712 _____ (Adobe Systems Incorporated) C:\Users\thedi_000\Downloads\flashplayer16_debug_win_ax.exe
2015-01-22 02:30 - 2015-01-22 02:30 - 00960176 _____ (Adobe Systems Incorporated) C:\Users\thedi_000\Desktop\flashplayer16_uninstall_win.exe
2015-01-22 02:25 - 2015-01-22 02:26 - 05148034 _____ (Adobe Systems Inc.) C:\Users\thedi_000\Downloads\Shockwave_Installer_Full (2).exe
2015-01-22 02:24 - 2015-01-29 23:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-983936870-3653672844-3623726825-1002
2015-01-22 02:21 - 2015-01-22 02:21 - 00000000 ____D () C:\ProgramData\Sun
2015-01-22 02:11 - 2015-01-22 02:11 - 00848512 _____ () C:\Users\thedi_000\Downloads\AppManagerSetup_1.46_1.exe
2015-01-22 02:02 - 2015-01-22 02:05 - 93427112 _____ (Oracle Corporation) C:\Users\thedi_000\Downloads\jre-8u31-windows-x64.exe
2015-01-22 01:41 - 2015-01-22 01:45 - 00640135 _____ () C:\Users\thedi_000\Downloads\msxml4.zip
2015-01-21 21:43 - 2015-01-21 21:43 - 04614144 _____ () C:\Users\thedi_000\Downloads\msxml6_SDK.msi
2015-01-21 21:43 - 2015-01-21 21:43 - 03753472 _____ () C:\Users\thedi_000\Downloads\msxml6_ia64.msi
2015-01-21 21:43 - 2015-01-21 21:43 - 02721280 _____ () C:\Users\thedi_000\Downloads\msxml6_x64.msi
2015-01-21 21:42 - 2015-01-21 21:43 - 01528320 _____ () C:\Users\thedi_000\Downloads\msxml6.msi
2015-01-21 21:02 - 2015-01-21 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-01-21 21:02 - 2015-01-13 10:00 - 00112640 _____ () C:\WINDOWS\SysWOW64\ff_vfw.dll
2015-01-21 21:02 - 2014-12-21 05:58 - 03570688 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll
2015-01-21 21:02 - 2014-12-21 05:57 - 03588608 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll
2015-01-21 21:02 - 2014-12-04 14:56 - 00729088 _____ () C:\WINDOWS\system32\xvidcore.dll
2015-01-21 21:02 - 2014-12-04 14:55 - 00655872 _____ () C:\WINDOWS\SysWOW64\xvidcore.dll
2015-01-21 21:02 - 2014-12-02 06:10 - 00260184 _____ () C:\WINDOWS\system32\unrar64.dll
2015-01-21 21:02 - 2014-11-14 06:12 - 00254976 _____ () C:\WINDOWS\system32\xvidvfw.dll
2015-01-21 21:02 - 2014-11-14 06:11 - 00240128 _____ () C:\WINDOWS\SysWOW64\xvidvfw.dll
2015-01-21 21:02 - 2012-07-21 03:55 - 00180736 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-01-21 21:02 - 2012-07-21 03:54 - 00122880 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm
2015-01-21 21:02 - 2011-12-07 10:37 - 00148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-01-21 21:02 - 2011-12-07 10:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll
2015-01-21 21:01 - 2015-01-21 21:02 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-01-20 21:40 - 2015-01-21 12:28 - 00500673 _____ () C:\Users\thedi_000\Desktop\Craigslist flyer.psd
2015-01-20 14:05 - 2015-01-20 14:05 - 00002297 _____ () C:\Users\Public\Desktop\Freedome.lnk
2015-01-20 14:05 - 2015-01-20 14:05 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\F-Secure
2015-01-20 14:05 - 2015-01-20 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedome
2015-01-20 14:04 - 2015-01-20 14:04 - 00033832 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2015-01-20 14:03 - 2015-01-20 14:03 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2015-01-20 14:02 - 2015-01-20 14:03 - 35325480 _____ (F-Secure Corporation) C:\Users\thedi_000\Downloads\Freedome.exe
2015-01-20 12:50 - 2015-01-20 12:50 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Panda Security
2015-01-20 12:50 - 2015-01-20 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015
2015-01-20 12:41 - 2015-01-20 12:42 - 58209912 _____ () C:\Users\thedi_000\Downloads\GP15.exe
2015-01-20 10:42 - 2015-01-20 10:42 - 00000000 ____D () C:\Users\thedi_000\Tracing
2015-01-20 10:41 - 2015-01-20 10:43 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\XMind
2015-01-20 10:40 - 2015-01-20 10:40 - 00000000 ____D () C:\WINDOWS\en
2015-01-20 10:39 - 2015-01-20 10:39 - 00001288 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-01-20 10:39 - 2015-01-20 10:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-20 10:38 - 2015-01-20 10:38 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-01-20 10:38 - 2015-01-20 10:38 - 00001441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-01-20 10:38 - 2015-01-20 10:38 - 00000968 _____ () C:\Users\thedi_000\Desktop\XMind 6.lnk
2015-01-20 10:38 - 2015-01-20 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
2015-01-20 10:36 - 2015-01-20 10:41 - 00000000 ____D () C:\Program Files (x86)\XMind
2015-01-20 10:36 - 2015-01-20 10:36 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-20 10:34 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-01-20 10:34 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2015-01-20 10:34 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2015-01-20 10:34 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-01-20 10:34 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-01-20 10:34 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-01-20 10:34 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-01-20 10:34 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-01-20 10:33 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2015-01-20 10:33 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2015-01-20 10:31 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2015-01-20 10:31 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2015-01-20 10:30 - 2015-01-20 10:32 - 119220575 _____ (XMind Ltd. ) C:\Users\thedi_000\Downloads\xmind-windows-3.5.1.201411201906 (1).exe
2015-01-20 10:29 - 2015-01-20 10:32 - 119220575 _____ (XMind Ltd. ) C:\Users\thedi_000\Downloads\xmind-windows-3.5.1.201411201906.exe
2015-01-20 10:13 - 2015-01-20 10:14 - 37077863 _____ ( ) C:\Users\thedi_000\Downloads\K-Lite_Codec_Pack_1095_Mega.exe
2015-01-20 10:13 - 2015-01-20 10:14 - 13827960 _____ (Adobe Systems Inc.) C:\Users\thedi_000\Downloads\Shockwave_Installer_Full.exe
2015-01-20 10:13 - 2015-01-20 10:13 - 01239752 _____ (Microsoft Corporation) C:\Users\thedi_000\Downloads\wlsetup-web.exe
2015-01-20 10:12 - 2015-01-20 10:12 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup (1).exe
2015-01-20 10:11 - 2015-01-20 10:11 - 17189552 _____ (Adobe Systems Incorporated) C:\Users\thedi_000\Downloads\flashplayer16_install_win_ppapi.exe
2015-01-20 01:51 - 2015-01-20 01:51 - 00000000 ____D () C:\Users\thedi_000\Documents\Adobe
2015-01-20 01:37 - 2015-01-20 01:37 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2015-01-20 00:59 - 2015-01-31 09:31 - 00000000 ___RD () C:\Users\thedi_000\Google Drive
2015-01-20 00:59 - 2015-01-20 00:59 - 00001745 _____ () C:\Users\thedi_000\Desktop\Google Drive.lnk
2015-01-20 00:56 - 2015-01-23 07:05 - 00002025 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-20 00:56 - 2015-01-23 07:05 - 00002023 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-20 00:56 - 2015-01-23 07:05 - 00002013 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-20 00:56 - 2015-01-23 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-20 00:55 - 2015-01-20 00:55 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\googledrivesync.exe
2015-01-19 23:05 - 2015-01-19 23:05 - 00016560 _____ () C:\Users\thedi_000\Downloads\cash_buyers (2).csv
2015-01-19 21:59 - 2015-01-19 21:59 - 00006658 _____ () C:\Users\thedi_000\Downloads\cash_buyers (1).csv
2015-01-19 04:01 - 2015-01-19 04:01 - 00015979 _____ () C:\Users\thedi_000\Downloads\Brian Hilaire Craigslist Leads 1-18.xlsx
2015-01-19 04:00 - 2015-01-19 04:00 - 00015979 _____ () C:\Users\thedi_000\Desktop\Brian Hilaire Craigslist Leads 1-18.xlsx
2015-01-18 21:04 - 2015-01-18 21:04 - 00067918 _____ () C:\Users\thedi_000\Downloads\Craigslist_Phone_Number 1.18.15 (1).xlsx
2015-01-18 20:34 - 2015-01-18 20:34 - 00067918 _____ () C:\Users\thedi_000\Downloads\Craigslist_Phone_Number 1.18.15.xlsx
2015-01-18 18:33 - 2015-01-18 18:47 - 00026914 _____ () C:\Users\thedi_000\Desktop\lender-investor breakdown1.xlsx
2015-01-18 18:07 - 2015-01-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-18 18:06 - 2015-01-18 18:06 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-18 17:59 - 2015-01-18 18:00 - 01513472 _____ () C:\Users\thedi_000\Downloads\7z938-x64.msi
2015-01-18 17:59 - 2015-01-18 17:59 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup.exe
2015-01-18 17:13 - 2015-01-18 18:16 - 00028096 _____ () C:\Users\thedi_000\Desktop\lender-investor breakdown.xls
2015-01-18 12:06 - 2015-01-18 17:13 - 00028118 _____ () C:\Users\thedi_000\Downloads\lender-investor breakdown.xlsx
2015-01-17 22:43 - 2015-01-17 22:43 - 00000922 _____ () C:\Users\thedi_000\Downloads\Cash_Buyers-01_18_2015_-_16_Recipients.txt
2015-01-17 22:36 - 2015-01-17 22:36 - 00041647 _____ () C:\Users\thedi_000\Downloads\clever-docs (1).zip
2015-01-17 22:36 - 2015-01-17 22:36 - 00014819 _____ () C:\Users\thedi_000\Downloads\clever-investor-sales-worksheet (1).xls
2015-01-17 22:36 - 2015-01-17 22:36 - 00014582 _____ () C:\Users\thedi_000\Downloads\clever-investor-rental-worksheet.xls
2015-01-17 22:36 - 2015-01-17 22:36 - 00013033 _____ () C:\Users\thedi_000\Downloads\clever-investor-retirement-worksheet.xls
2015-01-17 22:35 - 2015-01-17 22:35 - 00049436 _____ () C:\Users\thedi_000\Downloads\landlord.zip
2015-01-17 22:35 - 2015-01-17 22:35 - 00045153 _____ () C:\Users\thedi_000\Downloads\wholesale (1).zip
2015-01-17 22:34 - 2015-01-17 22:34 - 03193271 _____ () C:\Users\thedi_000\Downloads\Seller-In-Home-Presentation-Keynote.key
2015-01-17 22:34 - 2015-01-17 22:34 - 02523136 _____ () C:\Users\thedi_000\Downloads\Seller-In-Home-Presentation-Powerpoint.ppt
2015-01-17 22:33 - 2015-01-17 22:33 - 00084619 _____ () C:\Users\thedi_000\Downloads\FastTrack_Offer_Return_Calculator_1.xlsx
2015-01-17 22:33 - 2015-01-17 22:33 - 00023552 _____ () C:\Users\thedi_000\Downloads\Property_Evaluator_Tool.xls
2015-01-17 22:30 - 2015-01-17 22:31 - 03301019 _____ () C:\Users\thedi_000\Downloads\yourwholesalingbusinessmindmap (1).xmind
2015-01-17 22:30 - 2015-01-17 22:30 - 00045153 _____ () C:\Users\thedi_000\Downloads\wholesale.zip
2015-01-17 22:30 - 2015-01-17 22:30 - 00041647 _____ () C:\Users\thedi_000\Downloads\clever-docs.zip
2015-01-17 22:29 - 2015-01-17 22:29 - 00014819 _____ () C:\Users\thedi_000\Downloads\clever-investor-sales-worksheet.xls
2015-01-17 22:27 - 2015-01-17 22:27 - 00166912 _____ () C:\Users\thedi_000\Downloads\expense-budget-report.xls
2015-01-17 22:26 - 2015-01-17 22:26 - 33397022 _____ () C:\Users\thedi_000\Downloads\emailmachine-tour.zip
2015-01-17 22:26 - 2015-01-17 22:26 - 03301019 _____ () C:\Users\thedi_000\Downloads\yourwholesalingbusinessmindmap.xmind
2015-01-17 22:12 - 2015-01-28 00:06 - 00002027 _____ () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-01-17 22:12 - 2015-01-28 00:06 - 00001997 _____ () C:\Users\thedi_000\Desktop\FileHippo App Manager.lnk
2015-01-17 22:12 - 2015-01-22 02:18 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2015-01-17 22:12 - 2015-01-17 22:12 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-01-17 22:11 - 2015-01-29 05:08 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-01-17 22:11 - 2015-01-17 22:11 - 00510776 _____ () C:\Users\thedi_000\Downloads\AppManagerSetup_1.45.exe
2015-01-17 22:10 - 2015-01-17 22:10 - 05490752 _____ (Secunia) C:\Users\thedi_000\Downloads\PSISetup.exe
2015-01-17 22:06 - 2014-04-15 15:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-17 22:06 - 2014-04-15 15:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-17 21:40 - 2015-01-17 21:44 - 00000326 _____ () C:\DelFix.txt
2015-01-17 20:05 - 2015-01-17 20:05 - 00001907 _____ () C:\Users\thedi_000\Downloads\cash_buyers.csv
2015-01-17 11:52 - 2015-01-29 22:09 - 00000000 ____D () C:\Users\thedi_000\Desktop\Gold-Oil
2015-01-16 11:38 - 2015-01-16 11:38 - 00281773 _____ () C:\Users\thedi_000\AppData\Local\census.cache
2015-01-16 11:38 - 2015-01-16 11:38 - 00220213 _____ () C:\Users\thedi_000\AppData\Local\ars.cache
2015-01-16 05:39 - 2015-01-16 05:39 - 00000000 ____D () C:\Users\thedi_000\Downloads\FontShop_780232
2015-01-16 05:38 - 2015-01-16 05:38 - 02011687 _____ () C:\Users\thedi_000\Downloads\FontShop_780232.zip
2015-01-15 00:12 - 2015-01-15 00:12 - 00010918 _____ () C:\Users\thedi_000\Downloads\13 Properties.csv
2015-01-14 17:18 - 2015-01-14 17:18 - 00000000 ____D () C:\Users\thedi_000\Downloads\kitchen-3
2015-01-14 17:17 - 2015-01-14 17:17 - 01013241 _____ () C:\Users\thedi_000\Downloads\kitchen-3.zip
2015-01-14 15:03 - 2015-01-14 15:03 - 05197824 _____ () C:\Users\thedi_000\Downloads\HPSupportSolutionsFramework-en-11.51.0048 (1).msi
2015-01-14 12:56 - 2015-01-14 12:56 - 00041770 _____ () C:\Users\thedi_000\Downloads\Loan_Review_Checklist_5615_Happy_Pines_Drive_-_Finish_Line_Inv_Prop.xlsx
2015-01-14 12:56 - 2015-01-14 12:56 - 00026953 _____ () C:\Users\thedi_000\Downloads\Final_Valuation_-_5615_Happy_Pines_Dr__Foresthill_CA_95631.xlsx
2015-01-14 12:24 - 2015-01-14 12:24 - 00001745 _____ () C:\Users\thedi_000\Downloads\ShalynBlevins.pfx
2015-01-14 03:38 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 03:38 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 03:38 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 03:38 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 03:38 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 03:38 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 03:38 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 03:38 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 17:04 - 2015-01-13 17:04 - 03644277 _____ () C:\Users\thedi_000\Downloads\aab10348
2015-01-13 10:56 - 2015-01-29 22:09 - 00000000 ____D () C:\Users\thedi_000\Desktop\Statements
2015-01-12 22:33 - 2015-01-12 22:22 - 02070839 _____ () C:\Users\thedi_000\Desktop\Synergy Fax pg1.jpeg
2015-01-12 22:32 - 2015-01-12 22:23 - 01821422 _____ () C:\Users\thedi_000\Desktop\Synergy Fax pg2.jpeg
2015-01-12 22:21 - 2015-01-12 22:21 - 00000000 ____D () C:\Users\thedi_000\Documents\Fax
2015-01-12 22:14 - 2015-01-17 21:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-12 21:32 - 2015-01-17 23:23 - 00000000 _____ () C:\WINDOWS\DCEBOOT.LOG
2015-01-12 20:27 - 2015-01-12 20:27 - 00000029 _____ () C:\WINDOWS\MRTK.INI
2015-01-12 20:06 - 2015-01-17 21:43 - 00236080 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2015-01-12 20:06 - 2015-01-17 21:42 - 00025136 _____ (Trend Micro Inc.) C:\WINDOWS\DCEBoot64.exe
2015-01-12 20:02 - 2015-01-12 20:03 - 108604496 _____ (Sophos Limited) C:\Users\thedi_000\Desktop\Sophos Virus Removal Tool (1).exe
2015-01-11 13:55 - 2015-01-11 15:14 - 00002883 _____ () C:\Users\thedi_000\Desktop\6 Properties.csv
2015-01-11 01:24 - 2015-01-11 01:24 - 00000000 ____D () C:\ProgramData\Satori Software Inc
2015-01-11 00:48 - 2015-01-11 00:48 - 00002121 _____ () C:\Users\Public\Desktop\Bulk Mailer Standard.lnk
2015-01-11 00:42 - 2015-01-11 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Mailer
2015-01-11 00:42 - 2015-01-11 00:42 - 00000564 _____ () C:\Users\Public\Desktop\My Bulk Mailer Files.lnk
2015-01-11 00:41 - 2015-01-12 20:27 - 00000000 ____D () C:\My Bulk Mailer Files
2015-01-11 00:41 - 2015-01-11 00:41 - 00000000 ____D () C:\Program Files (x86)\Satori Software
2015-01-11 00:38 - 2015-01-11 00:38 - 00001283 _____ () C:\Users\thedi_000\Desktop\bmusprofessional1201.2014.166746 - Shortcut.lnk
2015-01-10 23:58 - 2015-01-11 00:30 - 00000000 ____D () C:\Users\thedi_000\bmusprofessional1201.2014.166746
2015-01-10 12:01 - 2015-01-31 09:24 - 00006030 _____ () C:\WINDOWS\setupact.log
2015-01-10 12:01 - 2015-01-10 12:01 - 00002825 _____ () C:\Users\Public\Desktop\Profound Sound cSharp.lnk
2015-01-10 12:01 - 2015-01-10 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profound Sound
2015-01-10 12:01 - 2015-01-10 12:01 - 00000000 ____D () C:\Program Files (x86)\Quickfilter Technologies
2015-01-10 12:01 - 2012-09-26 21:09 - 00000000 _____ () C:\WINDOWS\system32\ProfoundSoundActivator.dat
2015-01-10 12:00 - 2015-01-10 12:00 - 00000000 ____D () C:\Users\thedi_000\__MACOSX
2015-01-10 11:28 - 2015-01-10 11:29 - 16572515 _____ () C:\Users\thedi_000\Downloads\PSCSharpWin7 (1).zip
2015-01-10 01:06 - 2015-01-10 01:43 - 3415296307 _____ () C:\Users\thedi_000\Downloads\bmusprofessional1201.2014.166746.zip
2015-01-09 23:57 - 2015-01-09 23:57 - 00006266 _____ () C:\WINDOWS\SysWOW64\BroomData.bit
2015-01-09 23:57 - 2013-04-08 16:30 - 00022752 _____ () C:\WINDOWS\system32\PCloudBroom64.exe
2015-01-09 19:44 - 2015-01-09 19:44 - 00000000 ____D () C:\Users\thedi_000\Downloads\Flash Player
2015-01-09 17:10 - 2015-01-11 00:05 - 00200704 _____ () C:\Users\thedi_000\Downloads\NewList01-09-15a.xls
2015-01-09 00:56 - 2015-01-09 00:56 - 00778456 _____ (Webroot) C:\Users\thedi_000\Downloads\sysbbanalyzer (1).exe
2015-01-09 00:40 - 2015-01-09 00:40 - 01508672 _____ (LogMeIn, Inc.) C:\Users\thedi_000\Downloads\Support-LogMeInRescue (3).exe
2015-01-09 00:40 - 2015-01-09 00:40 - 00002287 _____ () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geek Squad Online Support (7).lnk
2015-01-09 00:39 - 2015-01-09 00:39 - 01508672 _____ (LogMeIn, Inc.) C:\Users\thedi_000\Downloads\Support-LogMeInRescue (2).exe
2015-01-06 23:11 - 2015-01-06 23:13 - 34854837 _____ () C:\Users\thedi_000\Downloads\Shalyn.psd
2015-01-06 10:40 - 2015-01-06 10:40 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2015-01-06 10:36 - 2015-01-06 10:36 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2015-01-06 10:09 - 2015-01-06 10:10 - 41454934 _____ () C:\Users\thedi_000\Downloads\New-Investor-InDesign-Files.zip
2015-01-06 10:09 - 2015-01-06 10:10 - 23179231 _____ () C:\Users\thedi_000\Downloads\New Investor Graphics.zip
2015-01-05 20:50 - 2015-01-05 20:50 - 00002287 _____ () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP Remote Support.lnk
2015-01-05 17:06 - 2015-01-05 17:06 - 00014636 _____ () C:\Users\thedi_000\Downloads\AudioPlaybackDiagnostic.diagcab
2015-01-05 15:14 - 2015-01-29 22:21 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Trend Micro
2015-01-05 12:07 - 2015-01-05 12:08 - 137184163 _____ () C:\Users\thedi_000\Downloads\micro-wholesaling-module2-compressed.mp4
2015-01-04 18:41 - 2015-01-04 18:41 - 00000000 ____D () C:\ProgramData\Lic
2015-01-04 18:15 - 2015-01-04 18:46 - 00000000 ____D () C:\ProgramData\Flex Systems
2015-01-04 18:14 - 2015-01-04 18:14 - 00000000 ____D () C:\Users\Public\Documents\Flex Systems
2015-01-04 18:13 - 2015-01-04 18:13 - 00000000 ____D () C:\Program Files (x86)\Flex Systems
2015-01-04 17:54 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files (x86)\MSECache
2015-01-04 16:37 - 2015-01-20 14:03 - 00000000 ____D () C:\ProgramData\F-Secure
2015-01-04 16:33 - 2015-01-04 16:34 - 05176232 _____ (F-Secure Corporation) C:\Users\thedi_000\Downloads\F-SecureOnlineScanner.exe
2015-01-04 16:14 - 2015-01-04 17:05 - 362560076 _____ () C:\Users\thedi_000\Downloads\FlexStream.zip
2015-01-04 16:00 - 2015-01-04 16:00 - 00200704 _____ () C:\Users\thedi_000\Downloads\FullVendorMatrix.xls
2015-01-03 19:25 - 2015-01-03 19:25 - 00000329 _____ () C:\Users\thedi_000\Desktop\HP Printer Diagnostic Tools.url
2015-01-03 18:48 - 2015-01-17 21:23 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\HpUpdate
2015-01-03 18:48 - 2015-01-05 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-03 18:48 - 2015-01-03 18:48 - 00003636 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
2015-01-03 18:48 - 2015-01-03 18:48 - 00002227 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
2015-01-03 18:48 - 2015-01-03 18:48 - 00001179 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8610.lnk
2015-01-03 18:48 - 2015-01-03 18:48 - 00000978 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-01-03 18:48 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\HPDiscoPM7112.dll
2015-01-03 18:47 - 2015-01-14 15:08 - 00000000 ____D () C:\ProgramData\HP
2015-01-03 18:47 - 2015-01-03 18:47 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-01-03 18:47 - 2015-01-03 18:47 - 00000000 ____D () C:\Program Files\HP
2015-01-03 18:46 - 2015-01-03 18:48 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\HP
2015-01-03 18:43 - 2015-01-03 18:45 - 169870888 _____ () C:\Users\thedi_000\Downloads\OJ8610_198.exe
2015-01-03 15:54 - 2015-01-20 12:51 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-03 02:54 - 2015-01-05 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-03 02:54 - 2015-01-03 02:54 - 00001762 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-03 02:54 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-01-03 02:52 - 2015-01-05 22:22 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-03 02:52 - 2015-01-05 22:21 - 00000000 ____D () C:\Program Files\iTunes
2015-01-03 02:52 - 2015-01-05 22:20 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-03 02:52 - 2015-01-03 02:52 - 00000000 ____D () C:\Program Files\iPod
2015-01-03 02:51 - 2015-01-05 22:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-03 02:51 - 2015-01-03 02:51 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-03 02:37 - 2015-01-03 02:37 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Nero
2015-01-03 02:35 - 2015-01-05 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2015-01-03 02:35 - 2015-01-03 02:35 - 00002733 _____ () C:\Users\Public\Desktop\Seagate Dashboard.lnk
2015-01-03 02:35 - 2015-01-03 02:35 - 00000000 ____D () C:\ProgramData\Nero
2015-01-03 02:35 - 2015-01-03 02:35 - 00000000 ____D () C:\Program Files (x86)\Seagate
2015-01-03 02:32 - 2015-01-05 22:20 - 00000000 ____D () C:\ProgramData\Seagate
2015-01-03 02:32 - 2015-01-03 02:32 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Seagate
2015-01-03 02:31 - 2015-01-03 02:31 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Leader Technologies
2015-01-03 02:30 - 2015-01-03 02:30 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Leadertech
2015-01-03 02:14 - 2015-01-03 02:14 - 122418480 _____ (Apple Inc.) C:\Users\thedi_000\Downloads\iTunes64Setup (1).exe
2015-01-03 02:11 - 2015-01-03 02:12 - 109829936 _____ (Apple Inc.) C:\Users\thedi_000\Downloads\iTunesSetup.exe
2015-01-03 01:20 - 2015-01-03 01:20 - 00000172 _____ () C:\Users\thedi_000\Downloads\ImportTemplate (1).csv
2015-01-03 01:08 - 2015-01-03 01:08 - 00000172 _____ () C:\Users\thedi_000\Downloads\ImportTemplate.csv
2015-01-02 14:21 - 2015-01-02 20:46 - 00000033 _____ () C:\Users\thedi_000\AppData\Roaming\AdobeWLCMCache.dat
2015-01-02 14:05 - 2015-01-02 14:05 - 00001518 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2015-01-02 09:29 - 2015-01-02 09:29 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\FLEXnet
2015-01-01 22:57 - 2014-12-02 06:10 - 00218712 _____ () C:\WINDOWS\SysWOW64\unrar.dll
2015-01-01 22:14 - 2015-01-01 22:14 - 00000000 ____D () C:\Users\thedi_000\Samsung Link
2015-01-01 20:12 - 2015-01-01 20:12 - 00908586 _____ () C:\Users\thedi_000\Downloads\allshareplay1408040042_SamsungLink_v2.0.0_patch.zip
2015-01-01 18:58 - 2015-01-01 19:03 - 92382560 _____ (Copyright 2013 SAMSUNG) C:\Users\thedi_000\Downloads\SamsungLink_Installer64 (1).exe
2015-01-01 18:53 - 2015-01-01 18:53 - 00000000 ____D () C:\Upload
2015-01-01 18:52 - 2015-01-05 22:19 - 00000000 ____D () C:\Users\thedi_000\.swt
2015-01-01 18:45 - 2015-01-01 18:49 - 92382560 _____ (Copyright 2013 SAMSUNG) C:\Users\thedi_000\Downloads\SamsungLink_Installer64.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-31 09:36 - 2014-04-05 18:35 - 02258432 ___SH () C:\Users\thedi_000\Downloads\Thumbs.db
2015-01-31 09:31 - 2014-12-17 01:08 - 00005006 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for FINISHLINEIP-thedi_000 FinishLineIP
2015-01-31 09:31 - 2014-04-09 22:49 - 00000000 ___DO () C:\Users\thedi_000\OneDrive
2015-01-31 09:30 - 2014-11-12 15:52 - 00000215 _____ () C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2015-01-31 09:29 - 2014-12-31 17:35 - 00000612 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-983936870-3653672844-3623726825-1002.job
2015-01-31 09:29 - 2014-05-22 17:32 - 01919992 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-31 09:29 - 2014-04-24 00:32 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\CrashDumps
2015-01-31 09:29 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-31 09:25 - 2014-11-01 08:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 09:25 - 2014-05-29 00:34 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-31 09:24 - 2014-04-09 04:41 - 00003620 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-01-31 09:24 - 2014-04-09 04:41 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-01-31 09:24 - 2013-11-20 09:44 - 00001060 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-01-31 09:24 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 09:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-31 08:58 - 2014-05-29 00:34 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 02:29 - 2014-02-08 15:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-31 01:35 - 2014-12-21 09:15 - 00003196 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForthedi_000
2015-01-31 01:35 - 2014-12-21 09:15 - 00000374 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForthedi_000.job
2015-01-30 11:21 - 2014-12-30 23:00 - 01940992 ___SH () C:\Users\thedi_000\Desktop\Thumbs.db
2015-01-30 10:11 - 2014-04-14 00:54 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Citrix
2015-01-30 02:00 - 2014-04-26 23:24 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Adobe
2015-01-29 22:24 - 2014-12-22 13:33 - 00000000 ____D () C:\Program Files\Trend Micro
2015-01-29 22:23 - 2014-12-22 13:34 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-01-29 22:23 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\ELAMBKUP
2015-01-29 22:00 - 2014-04-16 22:51 - 00000000 ____D () C:\Users\thedi_000\Desktop\Finish Line
2015-01-29 21:29 - 2014-05-29 00:34 - 00002242 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-29 21:11 - 2013-08-22 06:44 - 00450784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-29 18:13 - 2014-04-21 13:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-29 18:12 - 2014-04-24 01:44 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-29 14:13 - 2014-12-30 11:17 - 00000000 ____D () C:\ProgramData\Sophos
2015-01-29 03:18 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-29 03:07 - 2014-04-09 21:54 - 00000000 ____D () C:\Users\thedi_000
2015-01-29 03:05 - 2014-12-22 13:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-29 01:04 - 2014-11-07 00:55 - 00000000 ____D () C:\Program Files (x86)\Slots of Vegas
2015-01-28 19:31 - 2014-11-12 14:57 - 00007616 _____ () C:\Users\thedi_000\AppData\Local\resmon.resmoncfg
2015-01-28 06:20 - 2013-08-22 07:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-28 06:20 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-01-27 23:25 - 2014-03-31 20:43 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Packages
2015-01-27 19:37 - 2014-11-09 03:48 - 00000000 ____D () C:\Program Files (x86)\Cool Cat Casino
2015-01-27 09:23 - 2014-12-31 17:35 - 00003628 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-983936870-3653672844-3623726825-1002
2015-01-27 03:47 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-26 22:57 - 2014-04-05 18:54 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Windows Live
2015-01-26 22:01 - 2014-04-09 04:27 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Downloaded Installations
2015-01-26 19:32 - 2014-03-31 23:01 - 00000000 ____D () C:\Users\thedi_000\Documents\Youcam
2015-01-25 15:38 - 2013-08-22 05:25 - 00262144 _____ () C:\WINDOWS\system32\config\BBI
2015-01-25 00:15 - 2014-12-31 10:57 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-24 13:28 - 2014-03-31 20:44 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\VirtualStore
2015-01-24 12:20 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 12:20 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 00:18 - 2012-08-03 16:02 - 00000000 ____D () C:\SWSetup
2015-01-22 23:18 - 2014-04-08 10:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-22 23:01 - 2014-04-08 10:28 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-22 02:20 - 2014-12-21 18:56 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-01-22 02:19 - 2014-12-21 18:56 - 00000000 ____D () C:\Program Files\Java
2015-01-22 01:50 - 2014-04-26 22:20 - 00000000 ____D () C:\Users\thedi_000\Desktop\Tax Info
2015-01-20 12:51 - 2014-12-02 03:19 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-20 10:39 - 2013-04-27 18:46 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-01-20 10:38 - 2013-04-27 18:45 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-20 02:39 - 2013-08-22 05:25 - 00262144 _____ () C:\WINDOWS\system32\config\ELAM
2015-01-20 01:51 - 2014-03-31 20:47 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Adobe
2015-01-20 01:33 - 2014-11-10 01:58 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 00:56 - 2014-03-31 20:59 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Google
2015-01-20 00:56 - 2014-03-31 20:59 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 04:00 - 2014-12-31 20:20 - 00000000 ___SD () C:\Users\thedi_000\Documents\My Data Sources
2015-01-18 18:01 - 2014-03-18 02:03 - 00974580 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-17 22:05 - 2014-04-05 18:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-17 22:03 - 2014-04-15 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-17 21:48 - 2014-04-05 18:33 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-17 19:23 - 2014-04-16 22:21 - 00000000 ____D () C:\Users\thedi_000\Desktop\Unused
2015-01-17 19:21 - 2014-04-24 01:33 - 00000000 ____D () C:\Users\thedi_000\Desktop\Adobe Photoshop Elements 8
2015-01-17 17:23 - 2014-04-26 23:38 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Apple Computer
2015-01-17 15:39 - 2014-04-26 23:38 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Apple Computer
2015-01-16 12:03 - 2014-12-22 13:33 - 00000036 _____ () C:\Users\thedi_000\AppData\Local\housecall.guid.cache
2015-01-16 11:27 - 2014-12-22 17:04 - 00000010 _____ () C:\Users\thedi_000\AppData\Local\sponge.last.runtime.cache
2015-01-14 21:19 - 2014-12-23 04:12 - 00000000 ____D () C:\ProgramData\WRData
2015-01-14 15:07 - 2014-06-25 00:12 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-01-14 04:11 - 2014-04-21 16:39 - 00005120 _____ () C:\Users\thedi_000\AppData\Local\file__0.localstorage
2015-01-11 00:42 - 2013-04-27 18:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-11 00:41 - 2013-04-27 18:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-10 23:46 - 2014-12-23 04:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-09 22:35 - 2014-05-22 15:57 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\LogMeIn Rescue Applet
2015-01-09 01:27 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-01-09 01:05 - 2014-12-21 18:55 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-06 10:29 - 2014-11-08 16:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-05 22:27 - 2014-12-21 18:45 - 00000000 ____D () C:\ProgramData\IObit
2015-01-05 22:27 - 2014-11-06 23:50 - 00000000 ____D () C:\Program Files\Common Files\NewBlue
2015-01-05 22:27 - 2014-05-29 00:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-05 22:27 - 2014-04-28 20:50 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2015-01-05 22:27 - 2014-02-08 15:30 - 00000000 ____D () C:\ProgramData\install_clap
2015-01-05 22:27 - 2014-02-08 15:10 - 00000000 ___RD () C:\Program Files\Online Services
2015-01-05 22:27 - 2014-02-08 15:10 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-05 22:27 - 2014-02-08 14:58 - 00000000 ____D () C:\Program Files\IDT
2015-01-05 22:27 - 2013-04-27 18:50 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-01-05 22:26 - 2014-05-29 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-05 22:26 - 2014-02-08 15:34 - 00000000 ____D () C:\Program Files (x86)\SymSilent
2015-01-05 22:26 - 2013-04-27 18:49 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2015-01-05 22:26 - 2013-04-27 18:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2015-01-05 22:24 - 2014-11-08 16:50 - 00000000 ____D () C:\d04cd3e33c67b11021
2015-01-05 22:23 - 2013-04-27 18:37 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-01-05 22:21 - 2014-04-26 23:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-05 22:20 - 2014-12-23 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
2015-01-05 22:20 - 2014-12-21 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-05 22:20 - 2014-11-09 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-05 22:20 - 2014-11-09 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Cat Casino
2015-01-05 22:20 - 2014-11-07 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slots of Vegas
2015-01-05 22:20 - 2014-11-06 23:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 13
2015-01-05 22:20 - 2014-07-27 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-05 22:20 - 2014-06-22 22:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 4
2015-01-05 22:20 - 2014-06-22 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 6
2015-01-05 22:20 - 2014-05-29 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-05 22:20 - 2014-05-29 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-05 22:20 - 2014-05-29 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-05 22:20 - 2014-04-28 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-01-05 22:20 - 2014-04-16 21:12 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2015-01-05 22:20 - 2014-04-09 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP MyRoom
2015-01-05 22:20 - 2014-04-09 04:17 - 00000000 ____D () C:\ProgramData\Ralink Bluetooth Stack
2015-01-05 22:20 - 2014-02-08 15:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-01-05 22:20 - 2014-02-08 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0
2015-01-05 22:20 - 2013-08-22 07:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-05 22:20 - 2013-08-22 07:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-05 22:20 - 2013-08-22 07:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-05 22:20 - 2013-08-22 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-05 22:20 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-05 22:20 - 2013-04-27 18:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 22:20 - 2013-04-27 18:54 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-05 22:20 - 2013-04-27 18:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-01-05 22:20 - 2013-04-27 18:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-01-05 22:20 - 2013-04-27 18:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-01-05 22:19 - 2014-12-31 13:23 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\LogMeIn Rescue Calling Card
2015-01-05 22:19 - 2014-05-22 17:52 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\lptmp602899050
2015-01-05 22:19 - 2014-04-16 22:46 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Microsoft Help
2015-01-05 22:19 - 2014-04-09 04:49 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\bluesoleil
2015-01-05 22:19 - 2014-02-08 15:18 - 00000000 ____D () C:\Users\Public\Documents\YouCam
2015-01-05 22:19 - 2013-08-22 07:36 - 00000000 __RSD () C:\Users\Public\Libraries
2015-01-05 22:19 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-05 22:19 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-05 22:19 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-05 22:19 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-05 22:19 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-05 22:19 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-05 22:19 - 2013-08-22 07:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-05 22:19 - 2013-08-22 07:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-05 22:19 - 2012-08-03 16:02 - 00000000 ____D () C:\SYSTEM.SAV
2015-01-05 22:17 - 2014-12-29 15:55 - 00000000 ____D () C:\Users\thedi_000\Desktop\Tor Browser
2015-01-05 22:17 - 2014-11-11 02:15 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2015-01-05 22:17 - 2014-11-08 16:35 - 00000000 ___RD () C:\Users\thedi_000\Creative Cloud Files
2015-01-05 22:17 - 2014-06-03 16:46 - 00000000 ____D () C:\Users\thedi_000\Desktop\Property Detail Report_files
2015-01-05 22:17 - 2014-05-29 00:34 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-05 22:17 - 2014-04-21 16:40 - 00000000 ____D () C:\Users\thedi_000\Documents\ProfoundSound
2015-01-05 22:17 - 2014-04-21 16:29 - 00000000 ____D () C:\Users\thedi_000\Downloads\PSCSharpWin7
2015-01-05 22:17 - 2014-04-17 00:05 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\MaskMyIP
2015-01-05 22:17 - 2014-04-16 22:22 - 00000000 ____D () C:\Users\thedi_000\Desktop\extra
2015-01-05 22:17 - 2014-04-09 21:54 - 00000000 ___RD () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-05 22:17 - 2014-04-09 21:54 - 00000000 ___RD () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-05 22:17 - 2014-04-09 21:54 - 00000000 ___RD () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-05 22:17 - 2014-04-09 21:54 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-05 22:16 - 2014-02-08 15:04 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2015-01-05 22:16 - 2013-08-22 07:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-05 22:16 - 2013-08-22 07:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-01-05 22:14 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Speech
2015-01-05 22:13 - 2014-04-24 00:40 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2015-01-05 22:13 - 2013-08-22 07:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-05 22:13 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Recovery
2015-01-05 22:13 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-01-05 22:13 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\ias
2015-01-05 22:13 - 2013-08-22 05:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-01-05 22:13 - 2013-04-27 18:51 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-01-05 21:53 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-04 10:29 - 2014-04-28 19:57 - 06725542 _____ () C:\Users\thedi_000\Desktop\POM Video.zip
2015-01-03 02:50 - 2014-02-08 15:00 - 00000000 ____D () C:\ProgramData\Apple
2015-01-01 18:52 - 2014-04-15 00:20 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-01 18:52 - 2014-04-15 00:17 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Samsung
 
==================== Files in the root of some directories =======
 
2014-05-22 17:52 - 2014-05-22 17:52 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-01-02 14:21 - 2015-01-02 20:46 - 0000033 _____ () C:\Users\thedi_000\AppData\Roaming\AdobeWLCMCache.dat
2014-12-28 10:01 - 2014-12-28 10:01 - 0000000 _____ () C:\Users\thedi_000\AppData\Roaming\tmcef.log
2015-01-16 11:38 - 2015-01-16 11:38 - 0220213 _____ () C:\Users\thedi_000\AppData\Local\ars.cache
2015-01-16 11:38 - 2015-01-16 11:38 - 0281773 _____ () C:\Users\thedi_000\AppData\Local\census.cache
2014-04-21 16:39 - 2015-01-14 04:11 - 0005120 _____ () C:\Users\thedi_000\AppData\Local\file__0.localstorage
2014-12-22 13:33 - 2015-01-16 12:03 - 0000036 _____ () C:\Users\thedi_000\AppData\Local\housecall.guid.cache
2014-11-12 14:57 - 2015-01-28 19:31 - 0007616 _____ () C:\Users\thedi_000\AppData\Local\resmon.resmoncfg
2014-12-22 17:04 - 2015-01-16 11:27 - 0000010 _____ () C:\Users\thedi_000\AppData\Local\sponge.last.runtime.cache
2015-01-03 18:47 - 2015-01-03 18:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some content of TEMP:
====================
C:\Users\thedi_000\AppData\Local\Temp\7za.exe
C:\Users\thedi_000\AppData\Local\Temp\hijackthis.exe
C:\Users\thedi_000\AppData\Local\Temp\NirCmd.exe
C:\Users\thedi_000\AppData\Local\Temp\PEVZ.EXE
C:\Users\thedi_000\AppData\Local\Temp\remove.exe
C:\Users\thedi_000\AppData\Local\Temp\sed.exe
C:\Users\thedi_000\AppData\Local\Temp\shortcut.exe
C:\Users\thedi_000\AppData\Local\Temp\som_fs.exe
C:\Users\thedi_000\AppData\Local\Temp\som_mp4_encoder.exe
C:\Users\thedi_000\AppData\Local\Temp\swreg.exe
C:\Users\thedi_000\AppData\Local\Temp\swxcacls.exe
C:\Users\thedi_000\AppData\Local\Temp\wget.exe
C:\Users\thedi_000\AppData\Local\Temp\zoek-delete.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-31 05:44
 
==================== End Of Log ============================

Attached Files


Edited by abeattie3, 31 January 2015 - 04:09 PM.


BC AdBot (Login to Remove)

 


#2 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 04 February 2015 - 08:17 PM

New Development.

 

My computer has now started to constantly try and get flash player installer to installl about 4 times an hour



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 AM

Posted 05 February 2015 - 02:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/565212 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 05 February 2015 - 03:36 PM

Ok so to date I started this by downloading and running the zip version of Zoesk.exe.  It ran for almost 16 hours without stopping and I finally did a hard restart which cleared it.  On Noknojon's I followed the malware removal steps laid out in the guide to post to this forum.  Since that first post I have still been experiencing the flash redirect's although not as much but now I get a warning from Panda (My A/V) that flash installer is trying to run about 1 time an hour.  f

 

Then today Panda found a trojan GEneric and a couple of cookies.  M/W bytes also found 2 non malware PUP's as well .  Panda automatically ran and found 2 unknown cookies but nothing else .  

 

The entire time there has bee a steady  streaM OF  the Smart ARP attacks as well 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by thedi_000 (administrator) on FINISHLINEIP on 05-02-2015 12:09:40
Running from C:\Users\thedi_000\Downloads
Loaded Profiles: thedi_000 (Available profiles: thedi_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Hightail Inc.) C:\Program Files (x86)\Hightail Desktop App\Hightail.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(F-Secure Corporation) C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\thedi_000\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-12-21] (Synaptics Incorporated)
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2007592 2014-11-27] (Trend Micro Inc.)
HKLM\...\Run: [Hightail Sync Agent] => C:\Program Files (x86)\Hightail Desktop App\Hightail.exe [7040056 2013-10-28] (Hightail Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1518664 2014-09-17] (Seagate Technology LLC)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [FreedomeAutoStart] => C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\Freedome.exe [1985064 2015-01-20] (F-Secure Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [Amazon Music] => C:\Users\thedi_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127080 2014-09-17] (Seagate Technology LLC)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE64.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail Inc.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-983936870-3653672844-3623726825-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-983936870-3653672844-3623726825-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-983936870-3653672844-3623726825-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-983936870-3653672844-3623726825-1002: @citrixonline.com/appdetectorplugin -> C:\Users\thedi_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-983936870-3653672844-3623726825-1002: hp.com/HPDetect -> C:\Users\thedi_000\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18]
FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-29]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR Profile: C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TechSmith Snagit (Extension)) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\annopcfmbiofommjmcmcfmhklhgbhkce [2015-01-29]
CHR Extension: (Google Docs) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-20]
CHR Extension: (Google Drive) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (WOT) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-17]
CHR Extension: (YouTube) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2015-01-03]
CHR Extension: (Business Hangouts) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbjchepdbjeemagnjpoihpkjghelnge [2014-12-15]
CHR Extension: (Adblock Plus) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-24]
CHR Extension: (Video download helper) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeknpmhkhngjefhkffihhmpmmdfakha [2015-01-29]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-11-08]
CHR Extension: (VTchromizer) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2015-02-04]
CHR Extension: (TechSmith Snagit) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnghgbgmemnlbckdipnmelbanpgneik [2015-01-29]
CHR Extension: (Chrome Notepad) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2014-12-21]
CHR Extension: (Citrix ShareFile) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjphemlndlpgcngpgbaofdbkccjomopc [2015-01-26]
CHR Extension: (Bookmark Manager) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-19]
CHR Extension: (EasyPrompter) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hamkbkcipeflbbmjllpcamjgdmiljdik [2014-12-21]
CHR Extension: (UberConference Screensharing) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcakmcggjddnhepfcajfcpkdjoggcnak [2015-02-04]
CHR Extension: (TeamGantt Project Management) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcoffgicdhbbbpdopfhaemdbdglnkcok [2015-01-15]
CHR Extension: (feedly) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-01-25]
CHR Extension: (EstiBot Add-on) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hncaclbgcflajbhailljkmakcdkgfcbo [2015-01-24]
CHR Extension: (Voice Broadcasting - SimplyCast) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkjclnkcegiaabdfimlklcfhcmeeldk [2015-01-18]
CHR Extension: (Podio) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfhmmbhaifchbdlhlfcoildocgmbleb [2015-01-29]
CHR Extension: (Any.do Extension) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2015-02-02]
CHR Extension: (Hangouts) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-12-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-01-21]
CHR Extension: (TwistedWave) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhjkhabkkillndljkhedpfldghbpljij [2015-01-18]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-01-27]
CHR Extension: (Google Wallet) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-29]
CHR Extension: (UberConference Extension) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\npakjcgebghlhfgcmcoehmehicdhcjbb [2015-02-02]
CHR Extension: (Trend Micro Password Manager) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\olmajmomenlhgihenlbjcfbopoghpckg [2014-12-22]
CHR Extension: (Sticky Notes - Just popped up!) - C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpdjbappofmfbgdmhoaabefbobddchk [2014-12-17]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path
CHR HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THEDI_~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-20]
CHR HKU\S-1-5-21-983936870-3653672844-3623726825-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1706744 2013-11-01] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-11-01] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Freedome Service; C:\Program Files (x86)\F-Secure\Freedome\Freedome\1\FreedomeService.exe [109608 2015-01-20] (F-Secure Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [325656 2014-11-27] (Trend Micro Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-04-01] (CyberLink)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-04-15] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-12-21] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-12-21] (Advanced Micro Devices)
S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthA2DP; No ImagePath
U4 BthAvrcpTg; No ImagePath
U4 BthHFAud; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U4 BthHFSrv; No ImagePath
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-28] (CyberLink Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2014-11-27] (Trend Micro Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [96472 2014-12-23] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 msvad_simple; C:\Windows\system32\drivers\ProfoundSound.sys [35104 2012-09-25] ()
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
S3 pneteth; C:\Windows\system32\DRIVERS\pneteth.sys [15360 2011-11-25] (June Fabrics Technology Inc.) [File not signed]
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-12-21] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2014-12-21] (Ralink Technology, Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29936 2014-12-21] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-04-04] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U0 SR; No ImagePath
U2 srservice; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 12:03 - 2015-02-05 12:03 - 02131968 _____ (Farbar) C:\Users\thedi_000\Downloads\FRST64 (1).exe
2015-02-05 09:36 - 2015-02-05 09:36 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-05 09:35 - 2015-02-05 09:35 - 00002788 _____ () C:\WINDOWS\PFRO.log
2015-02-05 03:19 - 2015-02-05 04:00 - 00000428 ____H () C:\WINDOWS\Tasks\{0CD895CD-99A6-4098-A39B-EB0DBAE0E5C1}.job
2015-02-05 03:19 - 2015-02-05 03:19 - 00003122 _____ () C:\WINDOWS\System32\Tasks\{0CD895CD-99A6-4098-A39B-EB0DBAE0E5C1}
2015-02-05 02:35 - 2015-02-05 02:45 - 00000000 ____D () C:\Users\thedi_000\Downloads\Isabella Valentine
2015-02-05 02:30 - 2015-02-05 02:30 - 00000000 ____D () C:\ProgramData\APN
2015-02-05 02:26 - 2015-02-05 02:26 - 01743448 _____ (BitTorrent Inc.) C:\Users\thedi_000\Downloads\BitTorrent.exe
2015-02-05 02:11 - 2015-02-05 02:12 - 04095595 _____ () C:\Users\thedi_000\Downloads\Brians Postcard-Recovered.psd
2015-02-05 02:11 - 2015-02-05 02:11 - 01790412 _____ () C:\Users\thedi_000\Downloads\real-estate-money-house-made-cash-isolated-white-background-34637717-Recovered.psd
2015-02-05 01:11 - 2015-02-05 01:11 - 00001762 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-02-05 01:11 - 2015-02-05 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-05 01:09 - 2015-02-05 01:11 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-05 01:09 - 2015-02-05 01:11 - 00000000 ____D () C:\Program Files\iTunes
2015-02-05 01:09 - 2015-02-05 01:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-05 01:09 - 2015-02-05 01:09 - 00000000 ____D () C:\Program Files\iPod
2015-02-05 01:00 - 2015-02-05 01:00 - 00000000 ____D () C:\Program Files\Bonjour
2015-02-05 01:00 - 2015-02-05 01:00 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-02-05 00:46 - 2015-02-05 00:46 - 121343792 _____ (Apple Inc.) C:\Users\thedi_000\Downloads\itunes64setup (2).exe
2015-02-04 14:15 - 2015-02-05 11:15 - 17297072 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-02-04 04:16 - 2015-02-04 04:16 - 03643430 _____ () C:\Users\thedi_000\Downloads\betonlineinstaller.exe
2015-02-04 03:06 - 2015-02-04 03:06 - 00094982 _____ () C:\Users\thedi_000\Downloads\Samsung GALAXY Tab 3 Lite 7.0 8GB WiFi.jpeg
2015-02-03 08:34 - 2015-02-03 03:05 - 00001887 _____ () C:\Users\thedi_000\Downloads\DomainDownloadList-238059677.csv
2015-02-03 03:05 - 2015-02-03 03:05 - 00000433 _____ () C:\Users\thedi_000\Downloads\DomainDownloadList-238059677.csv.gz
2015-02-02 21:20 - 2009-08-13 18:07 - 00729424 _____ (WeOnlyDo Software) C:\WINDOWS\SysWOW64\wodSFTP.dll
2015-02-02 21:20 - 2009-08-13 18:07 - 00672024 _____ (WeOnlyDo! COM) C:\WINDOWS\SysWOW64\wodKeys.dll
2015-02-02 20:06 - 2015-02-02 20:06 - 05152292 _____ () C:\Users\thedi_000\Downloads\affiliateagreementandwebsite.zip
2015-02-02 17:15 - 2015-02-02 17:17 - 04156125 _____ () C:\Users\thedi_000\Downloads\Brian Postcard Side1.psd
2015-02-02 01:55 - 2015-02-02 20:03 - 03932212 _____ () C:\Users\thedi_000\Downloads\Brians Postcard.psd
2015-02-01 04:14 - 2015-02-01 04:14 - 00000000 __SHD () C:\ProgramData\System Restore
2015-02-01 04:13 - 2015-02-01 04:14 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\FireShot
2015-02-01 04:13 - 2015-02-01 04:13 - 00156608 _____ (http://getfireshot.com) C:\Users\thedi_000\Downloads\fireshot-chrome-plugin.exe
2015-02-01 04:13 - 2015-02-01 04:13 - 00000269 _____ () C:\Users\thedi_000\Downloads\native-fireshot.log
2015-02-01 04:01 - 2015-02-01 04:01 - 00002853 _____ () C:\Users\thedi_000\Downloads\feedly (1).opml
2015-02-01 03:51 - 2015-02-01 03:51 - 00002853 _____ () C:\Users\thedi_000\Downloads\feedly.opml
2015-01-31 09:37 - 2015-01-31 09:37 - 00000000 ____D () C:\Users\thedi_000\Downloads\FRST-OlderVersion
2015-01-30 23:51 - 2015-01-30 23:53 - 272567715 _____ () C:\Users\thedi_000\Downloads\iretmod3.mp4
2015-01-30 15:38 - 2015-01-30 18:09 - 00148851 _____ () C:\Users\thedi_000\Downloads\Addition.txt
2015-01-30 15:34 - 2015-02-05 12:09 - 00043321 _____ () C:\Users\thedi_000\Downloads\FRST.txt
2015-01-30 15:34 - 2015-02-05 12:09 - 00000000 ____D () C:\FRST
2015-01-30 15:32 - 2015-01-31 09:37 - 02130944 _____ (Farbar) C:\Users\thedi_000\Downloads\FRST64.exe
2015-01-30 10:12 - 2015-01-30 10:12 - 00002737 _____ () C:\Users\thedi_000\Desktop\Hangouts.lnk
2015-01-29 22:06 - 2015-01-29 22:06 - 00024357 _____ () C:\Users\thedi_000\Desktop\lender-investor breakdown.7z
2015-01-29 21:25 - 2015-01-29 21:25 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup (4).exe
2015-01-29 18:16 - 2015-01-31 09:44 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-01-29 18:16 - 2015-01-31 09:44 - 00002197 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-01-29 18:16 - 2015-01-31 09:44 - 00002036 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-01-29 18:16 - 2015-01-29 18:16 - 00002127 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2015-01-29 18:16 - 2015-01-29 18:16 - 00002013 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-01-29 15:45 - 2015-01-29 15:45 - 00026452 _____ () C:\Users\thedi_000\Downloads\Final_Valuation_-_5615_Happy_Pines_Dr__Foresthill_CA_95631 (1).xlsx
2015-01-29 15:35 - 2015-01-29 15:35 - 00041784 _____ () C:\Users\thedi_000\Downloads\Bank_Account_Review.xlsx
2015-01-29 15:11 - 2015-01-29 15:11 - 00001224 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-01-29 15:11 - 2015-01-29 15:11 - 00001212 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-01-29 04:47 - 2015-01-29 04:47 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\VS Revo Group
2015-01-29 04:45 - 2015-01-29 04:45 - 00001100 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-01-29 04:45 - 2015-01-29 04:45 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-29 04:45 - 2015-01-29 04:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-29 04:45 - 2015-01-29 04:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-29 04:45 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-01-29 04:43 - 2015-01-29 04:44 - 10801480 _____ (VS Revo Group ) C:\Users\thedi_000\Downloads\RevoUninProSetup.exe
2015-01-28 19:22 - 2015-01-28 19:22 - 00002639 _____ () C:\Users\thedi_000\Desktop\feedly.lnk
2015-01-28 18:04 - 2015-01-28 18:04 - 00081030 _____ () C:\Users\thedi_000\Desktop\Simple H2G Analyzer.xlsx
2015-01-28 06:16 - 2015-01-28 06:16 - 00000000 ____D () C:\zoek
2015-01-28 05:28 - 2015-01-28 06:20 - 00000128 _____ () C:\folders.log
2015-01-28 05:17 - 2015-01-28 06:56 - 00057121 _____ () C:\zoek-results.log
2015-01-28 05:09 - 2015-01-28 07:00 - 00003330 _____ () C:\runcheck.txt
2015-01-28 05:08 - 2015-01-28 06:20 - 00000000 ____D () C:\zoek_backup
2015-01-28 04:40 - 2015-01-28 04:41 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\thedi_000\Desktop\tdsskiller.exe
2015-01-27 12:31 - 2015-01-27 12:31 - 00849352 _____ () C:\Users\thedi_000\Downloads\AppManagerSetup_1.47.exe
2015-01-26 23:01 - 2015-01-26 23:01 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup (3).exe
2015-01-26 22:57 - 2015-01-26 22:58 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Windows Live Writer
2015-01-26 22:05 - 2015-01-28 19:12 - 00000000 ___RD () C:\Users\thedi_000\Hightail
2015-01-26 22:05 - 2015-01-26 22:05 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Hightail
2015-01-26 22:05 - 2015-01-26 22:05 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Hightail
2015-01-26 22:04 - 2015-01-26 22:04 - 00002008 _____ () C:\Users\Public\Desktop\Hightail Desktop App.lnk
2015-01-26 22:04 - 2015-01-26 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hightail Desktop App
2015-01-26 22:04 - 2015-01-26 22:04 - 00000000 ____D () C:\Program Files (x86)\Hightail Desktop App
2015-01-26 21:43 - 2015-01-26 21:43 - 00001764 _____ () C:\Users\thedi_000\Desktop\Domain Filpping Template Page.html
2015-01-26 21:27 - 2015-01-26 21:28 - 18699832 _____ (Hightail, inc) C:\Users\thedi_000\Downloads\HightailDesktop.exe
2015-01-26 16:13 - 2015-01-29 04:56 - 00000000 ____D () C:\Users\thedi_000\Documents\Business-in-a-Box Files
2015-01-26 16:11 - 2015-01-26 16:11 - 00519016 _____ (Biztree Inc.) C:\Users\thedi_000\Downloads\business-in-a-box_setup.exe
2015-01-26 12:31 - 2015-01-26 12:31 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup (2).exe
2015-01-26 12:28 - 2015-01-26 12:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\thedi_000\Downloads\HijackThis.exe
2015-01-25 22:59 - 2015-01-25 22:59 - 00017925 _____ () C:\Users\thedi_000\Downloads\freshdrop.com.export.csv
2015-01-25 16:31 - 2015-01-25 16:31 - 00002481 _____ () C:\Users\thedi_000\Downloads\export (2).csv
2015-01-25 14:12 - 2015-01-25 14:12 - 00000000 ____D () C:\Users\thedi_000\Downloads\rssowl-2.2.1.windows
2015-01-25 14:10 - 2015-01-25 14:10 - 15438567 _____ () C:\Users\thedi_000\Downloads\rssowl-2.2.1.windows.zip
2015-01-25 13:34 - 2015-01-25 13:34 - 04026436 _____ (RSSOwl Team) C:\Users\thedi_000\Downloads\RSSOwl Setup 2.2.1 (2).exe
2015-01-25 13:32 - 2015-01-25 13:32 - 04026436 _____ (RSSOwl Team) C:\Users\thedi_000\Downloads\RSSOwl Setup 2.2.1 (1).exe
2015-01-25 12:09 - 2015-01-25 12:09 - 00081176 _____ () C:\Users\thedi_000\Desktop\aab05708
2015-01-25 12:02 - 2015-01-25 12:03 - 00000000 ____D () C:\Users\thedi_000\.rssowl2
2015-01-25 12:02 - 2015-01-25 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSSOwl
2015-01-25 11:31 - 2015-01-25 11:31 - 04026436 _____ (RSSOwl Team) C:\Users\thedi_000\Downloads\RSSOwl Setup 2.2.1.exe
2015-01-25 11:17 - 2015-01-25 11:17 - 00022016 ____H () C:\Users\thedi_000\Downloads\~WRL0003.tmp
2015-01-25 00:15 - 2015-01-25 00:15 - 456685609 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-25 00:15 - 2015-01-25 00:15 - 00280808 _____ () C:\WINDOWS\Minidump\012515-37500-01.dmp
2015-01-24 17:51 - 2015-01-24 17:51 - 00000119 _____ () C:\Users\thedi_000\Downloads\Export (1).csv
2015-01-24 12:00 - 2015-01-24 13:21 - 00000000 ____D () C:\AdwCleaner
2015-01-24 11:51 - 2015-01-24 11:51 - 01402880 _____ () C:\Users\thedi_000\Downloads\HiJackThis.msi
2015-01-24 11:49 - 2015-01-24 11:53 - 00002534 _____ () C:\Users\thedi_000\Desktop\Rkill.txt
2015-01-24 11:49 - 2015-01-24 11:49 - 02194432 _____ () C:\Users\thedi_000\Downloads\AdwCleaner.exe
2015-01-24 11:48 - 2015-01-24 11:48 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\thedi_000\Downloads\rkill.exe
2015-01-23 23:42 - 2015-01-24 06:30 - 00440880 _____ () C:\Users\thedi_000\Desktop\Untitled-1.psd
2015-01-23 18:59 - 2015-01-23 18:59 - 00001964 _____ () C:\Users\thedi_000\Downloads\Keyword Planner 2015-01-23 at 18-58-51.csv
2015-01-23 18:55 - 2015-01-23 18:55 - 00001964 _____ () C:\Users\thedi_000\Downloads\Keyword Planner 2015-01-23 at 18-55-36.csv
2015-01-23 09:39 - 2015-01-23 09:39 - 00000119 _____ () C:\Users\thedi_000\Downloads\Export.csv
2015-01-23 07:02 - 2015-01-23 07:02 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\googledrivesync (1).exe
2015-01-23 02:52 - 2015-01-23 02:52 - 00001271 _____ () C:\Users\thedi_000\Downloads\watchlist (1).csv
2015-01-23 02:37 - 2015-01-23 02:37 - 00001736 _____ () C:\Users\thedi_000\Downloads\Keyword Planner 2015-01-23 at 02-37-07.csv
2015-01-23 00:39 - 2015-01-23 00:39 - 00000676 _____ () C:\Users\thedi_000\Downloads\watchlist.csv
2015-01-22 23:05 - 2015-01-22 23:13 - 00010752 ___SH () C:\Users\thedi_000\Documents\Thumbs.db
2015-01-22 07:08 - 2015-01-22 07:08 - 00008232 _____ () C:\Users\thedi_000\Downloads\Keyword Planner 2015-01-22 at 07-08-04.csv
2015-01-22 02:44 - 2015-02-05 11:15 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-22 02:44 - 2015-01-22 02:44 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-22 02:35 - 2015-01-22 02:35 - 17534640 _____ (Adobe Systems Incorporated) C:\Users\thedi_000\Downloads\flashplayer16_install_win_ax.exe
2015-01-22 02:33 - 2015-01-22 02:33 - 17921712 _____ (Adobe Systems Incorporated) C:\Users\thedi_000\Downloads\flashplayer16_debug_win_ax.exe
2015-01-22 02:30 - 2015-01-22 02:30 - 00960176 _____ (Adobe Systems Incorporated) C:\Users\thedi_000\Desktop\flashplayer16_uninstall_win.exe
2015-01-22 02:25 - 2015-01-22 02:26 - 05148034 _____ (Adobe Systems Inc.) C:\Users\thedi_000\Downloads\Shockwave_Installer_Full (2).exe
2015-01-22 02:24 - 2015-02-05 10:11 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-983936870-3653672844-3623726825-1002
2015-01-22 02:21 - 2015-01-22 02:21 - 00000000 ____D () C:\ProgramData\Sun
2015-01-22 02:11 - 2015-01-22 02:11 - 00848512 _____ () C:\Users\thedi_000\Downloads\AppManagerSetup_1.46_1.exe
2015-01-22 02:02 - 2015-01-22 02:05 - 93427112 _____ (Oracle Corporation) C:\Users\thedi_000\Downloads\jre-8u31-windows-x64.exe
2015-01-22 01:41 - 2015-01-22 01:45 - 00640135 _____ () C:\Users\thedi_000\Downloads\msxml4.zip
2015-01-21 21:43 - 2015-01-21 21:43 - 04614144 _____ () C:\Users\thedi_000\Downloads\msxml6_SDK.msi
2015-01-21 21:43 - 2015-01-21 21:43 - 03753472 _____ () C:\Users\thedi_000\Downloads\msxml6_ia64.msi
2015-01-21 21:43 - 2015-01-21 21:43 - 02721280 _____ () C:\Users\thedi_000\Downloads\msxml6_x64.msi
2015-01-21 21:42 - 2015-01-21 21:43 - 01528320 _____ () C:\Users\thedi_000\Downloads\msxml6.msi
2015-01-21 21:02 - 2015-01-21 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-01-21 21:02 - 2015-01-13 10:00 - 00112640 _____ () C:\WINDOWS\SysWOW64\ff_vfw.dll
2015-01-21 21:02 - 2014-12-21 05:58 - 03570688 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll
2015-01-21 21:02 - 2014-12-21 05:57 - 03588608 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll
2015-01-21 21:02 - 2014-12-04 14:56 - 00729088 _____ () C:\WINDOWS\system32\xvidcore.dll
2015-01-21 21:02 - 2014-12-04 14:55 - 00655872 _____ () C:\WINDOWS\SysWOW64\xvidcore.dll
2015-01-21 21:02 - 2014-12-02 06:10 - 00260184 _____ () C:\WINDOWS\system32\unrar64.dll
2015-01-21 21:02 - 2014-11-14 06:12 - 00254976 _____ () C:\WINDOWS\system32\xvidvfw.dll
2015-01-21 21:02 - 2014-11-14 06:11 - 00240128 _____ () C:\WINDOWS\SysWOW64\xvidvfw.dll
2015-01-21 21:02 - 2012-07-21 03:55 - 00180736 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2015-01-21 21:02 - 2012-07-21 03:54 - 00122880 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm
2015-01-21 21:02 - 2011-12-07 10:37 - 00148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2015-01-21 21:02 - 2011-12-07 10:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll
2015-01-21 21:01 - 2015-01-21 21:02 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-01-20 21:40 - 2015-01-21 12:28 - 00500673 _____ () C:\Users\thedi_000\Desktop\Craigslist flyer.psd
2015-01-20 14:05 - 2015-01-20 14:05 - 00002297 _____ () C:\Users\Public\Desktop\Freedome.lnk
2015-01-20 14:05 - 2015-01-20 14:05 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\F-Secure
2015-01-20 14:05 - 2015-01-20 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freedome
2015-01-20 14:04 - 2015-01-20 14:04 - 00033832 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2015-01-20 14:03 - 2015-01-20 14:03 - 00000000 ____D () C:\Program Files (x86)\F-Secure
2015-01-20 14:02 - 2015-01-20 14:03 - 35325480 _____ (F-Secure Corporation) C:\Users\thedi_000\Downloads\Freedome.exe
2015-01-20 12:50 - 2015-01-20 12:50 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Panda Security
2015-01-20 12:50 - 2015-01-20 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015
2015-01-20 12:41 - 2015-01-20 12:42 - 58209912 _____ () C:\Users\thedi_000\Downloads\GP15.exe
2015-01-20 10:42 - 2015-01-20 10:42 - 00000000 ____D () C:\Users\thedi_000\Tracing
2015-01-20 10:41 - 2015-01-20 10:43 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\XMind
2015-01-20 10:40 - 2015-01-20 10:40 - 00000000 ____D () C:\WINDOWS\en
2015-01-20 10:39 - 2015-01-20 10:39 - 00001288 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-01-20 10:39 - 2015-01-20 10:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-20 10:38 - 2015-01-20 10:38 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-01-20 10:38 - 2015-01-20 10:38 - 00001441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-01-20 10:38 - 2015-01-20 10:38 - 00000968 _____ () C:\Users\thedi_000\Desktop\XMind 6.lnk
2015-01-20 10:38 - 2015-01-20 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
2015-01-20 10:36 - 2015-01-20 10:41 - 00000000 ____D () C:\Program Files (x86)\XMind
2015-01-20 10:36 - 2015-01-20 10:36 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-20 10:34 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-01-20 10:34 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2015-01-20 10:34 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2015-01-20 10:34 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-01-20 10:34 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-01-20 10:34 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-01-20 10:34 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-01-20 10:34 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-01-20 10:33 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2015-01-20 10:33 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2015-01-20 10:31 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2015-01-20 10:31 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2015-01-20 10:30 - 2015-01-20 10:32 - 119220575 _____ (XMind Ltd. ) C:\Users\thedi_000\Downloads\xmind-windows-3.5.1.201411201906 (1).exe
2015-01-20 10:29 - 2015-01-20 10:32 - 119220575 _____ (XMind Ltd. ) C:\Users\thedi_000\Downloads\xmind-windows-3.5.1.201411201906.exe
2015-01-20 10:13 - 2015-01-20 10:14 - 37077863 _____ ( ) C:\Users\thedi_000\Downloads\K-Lite_Codec_Pack_1095_Mega.exe
2015-01-20 10:13 - 2015-01-20 10:14 - 13827960 _____ (Adobe Systems Inc.) C:\Users\thedi_000\Downloads\Shockwave_Installer_Full.exe
2015-01-20 10:13 - 2015-01-20 10:13 - 01239752 _____ (Microsoft Corporation) C:\Users\thedi_000\Downloads\wlsetup-web.exe
2015-01-20 10:12 - 2015-01-20 10:12 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup (1).exe
2015-01-20 10:11 - 2015-01-20 10:11 - 17189552 _____ (Adobe Systems Incorporated) C:\Users\thedi_000\Downloads\flashplayer16_install_win_ppapi.exe
2015-01-20 01:51 - 2015-01-20 01:51 - 00000000 ____D () C:\Users\thedi_000\Documents\Adobe
2015-01-20 01:37 - 2015-01-20 01:37 - 00001053 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2015-01-20 00:59 - 2015-02-05 09:46 - 00000000 ___RD () C:\Users\thedi_000\Google Drive
2015-01-20 00:59 - 2015-01-20 00:59 - 00001745 _____ () C:\Users\thedi_000\Desktop\Google Drive.lnk
2015-01-20 00:56 - 2015-01-23 07:05 - 00002025 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-20 00:56 - 2015-01-23 07:05 - 00002023 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-20 00:56 - 2015-01-23 07:05 - 00002013 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-20 00:56 - 2015-01-23 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-20 00:55 - 2015-01-20 00:55 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\googledrivesync.exe
2015-01-19 23:05 - 2015-01-19 23:05 - 00016560 _____ () C:\Users\thedi_000\Downloads\cash_buyers (2).csv
2015-01-19 21:59 - 2015-01-19 21:59 - 00006658 _____ () C:\Users\thedi_000\Downloads\cash_buyers (1).csv
2015-01-19 04:01 - 2015-01-19 04:01 - 00015979 _____ () C:\Users\thedi_000\Downloads\Brian Hilaire Craigslist Leads 1-18.xlsx
2015-01-19 04:00 - 2015-01-19 04:00 - 00015979 _____ () C:\Users\thedi_000\Desktop\Brian Hilaire Craigslist Leads 1-18.xlsx
2015-01-18 21:04 - 2015-01-18 21:04 - 00067918 _____ () C:\Users\thedi_000\Downloads\Craigslist_Phone_Number 1.18.15 (1).xlsx
2015-01-18 20:34 - 2015-01-18 20:34 - 00067918 _____ () C:\Users\thedi_000\Downloads\Craigslist_Phone_Number 1.18.15.xlsx
2015-01-18 18:33 - 2015-01-18 18:47 - 00026914 _____ () C:\Users\thedi_000\Desktop\lender-investor breakdown1.xlsx
2015-01-18 18:07 - 2015-01-18 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-18 18:06 - 2015-01-18 18:06 - 00000000 ____D () C:\Program Files\7-Zip
2015-01-18 17:59 - 2015-01-18 18:00 - 01513472 _____ () C:\Users\thedi_000\Downloads\7z938-x64.msi
2015-01-18 17:59 - 2015-01-18 17:59 - 00880784 _____ (Google Inc.) C:\Users\thedi_000\Downloads\ChromeSetup.exe
2015-01-18 17:13 - 2015-01-18 18:16 - 00028096 _____ () C:\Users\thedi_000\Desktop\lender-investor breakdown.xls
2015-01-18 12:06 - 2015-01-18 17:13 - 00028118 _____ () C:\Users\thedi_000\Downloads\lender-investor breakdown.xlsx
2015-01-17 22:43 - 2015-01-17 22:43 - 00000922 _____ () C:\Users\thedi_000\Downloads\Cash_Buyers-01_18_2015_-_16_Recipients.txt
2015-01-17 22:36 - 2015-01-17 22:36 - 00041647 _____ () C:\Users\thedi_000\Downloads\clever-docs (1).zip
2015-01-17 22:36 - 2015-01-17 22:36 - 00014819 _____ () C:\Users\thedi_000\Downloads\clever-investor-sales-worksheet (1).xls
2015-01-17 22:36 - 2015-01-17 22:36 - 00014582 _____ () C:\Users\thedi_000\Downloads\clever-investor-rental-worksheet.xls
2015-01-17 22:36 - 2015-01-17 22:36 - 00013033 _____ () C:\Users\thedi_000\Downloads\clever-investor-retirement-worksheet.xls
2015-01-17 22:35 - 2015-01-17 22:35 - 00049436 _____ () C:\Users\thedi_000\Downloads\landlord.zip
2015-01-17 22:35 - 2015-01-17 22:35 - 00045153 _____ () C:\Users\thedi_000\Downloads\wholesale (1).zip
2015-01-17 22:34 - 2015-01-17 22:34 - 03193271 _____ () C:\Users\thedi_000\Downloads\Seller-In-Home-Presentation-Keynote.key
2015-01-17 22:34 - 2015-01-17 22:34 - 02523136 _____ () C:\Users\thedi_000\Downloads\Seller-In-Home-Presentation-Powerpoint.ppt
2015-01-17 22:33 - 2015-01-17 22:33 - 00084619 _____ () C:\Users\thedi_000\Downloads\FastTrack_Offer_Return_Calculator_1.xlsx
2015-01-17 22:33 - 2015-01-17 22:33 - 00023552 _____ () C:\Users\thedi_000\Downloads\Property_Evaluator_Tool.xls
2015-01-17 22:30 - 2015-01-17 22:31 - 03301019 _____ () C:\Users\thedi_000\Downloads\yourwholesalingbusinessmindmap (1).xmind
2015-01-17 22:30 - 2015-01-17 22:30 - 00045153 _____ () C:\Users\thedi_000\Downloads\wholesale.zip
2015-01-17 22:30 - 2015-01-17 22:30 - 00041647 _____ () C:\Users\thedi_000\Downloads\clever-docs.zip
2015-01-17 22:29 - 2015-01-17 22:29 - 00014819 _____ () C:\Users\thedi_000\Downloads\clever-investor-sales-worksheet.xls
2015-01-17 22:27 - 2015-01-17 22:27 - 00166912 _____ () C:\Users\thedi_000\Downloads\expense-budget-report.xls
2015-01-17 22:26 - 2015-01-17 22:26 - 33397022 _____ () C:\Users\thedi_000\Downloads\emailmachine-tour.zip
2015-01-17 22:26 - 2015-01-17 22:26 - 03301019 _____ () C:\Users\thedi_000\Downloads\yourwholesalingbusinessmindmap.xmind
2015-01-17 22:12 - 2015-01-28 00:06 - 00002027 _____ () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2015-01-17 22:12 - 2015-01-28 00:06 - 00001997 _____ () C:\Users\thedi_000\Desktop\FileHippo App Manager.lnk
2015-01-17 22:12 - 2015-01-22 02:18 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2015-01-17 22:12 - 2015-01-17 22:12 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-01-17 22:11 - 2015-01-29 05:08 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-01-17 22:11 - 2015-01-17 22:11 - 00510776 _____ () C:\Users\thedi_000\Downloads\AppManagerSetup_1.45.exe
2015-01-17 22:10 - 2015-01-17 22:10 - 05490752 _____ (Secunia) C:\Users\thedi_000\Downloads\PSISetup.exe
2015-01-17 22:06 - 2014-04-15 15:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-17 22:06 - 2014-04-15 15:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-17 21:40 - 2015-01-17 21:44 - 00000326 _____ () C:\DelFix.txt
2015-01-17 20:05 - 2015-01-17 20:05 - 00001907 _____ () C:\Users\thedi_000\Downloads\cash_buyers.csv
2015-01-17 11:52 - 2015-01-29 22:09 - 00000000 ____D () C:\Users\thedi_000\Desktop\Gold-Oil
2015-01-16 11:38 - 2015-01-16 11:38 - 00281773 _____ () C:\Users\thedi_000\AppData\Local\census.cache
2015-01-16 11:38 - 2015-01-16 11:38 - 00220213 _____ () C:\Users\thedi_000\AppData\Local\ars.cache
2015-01-16 05:39 - 2015-01-16 05:39 - 00000000 ____D () C:\Users\thedi_000\Downloads\FontShop_780232
2015-01-16 05:38 - 2015-01-16 05:38 - 02011687 _____ () C:\Users\thedi_000\Downloads\FontShop_780232.zip
2015-01-15 00:12 - 2015-01-15 00:12 - 00010918 _____ () C:\Users\thedi_000\Downloads\13 Properties.csv
2015-01-14 17:18 - 2015-01-14 17:18 - 00000000 ____D () C:\Users\thedi_000\Downloads\kitchen-3
2015-01-14 17:17 - 2015-01-14 17:17 - 01013241 _____ () C:\Users\thedi_000\Downloads\kitchen-3.zip
2015-01-14 15:03 - 2015-01-14 15:03 - 05197824 _____ () C:\Users\thedi_000\Downloads\HPSupportSolutionsFramework-en-11.51.0048 (1).msi
2015-01-14 12:56 - 2015-01-14 12:56 - 00041770 _____ () C:\Users\thedi_000\Downloads\Loan_Review_Checklist_5615_Happy_Pines_Drive_-_Finish_Line_Inv_Prop.xlsx
2015-01-14 12:56 - 2015-01-14 12:56 - 00026953 _____ () C:\Users\thedi_000\Downloads\Final_Valuation_-_5615_Happy_Pines_Dr__Foresthill_CA_95631.xlsx
2015-01-14 12:24 - 2015-01-14 12:24 - 00001745 _____ () C:\Users\thedi_000\Downloads\ShalynBlevins.pfx
2015-01-14 03:38 - 2014-12-18 22:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 03:38 - 2014-12-11 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 03:38 - 2014-12-11 16:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 03:38 - 2014-12-08 17:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 03:38 - 2014-12-08 11:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 03:38 - 2014-12-08 11:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 03:38 - 2014-12-05 19:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 03:38 - 2014-12-05 17:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 03:38 - 2014-12-05 17:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 17:04 - 2015-01-13 17:04 - 03644277 _____ () C:\Users\thedi_000\Downloads\aab10348
2015-01-13 10:56 - 2015-01-29 22:09 - 00000000 ____D () C:\Users\thedi_000\Desktop\Statements
2015-01-12 22:33 - 2015-01-12 22:22 - 02070839 _____ () C:\Users\thedi_000\Desktop\Synergy Fax pg1.jpeg
2015-01-12 22:32 - 2015-01-12 22:23 - 01821422 _____ () C:\Users\thedi_000\Desktop\Synergy Fax pg2.jpeg
2015-01-12 22:21 - 2015-01-12 22:21 - 00000000 ____D () C:\Users\thedi_000\Documents\Fax
2015-01-12 22:14 - 2015-01-17 21:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-12 21:32 - 2015-01-17 23:23 - 00000000 _____ () C:\WINDOWS\DCEBOOT.LOG
2015-01-12 20:27 - 2015-01-12 20:27 - 00000029 _____ () C:\WINDOWS\MRTK.INI
2015-01-12 20:06 - 2015-01-17 21:43 - 00236080 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
2015-01-12 20:06 - 2015-01-17 21:42 - 00025136 _____ (Trend Micro Inc.) C:\WINDOWS\DCEBoot64.exe
2015-01-12 20:02 - 2015-01-12 20:03 - 108604496 _____ (Sophos Limited) C:\Users\thedi_000\Desktop\Sophos Virus Removal Tool (1).exe
2015-01-11 13:55 - 2015-01-11 15:14 - 00002883 _____ () C:\Users\thedi_000\Desktop\6 Properties.csv
2015-01-11 01:24 - 2015-01-11 01:24 - 00000000 ____D () C:\ProgramData\Satori Software Inc
2015-01-11 00:48 - 2015-01-11 00:48 - 00002121 _____ () C:\Users\Public\Desktop\Bulk Mailer Standard.lnk
2015-01-11 00:42 - 2015-01-11 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Mailer
2015-01-11 00:42 - 2015-01-11 00:42 - 00000564 _____ () C:\Users\Public\Desktop\My Bulk Mailer Files.lnk
2015-01-11 00:41 - 2015-01-12 20:27 - 00000000 ____D () C:\My Bulk Mailer Files
2015-01-11 00:41 - 2015-01-11 00:41 - 00000000 ____D () C:\Program Files (x86)\Satori Software
2015-01-11 00:38 - 2015-01-11 00:38 - 00001283 _____ () C:\Users\thedi_000\Desktop\bmusprofessional1201.2014.166746 - Shortcut.lnk
2015-01-10 23:58 - 2015-01-11 00:30 - 00000000 ____D () C:\Users\thedi_000\bmusprofessional1201.2014.166746
2015-01-10 12:01 - 2015-02-05 09:36 - 00008903 _____ () C:\WINDOWS\setupact.log
2015-01-10 12:01 - 2015-01-10 12:01 - 00002825 _____ () C:\Users\Public\Desktop\Profound Sound cSharp.lnk
2015-01-10 12:01 - 2012-09-26 21:09 - 00000000 _____ () C:\WINDOWS\system32\ProfoundSoundActivator.dat
2015-01-10 12:00 - 2015-01-10 12:00 - 00000000 ____D () C:\Users\thedi_000\__MACOSX
2015-01-10 11:28 - 2015-01-10 11:29 - 16572515 _____ () C:\Users\thedi_000\Downloads\PSCSharpWin7 (1).zip
2015-01-10 01:06 - 2015-01-10 01:43 - 3415296307 _____ () C:\Users\thedi_000\Downloads\bmusprofessional1201.2014.166746.zip
2015-01-09 23:57 - 2015-01-09 23:57 - 00006266 _____ () C:\WINDOWS\SysWOW64\BroomData.bit
2015-01-09 23:57 - 2013-04-08 16:30 - 00022752 _____ () C:\WINDOWS\system32\PCloudBroom64.exe
2015-01-09 19:44 - 2015-01-09 19:44 - 00000000 ____D () C:\Users\thedi_000\Downloads\Flash Player
2015-01-09 17:10 - 2015-01-11 00:05 - 00200704 _____ () C:\Users\thedi_000\Downloads\NewList01-09-15a.xls
2015-01-09 00:56 - 2015-01-09 00:56 - 00778456 _____ (Webroot) C:\Users\thedi_000\Downloads\sysbbanalyzer (1).exe
2015-01-09 00:40 - 2015-01-09 00:40 - 01508672 _____ (LogMeIn, Inc.) C:\Users\thedi_000\Downloads\Support-LogMeInRescue (3).exe
2015-01-09 00:40 - 2015-01-09 00:40 - 00002287 _____ () C:\Users\thedi_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geek Squad Online Support (7).lnk
2015-01-09 00:39 - 2015-01-09 00:39 - 01508672 _____ (LogMeIn, Inc.) C:\Users\thedi_000\Downloads\Support-LogMeInRescue (2).exe
2015-01-06 23:11 - 2015-01-06 23:13 - 34854837 _____ () C:\Users\thedi_000\Downloads\Shalyn.psd
2015-01-06 10:40 - 2015-01-06 10:40 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2015-01-06 10:36 - 2015-01-06 10:36 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2015-01-06 10:09 - 2015-01-06 10:10 - 41454934 _____ () C:\Users\thedi_000\Downloads\New-Investor-InDesign-Files.zip
2015-01-06 10:09 - 2015-01-06 10:10 - 23179231 _____ () C:\Users\thedi_000\Downloads\New Investor Graphics.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-05 12:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-05 11:58 - 2014-05-29 00:34 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 11:29 - 2014-12-31 17:35 - 00000612 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-983936870-3653672844-3623726825-1002.job
2015-02-05 11:23 - 2014-05-22 17:32 - 01466114 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-05 10:20 - 2014-11-12 15:52 - 00000215 _____ () C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2015-02-05 10:15 - 2014-12-17 01:08 - 00005004 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for FINISHLINEIP-thedi_000 FinishLineIP
2015-02-05 09:56 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-05 09:46 - 2014-05-29 00:34 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-05 09:46 - 2014-04-09 22:49 - 00000000 ___DO () C:\Users\thedi_000\OneDrive
2015-02-05 09:45 - 2014-11-01 08:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 09:45 - 2014-04-09 04:41 - 00003620 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-02-05 09:37 - 2013-11-20 09:44 - 00001060 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2015-02-05 09:36 - 2014-04-09 04:41 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2015-02-05 09:36 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-05 09:34 - 2013-08-22 07:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-02-05 09:33 - 2013-08-22 05:25 - 00262144 _____ () C:\WINDOWS\system32\config\BBI
2015-02-05 02:29 - 2014-02-08 15:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-05 02:17 - 2014-03-18 02:03 - 00974580 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-05 01:09 - 2014-04-26 23:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-05 00:45 - 2014-12-30 23:00 - 01966080 ___SH () C:\Users\thedi_000\Desktop\Thumbs.db
2015-02-05 00:45 - 2014-04-16 22:22 - 00000000 ____D () C:\Users\thedi_000\Desktop\extra
2015-02-04 18:55 - 2014-03-31 20:43 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Packages
2015-02-04 04:44 - 2014-04-05 18:35 - 02379776 ___SH () C:\Users\thedi_000\Downloads\Thumbs.db
2015-02-04 01:35 - 2014-12-21 09:15 - 00003196 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForthedi_000
2015-02-04 01:35 - 2014-12-21 09:15 - 00000374 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForthedi_000.job
2015-02-02 21:20 - 2014-12-02 03:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-02-02 21:19 - 2014-12-02 03:19 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-02 21:00 - 2014-03-31 20:47 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Adobe
2015-02-02 02:00 - 2014-04-26 23:24 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Adobe
2015-01-31 09:29 - 2014-04-24 00:32 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\CrashDumps
2015-01-31 09:29 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-30 10:11 - 2014-04-14 00:54 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Citrix
2015-01-29 22:24 - 2014-12-22 13:33 - 00000000 ____D () C:\Program Files\Trend Micro
2015-01-29 22:23 - 2014-12-22 13:34 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-01-29 22:23 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\ELAMBKUP
2015-01-29 22:21 - 2015-01-05 15:14 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Trend Micro
2015-01-29 22:00 - 2014-04-16 22:51 - 00000000 ____D () C:\Users\thedi_000\Desktop\Finish Line
2015-01-29 21:11 - 2013-08-22 06:44 - 00450784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-29 18:13 - 2014-04-21 13:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-29 18:12 - 2014-04-24 01:44 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-29 14:13 - 2014-12-30 11:17 - 00000000 ____D () C:\ProgramData\Sophos
2015-01-29 03:18 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-29 03:07 - 2014-04-09 21:54 - 00000000 ____D () C:\Users\thedi_000
2015-01-29 03:05 - 2014-12-22 13:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-29 01:04 - 2014-11-07 00:55 - 00000000 ____D () C:\Program Files (x86)\Slots of Vegas
2015-01-28 19:31 - 2014-11-12 14:57 - 00007616 _____ () C:\Users\thedi_000\AppData\Local\resmon.resmoncfg
2015-01-28 06:20 - 2013-08-22 07:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-28 06:20 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-01-27 19:37 - 2014-11-09 03:48 - 00000000 ____D () C:\Program Files (x86)\Cool Cat Casino
2015-01-27 09:23 - 2014-12-31 17:35 - 00003628 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-983936870-3653672844-3623726825-1002
2015-01-26 22:57 - 2014-04-05 18:54 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Windows Live
2015-01-26 22:01 - 2014-04-09 04:27 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Downloaded Installations
2015-01-26 19:32 - 2014-03-31 23:01 - 00000000 ____D () C:\Users\thedi_000\Documents\Youcam
2015-01-25 00:15 - 2014-12-31 10:57 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-24 13:28 - 2014-03-31 20:44 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\VirtualStore
2015-01-24 12:20 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 12:20 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 00:18 - 2012-08-03 16:02 - 00000000 ____D () C:\SWSetup
2015-01-22 23:18 - 2014-04-08 10:28 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-22 23:01 - 2014-04-08 10:28 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-22 02:20 - 2014-12-21 18:56 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-01-22 02:19 - 2014-12-21 18:56 - 00000000 ____D () C:\Program Files\Java
2015-01-22 01:50 - 2014-04-26 22:20 - 00000000 ____D () C:\Users\thedi_000\Desktop\Tax Info
2015-01-20 14:03 - 2015-01-04 16:37 - 00000000 ____D () C:\ProgramData\F-Secure
2015-01-20 12:51 - 2015-01-03 15:54 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-20 10:39 - 2013-04-27 18:46 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-01-20 10:38 - 2013-04-27 18:45 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-20 02:39 - 2013-08-22 05:25 - 00262144 _____ () C:\WINDOWS\system32\config\ELAM
2015-01-20 01:33 - 2014-11-10 01:58 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 00:56 - 2014-03-31 20:59 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Google
2015-01-20 00:56 - 2014-03-31 20:59 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-19 04:00 - 2014-12-31 20:20 - 00000000 ___SD () C:\Users\thedi_000\Documents\My Data Sources
2015-01-17 22:05 - 2014-04-05 18:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-17 22:03 - 2014-04-15 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-17 21:48 - 2014-04-05 18:33 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-17 21:23 - 2015-01-03 18:48 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\HpUpdate
2015-01-17 19:23 - 2014-04-16 22:21 - 00000000 ____D () C:\Users\thedi_000\Desktop\Unused
2015-01-17 19:21 - 2014-04-24 01:33 - 00000000 ____D () C:\Users\thedi_000\Desktop\Adobe Photoshop Elements 8
2015-01-17 17:23 - 2014-04-26 23:38 - 00000000 ____D () C:\Users\thedi_000\AppData\Roaming\Apple Computer
2015-01-17 15:39 - 2014-04-26 23:38 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\Apple Computer
2015-01-16 12:03 - 2014-12-22 13:33 - 00000036 _____ () C:\Users\thedi_000\AppData\Local\housecall.guid.cache
2015-01-16 11:27 - 2014-12-22 17:04 - 00000010 _____ () C:\Users\thedi_000\AppData\Local\sponge.last.runtime.cache
2015-01-14 21:19 - 2014-12-23 04:12 - 00000000 ____D () C:\ProgramData\WRData
2015-01-14 15:08 - 2015-01-03 18:47 - 00000000 ____D () C:\ProgramData\HP
2015-01-14 15:07 - 2014-06-25 00:12 - 00000000 ____D () C:\Program Files (x86)\Hp
2015-01-14 04:11 - 2014-04-21 16:39 - 00005120 _____ () C:\Users\thedi_000\AppData\Local\file__0.localstorage
2015-01-11 00:42 - 2013-04-27 18:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-11 00:41 - 2013-04-27 18:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-10 23:46 - 2014-12-23 04:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-09 22:35 - 2014-05-22 15:57 - 00000000 ____D () C:\Users\thedi_000\AppData\Local\LogMeIn Rescue Applet
2015-01-09 01:27 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-01-09 01:05 - 2014-12-21 18:55 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-06 10:29 - 2014-11-08 16:50 - 00000000 ____D () C:\Program Files\Common Files\Adobe
 
==================== Files in the root of some directories =======
 
2014-05-22 17:52 - 2014-05-22 17:52 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-01-02 14:21 - 2015-01-02 20:46 - 0000033 _____ () C:\Users\thedi_000\AppData\Roaming\AdobeWLCMCache.dat
2014-12-28 10:01 - 2014-12-28 10:01 - 0000000 _____ () C:\Users\thedi_000\AppData\Roaming\tmcef.log
2015-01-16 11:38 - 2015-01-16 11:38 - 0220213 _____ () C:\Users\thedi_000\AppData\Local\ars.cache
2015-01-16 11:38 - 2015-01-16 11:38 - 0281773 _____ () C:\Users\thedi_000\AppData\Local\census.cache
2014-04-21 16:39 - 2015-01-14 04:11 - 0005120 _____ () C:\Users\thedi_000\AppData\Local\file__0.localstorage
2014-12-22 13:33 - 2015-01-16 12:03 - 0000036 _____ () C:\Users\thedi_000\AppData\Local\housecall.guid.cache
2014-11-12 14:57 - 2015-01-28 19:31 - 0007616 _____ () C:\Users\thedi_000\AppData\Local\resmon.resmoncfg
2014-12-22 17:04 - 2015-01-16 11:27 - 0000010 _____ () C:\Users\thedi_000\AppData\Local\sponge.last.runtime.cache
2015-01-03 18:47 - 2015-01-03 18:47 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Windows\Tasks\{0CD895CD-99A6-4098-A39B-EB0DBAE0E5C1}.job
 
 
Some content of TEMP:
====================
C:\Users\thedi_000\AppData\Local\Temp\utt1E90.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-01 04:20
 
==================== End Of Log ============================


#5 polskamachina

polskamachina

  • Malware Response Team
  • 3,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 07 February 2015 - 10:30 PM

Hi abeattie3 :)
 

My name is polskamachina and I will be assisting you with your malware problems. Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#6 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 08 February 2015 - 02:46 AM

Hey there thanks so much for your help on this its getting a little crazy on the amount of stuff that keeps happening.



#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 09 February 2015 - 03:29 PM

Hi abeattie3 :)
 
My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's get started:
 
Please download AdwCleaner by Xplode and save it to your Desktop.

  • Right-click and select Run As Administrator on AdwCleaner.exe to run the tool.
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Let me know if you have any questions.
 
polskamachina



#8 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 09 February 2015 - 07:11 PM

Done here is the scan.  Just as a clarification did you want me to actually run the tool and clean it or simply post the log

 

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 15:43:14
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : thedi_000 - FINISHLINEIP
# Running from : C:\Users\thedi_000\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v42.0.2292.0
 
*************************
 
AdwCleaner[R0].txt - [1146 bytes] - [24/01/2015 12:01:00]
AdwCleaner[R1].txt - [1062 bytes] - [09/02/2015 15:43:14]
AdwCleaner[S0].txt - [1213 bytes] - [24/01/2015 13:21:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1180 bytes] ##########


#9 polskamachina

polskamachina

  • Malware Response Team
  • 3,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 10 February 2015 - 01:46 AM

Hi abeattie3 :)

 

To answer you question about cleaning the adware, the normal procedure is to run the scan first. Then you should have a look at the log and let me know if there's anything in the log that you want to keep. If you don't understand everything in the log, that's OK. Much of it is very technical. Anything that gets removed with the clean button gets backed up anyway and can be restored if necessary.

 

I'll get back to you with more instructions soon.

 

polskamachina



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 11 February 2015 - 12:17 PM

Hi abeattie3 :)
 
Right-click on AdwCleaner and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • Once the scan has completed, this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Let me know if you have any questions. How is your computer performing now?
 
polskamachina



#11 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 11 February 2015 - 04:09 PM

the computer is running a little better but it is still really laggy and super slopw and I am comstantly getting the flash installer message about every 10 minutes although it is being blocked by panda
 
# AdwCleaner v4.110 - Logfile created 11/02/2015 at 12:48:19
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : thedi_000 - FINISHLINEIP
# Running from : C:\Users\thedi_000\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg
File Deleted : C:\Users\thedi_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v42.0.2298.0
 
 
*************************
 
AdwCleaner[R0].txt - [1146 bytes] - [24/01/2015 12:01:00]
AdwCleaner[R1].txt - [1259 bytes] - [09/02/2015 15:43:14]
AdwCleaner[R2].txt - [1318 bytes] - [11/02/2015 12:37:57]
AdwCleaner[S0].txt - [1213 bytes] - [24/01/2015 13:21:02]
AdwCleaner[S1].txt - [1253 bytes] - [11/02/2015 12:48:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1312  bytes] ##########


#12 polskamachina

polskamachina

  • Malware Response Team
  • 3,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 14 February 2015 - 03:20 PM

Hi abeattie3 :)

 

I'm still working on your next set of steps. Please be patient.

 

polskamachina



#13 polskamachina

polskamachina

  • Malware Response Team
  • 3,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 15 February 2015 - 11:47 AM

Hi abeattie3 :)
 
We need to run a fix with FRST64.

Please downoad the attached file txt.gif  fixlist.txt   2.95KB into the same location as FRST64.exe which in your situation would be: C:\Users\thedi_000\Downloads

The fix will not work unless they are in the same location.

Next:

  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST64 will generate a log Fixlog.txt in the C:\Users\thedi_000\Downloads folder. Please copy and paste the log into your next reply to me.

Next:
 
Please reopen the Malwarebytes Anti-Malware program and run another scan.

  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Finally:
 
Please rerun the FRST64 program. When the FRST window opens, please check the box for, Addition.txt, then click on the Scan button. When the scan has completed, please copy and paste the FRST.txt log and the Addition.txt log into your next reply to me.
 
To summarize, please copy and paste the following four items:

  • Fixlog.txt
  • mbam log
  • FRST.txt
  • Addition.txt

Let me know if you have any questions. How is your computer performing now?
 
poslakamachina



#14 abeattie3

abeattie3
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 15 February 2015 - 07:07 PM

poslakamachina,

 

The link for the Fixlist just takes me back to this thread.  If there another place I can get it?



#15 polskamachina

polskamachina

  • Malware Response Team
  • 3,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 AM

Posted 15 February 2015 - 10:07 PM

Hi abeattie3 :)

 

Sorry about the bad link for the fixlist.txt. Try this.

 

polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users