Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All the tricks you have taught me [Solved]


  • This topic is locked This topic is locked

#1
bhzendner

bhzendner

    Member

  • Member
  • PipPipPip
  • 219 posts
You guys are the best, this one has me going. Malware found lots but now scans clean, same with superantispyware, also ran trend it found two now clean.
But my browser acts possessed.
Please help.
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Let's get a look at your system and see what's bothering it.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: FRST Scan


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.



Step 2: Scan with aswMBR


  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit



Things I need to see in your next post:

FRST Log

Addition.txt Log

aswMBR Log

  • 0

#3
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Jose at 2014-03-11 10:33:16
Running from C:\Users\Jose\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: "Endpoint Antivirus" (Disabled - Up to date) {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
AS: "Endpoint Antivirus" (Disabled - Up to date) {ECD425A9-8C8F-D447-4EAB-6F599E267857}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Classic Shell (HKLM\...\{BF8CC8E1-3D54-4A54-B985-5190F18AFDBB}) (Version: 4.0.0 - IvoSoft)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Endpoint Antivirus 64b (HKLM\...\{62E0EDA5-EC2F-481D-8A3E-CF79A925B3B4}) (Version: 5.0.2 - Total Defense)
Endpoint Security (HKLM-x32\...\{6D3687A4-4F95-4144-9B81-6FE6DA532013}) (Version: 5.0.8.0304 - Cloud Security Team)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Search module (HKLM-x32\...\Search module) (Version: - Search Module)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Web Launcher (HKCU\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)

==================== Restore Points =========================

02-03-2014 22:49:50 RegClean Pro Sun, Mar 02, 14 16:49
04-03-2014 20:46:17 Installed LogMeIn
06-03-2014 16:37:19 Revo Uninstaller Pro's restore point - cloud
06-03-2014 16:39:40 Revo Uninstaller Pro's restore point -
06-03-2014 16:45:59 Revo Uninstaller Pro's restore point - cloudclient
06-03-2014 16:52:54 Revo Uninstaller Pro's restore point - mcafee
06-03-2014 16:53:46 Revo Uninstaller Pro's restore point - SUPERAntiSpyware

==================== Scheduled Tasks (whitelisted) =============

Task: {0354134E-C304-4964-AF07-5A3AE8A92C74} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {05AB1C6B-AE7C-400E-A13B-7F406A5E7DC6} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
Task: {06DAE39B-A1E2-4D1F-90F5-15B27C681F18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {0995584B-6472-492A-8881-1F4859CAA9BA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {41B0A315-B34B-48A9-91A4-6222C9D5533D} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-02-28] (Glarysoft Ltd)
Task: {43745743-8698-4ECC-82E4-B149B14110DF} - System32\Tasks\Dell\Dell Product Registration (Jose) => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {44EFF698-53D0-47A0-AF9B-F4C2ED0662B1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-02] (Microsoft Corporation)
Task: {47731804-54EB-4C0F-9F37-915628E90180} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {5095AE42-C15C-48D3-99DE-9C96C484F327} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-02-26] (Glarysoft Ltd)
Task: {51F14170-13FB-4622-AAC5-91D4D8FA7385} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {5ABF9AE7-89B7-4D3E-8F4E-9FB8A0DF7E70} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {628E6F1B-D13D-47D8-A5C5-EDBAA8CD2BD3} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {6BC1232B-7E6F-4DBD-ABA4-AC2EF2D4E4B0} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {6E5602F9-E6DA-4D70-8347-F01A4C0AD408} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1
Task: {7A4EB64F-4E93-43FB-B567-3959F603DF78} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {7ABFE721-AD14-412C-8087-54E0487F55C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {80F565A2-D34C-4398-AC65-2B096BEF2205} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe
Task: {8FFFF1F5-DC39-4EB1-8A3D-2E85B6976E5A} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.0.0.27\jsdrv.exe
Task: {97936C70-FDB0-4837-BEA1-A65BA63030AB} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
Task: {A45222EB-7CA8-4D53-A402-67A4B343C3B8} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-12-05] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BA10711E-CF2C-4C97-AF8E-1569A2DDE9BF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BE0FAF40-B1CC-467C-B5BA-944FE211B076} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D9524426-15F4-4B69-8417-C671063E6001} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-03 15:52 - 2014-03-03 15:52 - 00594432 _____ () C:\Program Files (x86)\CloudClient\isfacs.exe
2014-03-02 17:16 - 2012-11-24 18:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-03-02 17:16 - 2012-12-07 08:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-03-02 17:16 - 2012-12-07 08:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-12-05 05:08 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-02 17:19 - 2014-03-02 17:19 - 06522944 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-04 19:14 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-12-05 04:23 - 2012-07-25 15:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-06 10:48 - 2014-03-06 10:48 - 01179136 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\cce138051887d83dccffdc206031b09f\Windows.UI.ni.dll
2012-07-25 15:44 - 2012-07-25 15:35 - 00036864 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
2014-03-04 17:56 - 2014-03-04 17:56 - 00295936 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\674a093211b1f8a3e570f640741e3b98\Windows.Foundation.ni.dll
2014-03-05 04:02 - 2014-03-05 04:02 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll
2013-12-05 05:02 - 2012-07-18 14:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-26 00:39 - 2014-02-26 00:39 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 4\zlib1.dll
2013-12-05 05:07 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-02 17:16 - 2014-03-02 17:16 - 00312896 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-03-02 17:16 - 2014-03-02 17:16 - 00354368 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2014-03-02 17:18 - 2014-03-02 17:18 - 01014336 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2014-03-04 03:39 - 2014-03-04 03:39 - 01011560 _____ () C:\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2014 03:16:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x136c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (03/10/2014 00:08:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: QUATRINEDESKTOP)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.

Error: (03/09/2014 01:46:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x38
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (03/07/2014 06:16:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x15f8
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (03/07/2014 00:37:13 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 33.0.1750.146 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d44

Start Time: 01cf3963304b1ae6

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 1d999ba4-a61f-11e3-be74-c81f662161a3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/07/2014 00:26:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16798, time stamp: 0x52ec7dc3
Faulting module name: smei64.dll, version: 0.0.0.0, time stamp: 0x53159130
Exception code: 0xc0000005
Fault offset: 0x0000000000020be8
Faulting process id: 0x1b6c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (03/07/2014 11:59:56 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16798 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1afc

Start Time: 01cf3a269f715197

Termination Time: 8

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: e59ae981-a619-11e3-be74-c81f662161a3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/07/2014 11:59:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16798, time stamp: 0x52ec7dc3
Faulting module name: smei64.dll, version: 0.0.0.0, time stamp: 0x53159130
Exception code: 0xc0000005
Fault offset: 0x0000000000020be8
Faulting process id: 0x195c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (03/07/2014 11:09:14 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16798 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1314

Start Time: 01cf3a1f7b2551c5

Termination Time: 5

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: d0292f8c-a612-11e3-be74-c81f662161a3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/07/2014 11:08:21 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16798 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1968

Start Time: 01cf3a1f5872b602

Termination Time: 4

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: b0d99430-a612-11e3-be74-c81f662161a3

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (03/11/2014 10:06:22 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:06:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:06:12 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:05:47 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:05:09 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:04:55 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:03:47 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:03:39 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:03:35 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:03:33 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (03/10/2014 03:16:28 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.552b449c7c00000050006ce5c136c01cf3c9d9e972ac2C:\Windows\SysWOW64\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dlldc56c9d1-a890-11e3-be74-c81f662161a3

Error: (03/10/2014 00:08:12 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: QUATRINEDESKTOP)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos

Error: (03/09/2014 01:46:23 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.552b449c7c00000050006ce5c3801cf3bc7de87ca57C:\Windows\SysWOW64\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dll1c797b68-a7bb-11e3-be74-c81f662161a3

Error: (03/07/2014 06:16:30 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.552b449c7c00000050006ce5c15f801cf3a5b45d5ecf0C:\Windows\SysWOW64\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dll83a89eff-a64e-11e3-be74-c81f662161a3

Error: (03/07/2014 00:37:13 PM) (Source: Application Hang)(User: )
Description: chrome.exe33.0.1750.146d4401cf3963304b1ae64294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe1d999ba4-a61f-11e3-be74-c81f662161a3

Error: (03/07/2014 00:26:35 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1679852ec7dc3smei64.dll0.0.0.053159130c00000050000000000020be81b6c01cf3a26ccf631c6C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Goobzo\GBUpdate\smei64.dlla13596fd-a61d-11e3-be74-c81f662161a3

Error: (03/07/2014 11:59:56 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.167981afc01cf3a269f7151978C:\Program Files\Internet Explorer\iexplore.exee59ae981-a619-11e3-be74-c81f662161a3

Error: (03/07/2014 11:59:31 AM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1679852ec7dc3smei64.dll0.0.0.053159130c00000050000000000020be8195c01cf3a208eacc636C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Goobzo\GBUpdate\smei64.dlld97db77b-a619-11e3-be74-c81f662161a3

Error: (03/07/2014 11:09:14 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16798131401cf3a1f7b2551c55C:\Program Files\Internet Explorer\iexplore.exed0292f8c-a612-11e3-be74-c81f662161a3

Error: (03/07/2014 11:08:21 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16798196801cf3a1f5872b6024C:\Program Files\Internet Explorer\iexplore.exeb0d99430-a612-11e3-be74-c81f662161a3


CodeIntegrity Errors:
===================================
Date: 2014-03-05 11:32:10.320
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 8066 MB
Available physical RAM: 6239.72 MB
Total Pagefile: 9282 MB
Available Pagefile: 7303.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.57 GB) (Free:864.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: CD59B134)

Partition: GPT Partition Type.

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Jose at 2014-03-11 10:33:16
Running from C:\Users\Jose\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: "Endpoint Antivirus" (Disabled - Up to date) {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
AS: "Endpoint Antivirus" (Disabled - Up to date) {ECD425A9-8C8F-D447-4EAB-6F599E267857}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Classic Shell (HKLM\...\{BF8CC8E1-3D54-4A54-B985-5190F18AFDBB}) (Version: 4.0.0 - IvoSoft)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Endpoint Antivirus 64b (HKLM\...\{62E0EDA5-EC2F-481D-8A3E-CF79A925B3B4}) (Version: 5.0.2 - Total Defense)
Endpoint Security (HKLM-x32\...\{6D3687A4-4F95-4144-9B81-6FE6DA532013}) (Version: 5.0.8.0304 - Cloud Security Team)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Search module (HKLM-x32\...\Search module) (Version: - Search Module)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Web Launcher (HKCU\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)

==================== Restore Points =========================

02-03-2014 22:49:50 RegClean Pro Sun, Mar 02, 14 16:49
04-03-2014 20:46:17 Installed LogMeIn
06-03-2014 16:37:19 Revo Uninstaller Pro's restore point - cloud
06-03-2014 16:39:40 Revo Uninstaller Pro's restore point -
06-03-2014 16:45:59 Revo Uninstaller Pro's restore point - cloudclient
06-03-2014 16:52:54 Revo Uninstaller Pro's restore point - mcafee
06-03-2014 16:53:46 Revo Uninstaller Pro's restore point - SUPERAntiSpyware

==================== Scheduled Tasks (whitelisted) =============

Task: {0354134E-C304-4964-AF07-5A3AE8A92C74} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {05AB1C6B-AE7C-400E-A13B-7F406A5E7DC6} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
Task: {06DAE39B-A1E2-4D1F-90F5-15B27C681F18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {0995584B-6472-492A-8881-1F4859CAA9BA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {41B0A315-B34B-48A9-91A4-6222C9D5533D} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-02-28] (Glarysoft Ltd)
Task: {43745743-8698-4ECC-82E4-B149B14110DF} - System32\Tasks\Dell\Dell Product Registration (Jose) => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {44EFF698-53D0-47A0-AF9B-F4C2ED0662B1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-03-02] (Microsoft Corporation)
Task: {47731804-54EB-4C0F-9F37-915628E90180} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {5095AE42-C15C-48D3-99DE-9C96C484F327} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-02-26] (Glarysoft Ltd)
Task: {51F14170-13FB-4622-AAC5-91D4D8FA7385} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {5ABF9AE7-89B7-4D3E-8F4E-9FB8A0DF7E70} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {628E6F1B-D13D-47D8-A5C5-EDBAA8CD2BD3} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {6BC1232B-7E6F-4DBD-ABA4-AC2EF2D4E4B0} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {6E5602F9-E6DA-4D70-8347-F01A4C0AD408} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1
Task: {7A4EB64F-4E93-43FB-B567-3959F603DF78} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {7ABFE721-AD14-412C-8087-54E0487F55C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {80F565A2-D34C-4398-AC65-2B096BEF2205} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe
Task: {8FFFF1F5-DC39-4EB1-8A3D-2E85B6976E5A} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.0.0.27\jsdrv.exe
Task: {97936C70-FDB0-4837-BEA1-A65BA63030AB} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
Task: {A45222EB-7CA8-4D53-A402-67A4B343C3B8} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-12-05] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BA10711E-CF2C-4C97-AF8E-1569A2DDE9BF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BE0FAF40-B1CC-467C-B5BA-944FE211B076} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D9524426-15F4-4B69-8417-C671063E6001} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-03 15:52 - 2014-03-03 15:52 - 00594432 _____ () C:\Program Files (x86)\CloudClient\isfacs.exe
2014-03-02 17:16 - 2012-11-24 18:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-03-02 17:16 - 2012-12-07 08:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-03-02 17:16 - 2012-12-07 08:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-12-05 05:08 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-02 17:19 - 2014-03-02 17:19 - 06522944 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-04 19:14 - 2012-01-20 15:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-12-05 04:23 - 2012-07-25 15:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-06 10:48 - 2014-03-06 10:48 - 01179136 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\cce138051887d83dccffdc206031b09f\Windows.UI.ni.dll
2012-07-25 15:44 - 2012-07-25 15:35 - 00036864 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
2014-03-04 17:56 - 2014-03-04 17:56 - 00295936 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\674a093211b1f8a3e570f640741e3b98\Windows.Foundation.ni.dll
2014-03-05 04:02 - 2014-03-05 04:02 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll
2013-12-05 05:02 - 2012-07-18 14:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-26 00:39 - 2014-02-26 00:39 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 4\zlib1.dll
2013-12-05 05:07 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-02 17:16 - 2014-03-02 17:16 - 00312896 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-03-02 17:16 - 2014-03-02 17:16 - 00354368 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2014-03-02 17:18 - 2014-03-02 17:18 - 01014336 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2014-03-04 03:39 - 2014-03-04 03:39 - 01011560 _____ () C:\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 10:50 - 2014-03-01 21:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2014 03:16:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x136c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (03/10/2014 00:08:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: QUATRINEDESKTOP)
Description: App microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos did not launch within its allotted time.

Error: (03/09/2014 01:46:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x38
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (03/07/2014 06:16:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.2.9200.16384, time stamp: 0x50109e4e
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x15f8
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5

Error: (03/07/2014 00:37:13 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 33.0.1750.146 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d44

Start Time: 01cf3963304b1ae6

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 1d999ba4-a61f-11e3-be74-c81f662161a3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/07/2014 00:26:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16798, time stamp: 0x52ec7dc3
Faulting module name: smei64.dll, version: 0.0.0.0, time stamp: 0x53159130
Exception code: 0xc0000005
Fault offset: 0x0000000000020be8
Faulting process id: 0x1b6c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (03/07/2014 11:59:56 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16798 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1afc

Start Time: 01cf3a269f715197

Termination Time: 8

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: e59ae981-a619-11e3-be74-c81f662161a3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/07/2014 11:59:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16798, time stamp: 0x52ec7dc3
Faulting module name: smei64.dll, version: 0.0.0.0, time stamp: 0x53159130
Exception code: 0xc0000005
Fault offset: 0x0000000000020be8
Faulting process id: 0x195c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (03/07/2014 11:09:14 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16798 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1314

Start Time: 01cf3a1f7b2551c5

Termination Time: 5

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: d0292f8c-a612-11e3-be74-c81f662161a3

Faulting package full name:

Faulting package-relative application ID:

Error: (03/07/2014 11:08:21 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16798 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1968

Start Time: 01cf3a1f5872b602

Termination Time: 4

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: b0d99430-a612-11e3-be74-c81f662161a3

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (03/11/2014 10:06:22 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:06:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:06:12 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:05:47 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:05:09 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:04:55 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:03:47 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:03:39 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:03:35 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (03/11/2014 10:03:33 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (03/10/2014 03:16:28 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.552b449c7c00000050006ce5c136c01cf3c9d9e972ac2C:\Windows\SysWOW64\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dlldc56c9d1-a890-11e3-be74-c81f662161a3

Error: (03/10/2014 00:08:12 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: QUATRINEDESKTOP)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos

Error: (03/09/2014 01:46:23 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.552b449c7c00000050006ce5c3801cf3bc7de87ca57C:\Windows\SysWOW64\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dll1c797b68-a7bb-11e3-be74-c81f662161a3

Error: (03/07/2014 06:16:30 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.2.9200.1638450109e4eSysMenu.dll1.0.0.552b449c7c00000050006ce5c15f801cf3a5b45d5ecf0C:\Windows\SysWOW64\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dll83a89eff-a64e-11e3-be74-c81f662161a3

Error: (03/07/2014 00:37:13 PM) (Source: Application Hang)(User: )
Description: chrome.exe33.0.1750.146d4401cf3963304b1ae64294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe1d999ba4-a61f-11e3-be74-c81f662161a3

Error: (03/07/2014 00:26:35 PM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1679852ec7dc3smei64.dll0.0.0.053159130c00000050000000000020be81b6c01cf3a26ccf631c6C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Goobzo\GBUpdate\smei64.dlla13596fd-a61d-11e3-be74-c81f662161a3

Error: (03/07/2014 11:59:56 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.167981afc01cf3a269f7151978C:\Program Files\Internet Explorer\iexplore.exee59ae981-a619-11e3-be74-c81f662161a3

Error: (03/07/2014 11:59:31 AM) (Source: Application Error)(User: )
Description: iexplore.exe10.0.9200.1679852ec7dc3smei64.dll0.0.0.053159130c00000050000000000020be8195c01cf3a208eacc636C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Goobzo\GBUpdate\smei64.dlld97db77b-a619-11e3-be74-c81f662161a3

Error: (03/07/2014 11:09:14 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16798131401cf3a1f7b2551c55C:\Program Files\Internet Explorer\iexplore.exed0292f8c-a612-11e3-be74-c81f662161a3

Error: (03/07/2014 11:08:21 AM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16798196801cf3a1f5872b6024C:\Program Files\Internet Explorer\iexplore.exeb0d99430-a612-11e3-be74-c81f662161a3


CodeIntegrity Errors:
===================================
Date: 2014-03-05 11:32:10.320
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 8066 MB
Available physical RAM: 6239.72 MB
Total Pagefile: 9282 MB
Available Pagefile: 7303.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.57 GB) (Free:864.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: CD59B134)

Partition: GPT Partition Type.

==================== End Of Log ============================

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-11 10:40:08
-----------------------------
10:40:08.034 OS Version: Windows x64 6.2.9200
10:40:08.034 Number of processors: 4 586 0x3A09
10:40:08.035 ComputerName: QUATRINEDESKTOP UserName: Jose
10:40:08.057 Initialze error 1
10:41:52.480 AVAST engine defs: 14031101
10:42:20.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000037
10:42:20.717 Disk 0 Vendor: ST1000DM003-1CH162 CC47 Size: 953869MB BusType: 11
10:42:20.774 Disk 0 MBR read successfully
10:42:20.777 Disk 0 MBR scan
10:42:20.782 Disk 0 unknown MBR code
10:42:20.785 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
10:42:20.799 Disk 0 scanning C:\Windows\system32\drivers
10:42:20.802 Service scanning
10:42:21.381 Modules scanning
10:42:21.385 Disk 0 trace - called modules:
10:42:21.394 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
10:42:21.398 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007def060]
10:42:21.402 3 CLASSPNP.SYS[fffff88000a68e0a] -> nt!IofCallDriver -> [0xfffffa80072f6e40]
10:42:21.411 5 ACPI.sys[fffff88001179a91] -> nt!IofCallDriver -> \Device\00000037[0xfffffa800669e590]
10:42:21.417 AVAST engine scan C:\Windows
10:42:21.423 AVAST engine scan C:\Windows\system32
10:42:21.426 AVAST engine scan C:\Windows\system32\drivers
10:42:21.428 AVAST engine scan C:\Users\Jose
10:42:21.431 AVAST engine scan C:\ProgramData
10:42:21.433 Scan finished successfully
10:42:34.197 Disk 0 MBR has been saved successfully to "C:\Users\Jose\Downloads\MBR.dat"
10:42:34.200 The log file has been saved successfully to "C:\Users\Jose\Downloads\aswMBR.txt"
  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

You've posted the Additions log twice. Please post the FRST.txt log, it will be located on your desktop. :thumbsup:
  • 0

#5
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Jose (administrator) on QUATRINEDESKTOP on 11-03-2014 10:32:52
Running from C:\Users\Jose\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

() C:\Program Files (x86)\CloudClient\isfacs.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInRC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [CloudClient] - C:\Program Files (x86)\CloudClient\isfagent.exe [2155416 2013-12-09] (Cloud Security)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1344373034&ir=
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {FB4A8555-EFE5-49BE-81D0-BC434AE60338} URL = http://start.mysearc...=1344373034&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://www.bing.com/...=IE10TR&pc=DCJB
SearchScopes: HKLM - {FB4A8555-EFE5-49BE-81D0-BC434AE60338} URL = http://start.mysearc...=1344373034&ir=
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...q={searchTerms}
BHO: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
BHO: iWebar - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: Plus-HD-8.9 - {11111111-1111-1111-1111-110511281100} - C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho64.dll No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "sync" : {
"dictionary" : false,
"keep_everything_synced" : false,
"preferences" : false,
"priority_preferences" : false,
"search_engines"
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-02]
CHR Extension: (Google Drive) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
CHR Extension: (YouTube) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
CHR Extension: (Google Search) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Gmail) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]

==================== Services (Whitelisted) =================

R2 Cloud Client Service; C:\Program Files (x86)\CloudClient\isfacs.exe [594432 2014-03-03] ()
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [125440 2013-04-30] (Dell Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2541928 2014-03-04] (Search Module Ltd.)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-03-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-12-05] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\SysWOW64\wbem\WmiApSrv.exe [0 2014-03-06] ()
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2014-02-26] (Glarysoft Ltd)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-03-04] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 10:32 - 2014-03-11 10:32 - 00012614 _____ () C:\Users\Jose\Downloads\FRST.txt
2014-03-11 10:32 - 2014-03-11 10:32 - 00000000 ____D () C:\FRST
2014-03-11 10:31 - 2014-03-11 10:31 - 02157056 _____ (Farbar) C:\Users\Jose\Downloads\FRST64.exe
2014-03-10 20:12 - 2014-03-10 20:12 - 00000000 ____D () C:\Users\Jose\Downloads\EndpointSecurity (1)
2014-03-10 20:11 - 2014-03-10 20:11 - 03784351 _____ () C:\Users\Jose\Downloads\EndpointSecurity (1).zip
2014-03-10 20:09 - 2014-03-10 20:09 - 00000020 ___SH () C:\Users\caloffice\ntuser.ini
2014-03-10 20:09 - 2014-03-10 20:09 - 00000000 ____D () C:\Users\caloffice
2014-03-10 20:09 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-10 20:09 - 2013-12-05 04:39 - 00000000 ___RD () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-10 20:09 - 2013-12-05 04:39 - 00000000 ___RD () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-10 20:09 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-10 20:09 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-10 14:57 - 2014-03-10 14:57 - 00041472 _____ () C:\Users\Jose\Documents\CRF Rosenkranz 3.10.14.xls
2014-03-09 16:54 - 2014-03-09 16:54 - 00065024 _____ () C:\Users\Jose\Desktop\Copy of Supply Requisition Form.xls
2014-03-09 13:00 - 2014-03-09 13:00 - 00011776 ___SH () C:\Users\Jose\Desktop\Thumbs.db
2014-03-08 12:44 - 2014-03-08 12:44 - 00657408 _____ () C:\Users\Jose\Desktop\Current Fabric Retail Price List January 2014.xls
2014-03-07 13:13 - 2014-03-07 13:13 - 00439360 _____ () C:\Users\Jose\Desktop\segment_export_43aa5fa5a6.csv
2014-03-07 12:26 - 2014-03-07 12:26 - 00148907 _____ () C:\Users\Jose\Downloads\pillow front.jpeg
2014-03-06 18:27 - 2014-03-08 05:57 - 23077843 _____ () C:\Users\Jose\AppData\Local\census.cache
2014-03-06 18:24 - 2014-03-08 04:09 - 00071299 _____ () C:\Users\Jose\AppData\Local\ars.cache
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\winlogon.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\wininit.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\taskhostex.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\taskhost.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\spoolsv.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\smss.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\services.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\RuntimeBroker.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\lsass.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\dwm.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\dasHost.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\csrss.exe
2014-03-06 12:44 - 2014-03-06 12:44 - 00000010 _____ () C:\Users\Jose\AppData\Local\sponge.last.runtime.cache
2014-03-06 12:41 - 2014-03-06 12:41 - 02049128 _____ (Trend Micro Inc.) C:\Users\Jose\Downloads\HousecallLauncher.exe
2014-03-06 12:41 - 2014-03-06 12:41 - 00000036 _____ () C:\Users\Jose\AppData\Local\housecall.guid.cache
2014-03-06 12:31 - 2014-03-11 10:19 - 00000000 ____D () C:\Program Files (x86)\CloudClient
2014-03-06 12:28 - 2014-03-06 12:30 - 00000000 ____D () C:\Users\Jose\AppData\Local\join.me
2014-03-06 12:28 - 2014-03-06 12:28 - 00001072 _____ () C:\Users\Jose\Desktop\join.me.lnk
2014-03-06 12:28 - 2014-03-06 12:28 - 00001072 _____ () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-03-06 11:35 - 2014-03-06 11:35 - 10619688 _____ (VS Revo Group ) C:\Users\Jose\Downloads\RevoUninProSetup.exe
2014-03-06 11:35 - 2014-03-06 11:35 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\Users\Jose\AppData\Local\VS Revo Group
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-06 11:35 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-03-06 11:12 - 2014-03-06 11:16 - 00000000 ____D () C:\Users\Jose\Downloads\EndpointSecurity
2014-03-06 11:11 - 2014-03-06 11:11 - 03784351 _____ () C:\Users\Jose\Downloads\EndpointSecurity.zip
2014-03-06 11:06 - 2014-03-06 11:06 - 07056016 _____ () C:\Users\Jose\Downloads\join.me.exe
2014-03-05 15:45 - 2014-03-05 15:45 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-03-05 15:45 - 2014-03-05 15:45 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-03-05 14:23 - 2014-03-05 14:23 - 05603808 _____ (IvoSoft) C:\Users\Jose\Downloads\ClassicShellSetup_4_0_0.exe
2014-03-05 13:03 - 2014-03-05 13:03 - 00024540 _____ () C:\ComboFix.txt
2014-03-05 12:28 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-05 12:28 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-05 12:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-05 12:24 - 2014-03-05 13:03 - 00000000 ____D () C:\Qoobox
2014-03-05 12:24 - 2014-03-05 12:32 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 12:24 - 2014-03-05 12:24 - 00000000 ___RD () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 12:24 - 2014-03-05 12:24 - 00000000 ___RD () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-04 19:16 - 2014-03-04 19:16 - 00001736 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-03-04 19:16 - 2014-03-04 19:16 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Canneverbe Limited
2014-03-04 19:16 - 2014-03-04 19:16 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-03-04 19:15 - 2014-03-11 10:08 - 00000362 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-03-04 19:15 - 2014-03-11 10:07 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-03-04 19:15 - 2014-03-04 19:15 - 00002984 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-03-04 19:15 - 2014-03-04 19:15 - 00002650 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-03-04 19:15 - 2014-03-04 19:15 - 00001086 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-03-04 19:15 - 2014-03-04 19:15 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\GlarySoft
2014-03-04 19:15 - 2014-02-26 00:39 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-03-04 19:15 - 2014-02-26 00:17 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-03-04 19:14 - 2014-03-11 10:31 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\ClassicShell
2014-03-04 19:14 - 2014-03-05 14:23 - 00000000 ____D () C:\Program Files\Classic Shell
2014-03-04 19:14 - 2014-03-04 19:14 - 00001270 _____ () C:\Users\Jose\Desktop\Revo Uninstaller.lnk
2014-03-04 19:14 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files\TeraCopy
2014-03-04 19:14 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-04 18:43 - 2014-03-04 18:43 - 00000000 ____D () C:\Windows\SysWOW64\tmp
2014-03-04 18:42 - 2014-03-06 11:29 - 00000000 ____D () C:\Program Files (x86)\CloudClient2
2014-03-04 16:48 - 2014-03-04 16:48 - 00432288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-04 16:38 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\PCDr
2014-03-04 16:25 - 2014-03-04 16:25 - 00000600 _____ () C:\Users\Jose\PUTTY.RND
2014-03-04 16:06 - 2014-03-04 16:06 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Malwarebytes
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-04 16:06 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 15:47 - 2014-03-11 10:03 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-04 15:47 - 2014-03-04 15:47 - 00001024 _____ () C:\.rnd
2014-03-04 15:47 - 2014-03-04 15:47 - 00000000 ____D () C:\Users\Jose\AppData\Local\LogMeIn
2014-03-04 15:47 - 2014-03-04 15:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-03-04 15:47 - 2014-01-20 14:35 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-03-04 15:47 - 2014-01-20 14:35 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-03-04 15:47 - 2014-01-20 14:35 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-03-04 15:47 - 2013-12-11 18:11 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-03-04 15:33 - 2014-03-04 16:48 - 00000000 ____D () C:\SUPERDelete
2014-03-04 15:21 - 2014-03-04 16:26 - 00000000 ____D () C:\Program Files (x86)\ShowMyPCService
2014-03-04 15:08 - 2014-02-17 17:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 15:08 - 2014-02-17 17:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 14:17 - 2014-03-04 19:43 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\WordExtra
2014-03-04 14:17 - 2014-03-04 14:17 - 00001109 _____ () C:\Users\Jose\Desktop\Flash Player Pro.lnk
2014-03-04 14:17 - 2014-03-04 14:17 - 00000000 ____D () C:\Users\Jose\Documents\Flash Player Pro
2014-03-04 14:17 - 2014-03-04 14:17 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-03-04 14:16 - 2014-03-04 14:16 - 00004516 _____ () C:\Windows\System32\Tasks\ShopperPro
2014-03-04 14:16 - 2014-03-04 14:16 - 00003734 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-03-04 14:16 - 2014-03-04 14:16 - 00003584 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-03-04 14:16 - 2014-03-04 14:16 - 00003580 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-03-04 14:16 - 2014-03-04 14:16 - 00003500 _____ () C:\Windows\System32\Tasks\SPDriver
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\ProgramData\SearchModule
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-03-04 14:15 - 2014-03-04 14:15 - 00000000 ____D () C:\Users\Jose\AppData\Local\CrashRpt
2014-03-04 14:14 - 2014-03-04 14:14 - 00000000 ____D () C:\Users\Jose\AppData\Local\Tuguu_SL
2014-03-04 13:41 - 2014-03-04 13:41 - 00663040 _____ () C:\Users\Jose\Desktop\Current Fabric Retail Price List March 2014.xls
2014-03-04 13:41 - 2014-03-04 13:41 - 00303104 _____ () C:\Users\Jose\Desktop\Shop Swatch Iventory March 2014.xls
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Users\Jose\AppData\Local\Amazon_Services_LLC
2014-03-03 12:23 - 2014-03-03 12:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-03 12:23 - 2014-02-04 20:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-03 10:52 - 2013-09-04 13:47 - 00000117 ____H () C:\DBAR_Ver.txt
2014-03-03 10:51 - 2014-03-03 10:52 - 00000000 ____D () C:\ProgramData\softthinks
2014-03-03 10:51 - 2014-03-03 10:51 - 00003998 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-03 10:51 - 2014-03-03 10:51 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-03 10:51 - 2014-03-03 10:51 - 00003208 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-03 10:51 - 2014-03-03 10:51 - 00000000 ____D () C:\Users\Jose\AppData\Local\softthinks
2014-03-03 10:45 - 2014-03-11 10:07 - 00003796 _____ () C:\Users\Public\CAFADEBUG.log
2014-03-02 17:48 - 2014-03-02 17:48 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-03-02 17:47 - 2014-03-04 18:31 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-02 17:47 - 2014-03-02 17:47 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-02 17:47 - 2012-07-25 13:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-03-02 17:46 - 2014-03-04 19:31 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\UpdaterEX
2014-03-02 17:46 - 2014-03-04 18:31 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\systweak
2014-03-02 17:46 - 2014-03-04 17:16 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-03-02 17:46 - 2014-03-02 17:46 - 17660184 _____ (Google Inc.) C:\Users\Jose\Downloads\picasa-setup.exe
2014-03-02 17:46 - 2014-03-02 17:46 - 00000000 ____D () C:\Program Files\Quiknowledge
2014-03-02 17:46 - 2014-01-21 18:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-02 17:45 - 2014-03-04 10:50 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-02 17:44 - 2014-03-11 10:07 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-02 17:44 - 2014-03-11 08:49 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 17:44 - 2014-03-04 15:45 - 00000000 ____D () C:\Users\Jose\AppData\Local\Deployment
2014-03-02 17:44 - 2014-03-02 17:48 - 00000000 ____D () C:\Users\Jose\AppData\Local\Google
2014-03-02 17:44 - 2014-03-02 17:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 17:44 - 2014-03-02 17:44 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-02 17:44 - 2014-03-02 17:44 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-02 17:44 - 2014-03-02 17:44 - 00000000 ____D () C:\Users\Jose\AppData\Local\Apps\2.0
2014-03-02 17:38 - 2013-12-04 18:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-02 17:38 - 2013-12-04 18:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-02 17:38 - 2013-10-10 06:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-03-02 17:38 - 2013-10-10 04:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-02 17:38 - 2013-10-10 04:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-03-02 17:37 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-02 17:37 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-02 17:37 - 2013-09-03 22:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-02 17:37 - 2013-07-05 19:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-02 17:37 - 2013-07-03 21:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-02 17:36 - 2013-11-01 00:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-02 17:35 - 2013-12-08 19:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-02 17:35 - 2013-12-08 18:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-02 17:35 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-02 17:35 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-03-02 17:35 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-03-02 17:35 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-03-02 17:35 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-03-02 17:35 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-02 17:35 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-03-02 17:35 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-03-02 17:35 - 2013-10-02 18:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-02 17:35 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-03-02 17:35 - 2013-10-01 17:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-02 17:35 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-03-02 17:35 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-03-02 17:35 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-02 17:35 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-03-02 17:35 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-03-02 17:35 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-03-02 17:35 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-03-02 17:32 - 2013-09-13 17:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-03-02 17:32 - 2013-09-13 17:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-03-02 17:32 - 2013-08-30 00:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-03-02 17:32 - 2013-08-30 00:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-03-02 17:32 - 2013-08-29 18:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-03-02 17:32 - 2013-08-21 01:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-03-02 17:32 - 2013-08-10 01:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2014-03-02 17:32 - 2013-08-10 00:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-03-02 17:32 - 2013-08-09 22:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-03-02 17:32 - 2013-07-24 18:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-03-02 17:32 - 2013-07-24 18:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-03-02 17:32 - 2013-07-11 20:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-03-02 17:32 - 2013-07-11 20:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-03-02 17:31 - 2013-06-22 00:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-02 17:31 - 2013-06-22 00:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-02 17:26 - 2014-03-02 17:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-02 17:26 - 2013-07-05 17:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-03-02 17:26 - 2013-07-01 17:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-03-02 17:25 - 2013-10-01 18:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-02 17:25 - 2013-10-01 18:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-02 17:21 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ___RD () C:\Users\Jose\SkyDrive
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-03-02 17:16 - 2014-03-02 17:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-02 17:16 - 2013-09-23 17:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-02 17:16 - 2013-09-23 17:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-02 17:13 - 2012-10-23 22:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2014-03-02 17:13 - 2012-10-23 21:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2014-03-02 17:12 - 2013-12-04 18:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-02 17:12 - 2013-12-04 18:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-02 17:12 - 2013-11-26 19:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-02 17:12 - 2013-11-25 18:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-02 17:12 - 2013-10-31 00:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-03-02 17:12 - 2013-10-31 00:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-03-02 17:12 - 2013-10-30 23:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-03-02 17:12 - 2013-10-30 22:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-03-02 17:12 - 2013-10-28 00:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-03-02 17:12 - 2013-10-27 23:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-03-02 17:12 - 2013-10-13 15:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-03-02 17:12 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-02 17:12 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-03-02 17:12 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-02 17:12 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-02 17:12 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-02 17:12 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-03-02 17:12 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-02 17:12 - 2013-08-27 00:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-02 17:12 - 2013-08-27 00:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-02 17:12 - 2013-08-26 17:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-02 17:12 - 2013-08-26 17:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-03-02 17:12 - 2013-07-19 17:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-02 17:12 - 2013-07-19 17:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-02 17:12 - 2013-06-30 20:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-02 17:12 - 2013-06-30 20:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-02 17:12 - 2013-06-30 20:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-02 17:12 - 2013-06-30 20:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-02 17:12 - 2013-06-28 22:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-02 17:12 - 2013-06-28 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-02 17:12 - 2013-06-28 22:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-02 17:12 - 2013-05-26 18:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-02 17:12 - 2013-05-26 17:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-02 17:12 - 2013-05-24 22:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-02 17:12 - 2013-05-24 21:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-02 17:10 - 2014-02-01 04:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-02 17:10 - 2014-02-01 04:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-02 17:10 - 2014-02-01 04:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-02 17:10 - 2014-02-01 04:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-02 17:10 - 2014-02-01 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-02 17:10 - 2014-02-01 02:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-02 17:10 - 2014-02-01 02:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-02 17:09 - 2014-02-01 04:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-02 17:09 - 2014-02-01 04:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-02 17:09 - 2014-02-01 04:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-02 17:09 - 2014-02-01 02:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-02 17:09 - 2014-02-01 02:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-02 17:09 - 2014-02-01 02:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-02 17:09 - 2014-02-01 02:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-02 17:09 - 2014-02-01 00:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-02 17:08 - 2014-01-12 18:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-02 17:08 - 2014-01-12 18:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-02 17:08 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-02 17:08 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-02 17:08 - 2013-11-19 19:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-02 17:08 - 2013-11-19 18:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-02 17:08 - 2013-08-23 02:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-02 17:08 - 2013-08-22 20:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-02 17:08 - 2013-07-01 20:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-03-02 17:08 - 2013-07-01 20:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-03-02 17:08 - 2013-03-21 22:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-03-02 17:08 - 2013-03-21 17:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-03-02 17:06 - 2013-12-07 01:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-03-02 17:06 - 2013-12-07 01:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-02 17:06 - 2013-12-07 00:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-03-02 17:06 - 2013-12-07 00:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-02 17:06 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-02 17:06 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-02 17:05 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-03-02 17:05 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-03-02 17:05 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-03-02 17:05 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-03-02 17:05 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-03-02 17:05 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-03-02 17:05 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-03-02 17:05 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-03-02 17:05 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-03-02 17:05 - 2013-08-02 01:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-02 17:05 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-02 17:05 - 2013-08-02 00:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-02 17:05 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-02 17:05 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-03-02 17:05 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-03-02 17:05 - 2013-04-09 18:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-03-02 17:05 - 2013-04-09 17:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-03-02 17:04 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-02 17:04 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-02 17:04 - 2013-10-01 18:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-02 17:04 - 2013-10-01 18:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-02 17:04 - 2013-08-02 01:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-03-02 17:04 - 2013-08-02 00:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-03-02 16:59 - 2014-03-10 14:06 - 00510464 _____ () C:\Users\Jose\Desktop\Chicago Commission Worsheet2014.xls
2014-03-02 16:59 - 2014-03-09 17:08 - 00593920 _____ () C:\Users\Jose\Desktop\401-INVENTORY_2.22.14.xls
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ___RD () C:\Users\Jose\Desktop\TIME SHEET & SCHEDULE
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Zenkewicz Comp pillows
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Wyrick
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Siegel
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Sabo
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Ruge-Anderson
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Purchase Orders
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\PILOT Freight Services
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Pending Orders
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\New DRF's
2014-03-02 16:59 - 2014-03-02 16:01 - 00000310 _____ () C:\Users\Jose\Desktop\My Documents.lnk
2014-03-02 16:59 - 2014-02-03 18:39 - 00258184 _____ () C:\Users\Jose\Desktop\Client contact info 2.3.14.xlsx
2014-03-02 16:59 - 2013-10-18 15:07 - 00233984 _____ () C:\Users\Jose\Desktop\Furniture Price Tags 01 02 10.xls
2014-03-02 16:59 - 2013-02-14 13:43 - 00215552 _____ () C:\Users\Jose\Desktop\Fabric+Inventory+colorcoded.xls
2014-03-02 16:58 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Metal Hardware
2014-03-02 16:57 - 2014-03-02 16:58 - 00000000 ____D () C:\Users\Jose\Desktop\Merchandising Folder
2014-03-02 16:56 - 2014-03-11 10:18 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1872610917-3398350509-3947348075-1001
2014-03-02 16:56 - 2014-03-08 13:27 - 00000000 ____D () C:\Users\Jose\Desktop\Manager
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ___RD () C:\Users\Jose\Desktop\Forms
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Forms Folder
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Fabric Care Sheets
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Fabric
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Designer Paperwork & Outreach
2014-03-02 16:55 - 2014-03-09 14:31 - 00000000 ____D () C:\Users\Jose\Desktop\Commission
2014-03-02 16:55 - 2014-03-02 16:56 - 00000000 ___RD () C:\Users\Jose\Desktop\DER 2014
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Customer Appreciation Folder
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Container Folder
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\AT&T
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Administrative Folder
2014-03-02 16:54 - 2014-03-02 16:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-03-02 16:49 - 2014-03-02 16:49 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Intel Corporation
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Leadertech
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Users\Jose\AppData\Local\Conexant
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Macromedia
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Adobe
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Local\Power2Go8
2014-03-02 16:46 - 2014-03-10 14:06 - 00000000 ____D () C:\Users\Jose\AppData\Local\Packages
2014-03-02 16:46 - 2014-03-04 16:25 - 00000000 ____D () C:\Users\Jose
2014-03-02 16:46 - 2014-03-02 17:16 - 00000000 ____D () C:\Users\Jose\AppData\Local\VirtualStore
2014-03-02 16:46 - 2014-03-02 16:48 - 00000000 ____D () C:\ProgramData\PRICache
2014-03-02 16:46 - 2014-03-02 16:46 - 00000020 ___SH () C:\Users\Jose\ntuser.ini

==================== One Month Modified Files and Folders =======

2014-03-11 10:32 - 2014-03-11 10:32 - 00012614 _____ () C:\Users\Jose\Downloads\FRST.txt
2014-03-11 10:32 - 2014-03-11 10:32 - 00000000 ____D () C:\FRST
2014-03-11 10:31 - 2014-03-11 10:31 - 02157056 _____ (Farbar) C:\Users\Jose\Downloads\FRST64.exe
2014-03-11 10:31 - 2014-03-04 19:14 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\ClassicShell
2014-03-11 10:27 - 2013-12-05 04:50 - 01754251 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 10:19 - 2014-03-06 12:31 - 00000000 ____D () C:\Program Files (x86)\CloudClient
2014-03-11 10:18 - 2014-03-02 16:56 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1872610917-3398350509-3947348075-1001
2014-03-11 10:08 - 2014-03-04 19:15 - 00000362 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-03-11 10:07 - 2014-03-04 19:15 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-03-11 10:07 - 2014-03-03 10:45 - 00003796 _____ () C:\Users\Public\CAFADEBUG.log
2014-03-11 10:07 - 2014-03-02 17:44 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 10:03 - 2014-03-04 15:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-11 10:03 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-11 08:49 - 2014-03-02 17:44 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 21:35 - 2012-07-26 02:28 - 00870438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-10 21:30 - 2013-12-05 04:43 - 00246626 _____ () C:\Windows\PFRO.log
2014-03-10 21:30 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 21:29 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-10 20:12 - 2014-03-10 20:12 - 00000000 ____D () C:\Users\Jose\Downloads\EndpointSecurity (1)
2014-03-10 20:11 - 2014-03-10 20:11 - 03784351 _____ () C:\Users\Jose\Downloads\EndpointSecurity (1).zip
2014-03-10 20:09 - 2014-03-10 20:09 - 00000020 ___SH () C:\Users\caloffice\ntuser.ini
2014-03-10 20:09 - 2014-03-10 20:09 - 00000000 ____D () C:\Users\caloffice
2014-03-10 14:57 - 2014-03-10 14:57 - 00041472 _____ () C:\Users\Jose\Documents\CRF Rosenkranz 3.10.14.xls
2014-03-10 14:06 - 2014-03-02 16:59 - 00510464 _____ () C:\Users\Jose\Desktop\Chicago Commission Worsheet2014.xls
2014-03-10 14:06 - 2014-03-02 16:46 - 00000000 ____D () C:\Users\Jose\AppData\Local\Packages
2014-03-09 17:08 - 2014-03-02 16:59 - 00593920 _____ () C:\Users\Jose\Desktop\401-INVENTORY_2.22.14.xls
2014-03-09 16:54 - 2014-03-09 16:54 - 00065024 _____ () C:\Users\Jose\Desktop\Copy of Supply Requisition Form.xls
2014-03-09 16:54 - 2013-12-05 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2014-03-09 14:31 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Commission
2014-03-09 13:00 - 2014-03-09 13:00 - 00011776 ___SH () C:\Users\Jose\Desktop\Thumbs.db
2014-03-08 13:27 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Manager
2014-03-08 12:44 - 2014-03-08 12:44 - 00657408 _____ () C:\Users\Jose\Desktop\Current Fabric Retail Price List January 2014.xls
2014-03-08 05:57 - 2014-03-06 18:27 - 23077843 _____ () C:\Users\Jose\AppData\Local\census.cache
2014-03-08 04:09 - 2014-03-06 18:24 - 00071299 _____ () C:\Users\Jose\AppData\Local\ars.cache
2014-03-07 13:31 - 2013-12-06 13:48 - 00500736 _____ () C:\Users\Jose\Desktop\Fabrics Received 2014.xls
2014-03-07 13:29 - 2013-12-06 13:48 - 00472576 _____ () C:\Users\Jose\Desktop\Fabric Status 2014.xls
2014-03-07 13:13 - 2014-03-07 13:13 - 00439360 _____ () C:\Users\Jose\Desktop\segment_export_43aa5fa5a6.csv
2014-03-07 12:46 - 2013-12-06 13:48 - 00250880 _____ () C:\Users\Jose\Desktop\Floor Pieces Fabric Inventory 2014.xls
2014-03-07 12:45 - 2013-12-06 13:48 - 00271360 _____ () C:\Users\Jose\Desktop\Inactive Fabric Inventory 2014.xls
2014-03-07 12:44 - 2013-12-06 13:48 - 00144384 _____ () C:\Users\Jose\Desktop\Current Fabric Inventory 2014.xls
2014-03-07 12:26 - 2014-03-07 12:26 - 00148907 _____ () C:\Users\Jose\Downloads\pillow front.jpeg
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\winlogon.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\wininit.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\taskhostex.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\taskhost.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\spoolsv.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\smss.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\services.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\RuntimeBroker.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\lsass.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\dwm.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\dasHost.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\csrss.exe
2014-03-06 12:44 - 2014-03-06 12:44 - 00000010 _____ () C:\Users\Jose\AppData\Local\sponge.last.runtime.cache
2014-03-06 12:41 - 2014-03-06 12:41 - 02049128 _____ (Trend Micro Inc.) C:\Users\Jose\Downloads\HousecallLauncher.exe
2014-03-06 12:41 - 2014-03-06 12:41 - 00000036 _____ () C:\Users\Jose\AppData\Local\housecall.guid.cache
2014-03-06 12:30 - 2014-03-06 12:28 - 00000000 ____D () C:\Users\Jose\AppData\Local\join.me
2014-03-06 12:28 - 2014-03-06 12:28 - 00001072 _____ () C:\Users\Jose\Desktop\join.me.lnk
2014-03-06 12:28 - 2014-03-06 12:28 - 00001072 _____ () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-03-06 11:35 - 2014-03-06 11:35 - 10619688 _____ (VS Revo Group ) C:\Users\Jose\Downloads\RevoUninProSetup.exe
2014-03-06 11:35 - 2014-03-06 11:35 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\Users\Jose\AppData\Local\VS Revo Group
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-06 11:29 - 2014-03-04 18:42 - 00000000 ____D () C:\Program Files (x86)\CloudClient2
2014-03-06 11:16 - 2014-03-06 11:12 - 00000000 ____D () C:\Users\Jose\Downloads\EndpointSecurity
2014-03-06 11:11 - 2014-03-06 11:11 - 03784351 _____ () C:\Users\Jose\Downloads\EndpointSecurity.zip
2014-03-06 11:06 - 2014-03-06 11:06 - 07056016 _____ () C:\Users\Jose\Downloads\join.me.exe
2014-03-05 15:45 - 2014-03-05 15:45 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-03-05 15:45 - 2014-03-05 15:45 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-03-05 14:23 - 2014-03-05 14:23 - 05603808 _____ (IvoSoft) C:\Users\Jose\Downloads\ClassicShellSetup_4_0_0.exe
2014-03-05 14:23 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files\Classic Shell
2014-03-05 13:16 - 2013-12-05 05:08 - 00866796 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-05 13:03 - 2014-03-05 13:03 - 00024540 _____ () C:\ComboFix.txt
2014-03-05 13:03 - 2014-03-05 12:24 - 00000000 ____D () C:\Qoobox
2014-03-05 13:02 - 2012-07-26 00:26 - 00000215 _____ () C:\Windows\system.ini
2014-03-05 12:33 - 2012-07-26 00:37 - 00000000 __RHD () C:\Users\Default
2014-03-05 12:32 - 2014-03-05 12:24 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 12:32 - 2012-07-26 00:26 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-03-05 12:24 - 2014-03-05 12:24 - 00000000 ___RD () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 12:24 - 2014-03-05 12:24 - 00000000 ___RD () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-05 11:10 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-03-04 19:43 - 2014-03-04 14:17 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\WordExtra
2014-03-04 19:31 - 2014-03-02 17:46 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\UpdaterEX
2014-03-04 19:16 - 2014-03-04 19:16 - 00001736 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-03-04 19:16 - 2014-03-04 19:16 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Canneverbe Limited
2014-03-04 19:16 - 2014-03-04 19:16 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-03-04 19:15 - 2014-03-04 19:15 - 00002984 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-03-04 19:15 - 2014-03-04 19:15 - 00002650 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-03-04 19:15 - 2014-03-04 19:15 - 00001086 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-03-04 19:15 - 2014-03-04 19:15 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\GlarySoft
2014-03-04 19:14 - 2014-03-04 19:14 - 00001270 _____ () C:\Users\Jose\Desktop\Revo Uninstaller.lnk
2014-03-04 19:14 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files\TeraCopy
2014-03-04 19:14 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-04 18:55 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-04 18:43 - 2014-03-04 18:43 - 00000000 ____D () C:\Windows\SysWOW64\tmp
2014-03-04 18:31 - 2014-03-02 17:47 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-04 18:31 - 2014-03-02 17:46 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\systweak
2014-03-04 17:16 - 2014-03-02 17:46 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-03-04 17:14 - 2013-12-05 05:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 16:48 - 2014-03-04 16:48 - 00432288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-04 16:48 - 2014-03-04 15:33 - 00000000 ____D () C:\SUPERDelete
2014-03-04 16:42 - 2013-12-05 05:05 - 00000000 ____D () C:\ProgramData\PCDr
2014-03-04 16:42 - 2013-12-05 05:05 - 00000000 ____D () C:\Program Files\My Dell
2014-03-04 16:41 - 2014-03-04 16:38 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\PCDr
2014-03-04 16:26 - 2014-03-04 15:21 - 00000000 ____D () C:\Program Files (x86)\ShowMyPCService
2014-03-04 16:25 - 2014-03-04 16:25 - 00000600 _____ () C:\Users\Jose\PUTTY.RND
2014-03-04 16:25 - 2014-03-02 16:46 - 00000000 ____D () C:\Users\Jose
2014-03-04 16:06 - 2014-03-04 16:06 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Malwarebytes
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-04 15:47 - 2014-03-04 15:47 - 00001024 _____ () C:\.rnd
2014-03-04 15:47 - 2014-03-04 15:47 - 00000000 ____D () C:\Users\Jose\AppData\Local\LogMeIn
2014-03-04 15:47 - 2014-03-04 15:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-03-04 15:45 - 2014-03-02 17:44 - 00000000 ____D () C:\Users\Jose\AppData\Local\Deployment
2014-03-04 15:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-04 15:03 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-04 15:03 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-03-04 14:17 - 2014-03-04 14:17 - 00001109 _____ () C:\Users\Jose\Desktop\Flash Player Pro.lnk
2014-03-04 14:17 - 2014-03-04 14:17 - 00000000 ____D () C:\Users\Jose\Documents\Flash Player Pro
2014-03-04 14:17 - 2014-03-04 14:17 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-03-04 14:16 - 2014-03-04 14:16 - 00004516 _____ () C:\Windows\System32\Tasks\ShopperPro
2014-03-04 14:16 - 2014-03-04 14:16 - 00003734 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-03-04 14:16 - 2014-03-04 14:16 - 00003584 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-03-04 14:16 - 2014-03-04 14:16 - 00003580 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-03-04 14:16 - 2014-03-04 14:16 - 00003500 _____ () C:\Windows\System32\Tasks\SPDriver
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\ProgramData\SearchModule
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-03-04 14:16 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-04 14:15 - 2014-03-04 14:15 - 00000000 ____D () C:\Users\Jose\AppData\Local\CrashRpt
2014-03-04 14:14 - 2014-03-04 14:14 - 00000000 ____D () C:\Users\Jose\AppData\Local\Tuguu_SL
2014-03-04 13:41 - 2014-03-04 13:41 - 00663040 _____ () C:\Users\Jose\Desktop\Current Fabric Retail Price List March 2014.xls
2014-03-04 13:41 - 2014-03-04 13:41 - 00303104 _____ () C:\Users\Jose\Desktop\Shop Swatch Iventory March 2014.xls
2014-03-04 10:50 - 2014-03-02 17:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Users\Jose\AppData\Local\Amazon_Services_LLC
2014-03-03 12:24 - 2014-03-03 12:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-03 12:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-03-03 12:22 - 2012-07-26 00:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-03 12:21 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-03 10:52 - 2014-03-03 10:51 - 00000000 ____D () C:\ProgramData\softthinks
2014-03-03 10:51 - 2014-03-03 10:51 - 00003998 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-03 10:51 - 2014-03-03 10:51 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-03 10:51 - 2014-03-03 10:51 - 00003208 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-03 10:51 - 2014-03-03 10:51 - 00000000 ____D () C:\Users\Jose\AppData\Local\softthinks
2014-03-02 17:48 - 2014-03-02 17:48 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-03-02 17:48 - 2014-03-02 17:44 - 00000000 ____D () C:\Users\Jose\AppData\Local\Google
2014-03-02 17:47 - 2014-03-02 17:47 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-02 17:47 - 2014-03-02 17:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 17:46 - 2014-03-02 17:46 - 17660184 _____ (Google Inc.) C:\Users\Jose\Downloads\picasa-setup.exe
2014-03-02 17:46 - 2014-03-02 17:46 - 00000000 ____D () C:\Program Files\Quiknowledge
2014-03-02 17:44 - 2014-03-02 17:44 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-02 17:44 - 2014-03-02 17:44 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-02 17:44 - 2014-03-02 17:44 - 00000000 ____D () C:\Users\Jose\AppData\Local\Apps\2.0
2014-03-02 17:26 - 2014-03-02 17:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-02 17:26 - 2012-07-26 02:21 - 00012886 _____ () C:\Windows\setupact.log
2014-03-02 17:21 - 2014-03-10 20:09 - 00002106 _____ () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ___RD () C:\Users\Jose\SkyDrive
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-03-02 17:16 - 2014-03-02 17:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-02 17:16 - 2014-03-02 16:46 - 00000000 ____D () C:\Users\Jose\AppData\Local\VirtualStore
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ___RD () C:\Users\Jose\Desktop\TIME SHEET & SCHEDULE
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Zenkewicz Comp pillows
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Wyrick
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Siegel
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Sabo
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Ruge-Anderson
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Purchase Orders
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\PILOT Freight Services
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Pending Orders
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\New DRF's
2014-03-02 16:59 - 2014-03-02 16:58 - 00000000 ____D () C:\Users\Jose\Desktop\Metal Hardware
2014-03-02 16:58 - 2014-03-02 16:57 - 00000000 ____D () C:\Users\Jose\Desktop\Merchandising Folder
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ___RD () C:\Users\Jose\Desktop\Forms
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Forms Folder
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Fabric Care Sheets
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Fabric
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Designer Paperwork & Outreach
2014-03-02 16:56 - 2014-03-02 16:55 - 00000000 ___RD () C:\Users\Jose\Desktop\DER 2014
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Customer Appreciation Folder
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Container Folder
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\AT&T
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Administrative Folder
2014-03-02 16:54 - 2014-03-02 16:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-03-02 16:49 - 2014-03-02 16:49 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Intel Corporation
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Leadertech
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Users\Jose\AppData\Local\Conexant
2014-03-02 16:48 - 2014-03-02 16:46 - 00000000 ____D () C:\ProgramData\PRICache
2014-03-02 16:48 - 2013-12-05 05:02 - 00000000 ____D () C:\ProgramData\Intel
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Macromedia
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Adobe
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Local\Power2Go8
2014-03-02 16:47 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-02 16:46 - 2014-03-02 16:46 - 00000020 ___SH () C:\Users\Jose\ntuser.ini
2014-03-02 16:46 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-03-02 16:01 - 2014-03-02 16:59 - 00000310 _____ () C:\Users\Jose\Desktop\My Documents.lnk
2014-02-26 00:39 - 2014-03-04 19:15 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-02-26 00:17 - 2014-03-04 19:15 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-02-17 17:03 - 2014-03-04 15:08 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 17:03 - 2014-03-04 15:08 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe
[2014-03-06 12:47] - [2014-03-06 12:47] - 0000000 ____A ()

C:\Windows\SysWOW64\wininit.exe No Company Name <===== ATTENTION!

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-05 04:43

==================== End Of Log ============================
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Thank you for the log :)

I need you to run a search for a file on your computer. The log is flagging it, and I need to see if there's a replacement on your machine. Please follow the instructions below.

Start FRST and in the search bar, type wininit.exe

FRST will scan your machine and produce a log when complete. Please post that log when it is finished.

I'm currently working on the FRST log and will post when I see the results of this scan. :thumbsup:
  • 0

#7
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Jose at 2014-03-11 12:04:50
Running from C:\Users\Jose\Downloads
Boot Mode: Normal

================== Search: "wininit.exe" ===================

C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.2.9200.16384_none_89bc60338e14dc99\wininit.exe
[2012-07-25 19:03] - [2012-07-25 22:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

C:\Windows\SysWOW64\wininit.exe
[2014-03-06 12:47] - [2014-03-06 12:47] - 0000000 ____A ()

C:\Windows\System32\wininit.exe
[2012-07-25 19:03] - [2012-07-25 22:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

C:\Windows\erdnt\cache64\wininit.exe
[2014-03-05 12:32] - [2012-07-25 22:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

====== End Of Search ======
  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Alright, let's get to work. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Uninstall a program and FRST Fix


Please uninstall the following program from your computer: Search module


Then:


  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
Task: {7A4EB64F-4E93-43FB-B567-3959F603DF78} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {0354134E-C304-4964-AF07-5A3AE8A92C74} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {80F565A2-D34C-4398-AC65-2B096BEF2205} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe
Task: {8FFFF1F5-DC39-4EB1-8A3D-2E85B6976E5A} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.0.0.27\jsdrv.exe
Task: {D9524426-15F4-4B69-8417-C671063E6001} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe
Task: {05AB1C6B-AE7C-400E-A13B-7F406A5E7DC6} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
C:\Program Files (x86)\RegClean Pro
C:\Program Files (x86)\YTDownloader
C:\Program Files (x86)\Advanced System Protector
C:\Program Files (x86)\ShopperPro
C:\Program Files\Common Files\Goobzo
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1344373034&ir=
SearchScopes: HKLM - {FB4A8555-EFE5-49BE-81D0-BC434AE60338} URL = http://start.mysearc...=1344373034&ir=
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...q={searchTerms}
BHO: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
BHO: iWebar - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: Plus-HD-8.9 - {11111111-1111-1111-1111-110511281100} - C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho64.dll No File
BHO: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll No File
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2541928 2014-03-04] (Search Module Ltd.)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
c:\progra~2\optimi~1
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-03-04] ()
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
2014-03-04 14:16 - 2014-03-04 14:16 - 00003584 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-03-04 14:16 - 2014-03-04 14:16 - 00003580 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-03-04 14:16 - 2014-03-04 14:16 - 00003500 _____ () C:\Windows\System32\Tasks\SPDriver
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\ProgramData\SearchModule
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-03-04 14:15 - 2014-03-04 14:15 - 00000000 ____D () C:\Users\Jose\AppData\Local\CrashRpt
2014-03-04 14:14 - 2014-03-04 14:14 - 00000000 ____D () C:\Users\Jose\AppData\Local\Tuguu_SL
2014-03-02 17:47 - 2014-03-02 17:47 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-02 17:46 - 2014-03-04 17:16 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
Replace: C:\Windows\erdnt\cache64\wininit.exe C:\Windows\SysWOW64\wininit.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 3: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 4: FRST Scan

Let's get a fresh look with FRST and see how things look now. :)

Start FRST and press the scan button. Upon completion, it will produce one log. Please post it in your next reply.


Things I need to see in your next post:

FRST Fix Log

AdwCleaner Log

Junkware Removal Tool Log

New FRST Scan

Question: How is the computer running now?

  • 0

#9
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by Jose at 2014-03-11 13:11:57 Run:1
Running from C:\Users\Jose\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Task: {7A4EB64F-4E93-43FB-B567-3959F603DF78} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {0354134E-C304-4964-AF07-5A3AE8A92C74} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {80F565A2-D34C-4398-AC65-2B096BEF2205} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe
Task: {8FFFF1F5-DC39-4EB1-8A3D-2E85B6976E5A} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.0.0.27\jsdrv.exe
Task: {D9524426-15F4-4B69-8417-C671063E6001} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe
Task: {05AB1C6B-AE7C-400E-A13B-7F406A5E7DC6} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
C:\Program Files (x86)\RegClean Pro
C:\Program Files (x86)\YTDownloader
C:\Program Files (x86)\Advanced System Protector
C:\Program Files (x86)\ShopperPro
C:\Program Files\Common Files\Goobzo
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1344373034&ir=
SearchScopes: HKLM - {FB4A8555-EFE5-49BE-81D0-BC434AE60338} URL = http://start.mysearc...=1344373034&ir=
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.ne...q={searchTerms}
BHO: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
BHO: iWebar - {11111111-1111-1111-1111-110311551110} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: Plus-HD-8.9 - {11111111-1111-1111-1111-110511281100} - C:\Program Files (x86)\Plus-HD-8.9\Plus-HD-8.9-bho64.dll No File
BHO: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll No File
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2541928 2014-03-04] (Search Module Ltd.)
S2 70e6ca8c; "C:\Windows\system32\rundll32.exe" "c:\progra~2\optimi~1\OptProCrashSvc.dll",ServiceMain
c:\progra~2\optimi~1
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-03-04] ()
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
2014-03-04 14:16 - 2014-03-04 14:16 - 00003584 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-03-04 14:16 - 2014-03-04 14:16 - 00003580 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-03-04 14:16 - 2014-03-04 14:16 - 00003500 _____ () C:\Windows\System32\Tasks\SPDriver
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\ProgramData\SearchModule
2014-03-04 14:16 - 2014-03-04 14:16 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-03-04 14:15 - 2014-03-04 14:15 - 00000000 ____D () C:\Users\Jose\AppData\Local\CrashRpt
2014-03-04 14:14 - 2014-03-04 14:14 - 00000000 ____D () C:\Users\Jose\AppData\Local\Tuguu_SL
2014-03-02 17:47 - 2014-03-02 17:47 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-03-02 17:46 - 2014-03-04 17:16 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
Replace: C:\Windows\erdnt\cache64\wininit.exe C:\Windows\SysWOW64\wininit.exe
End
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A4EB64F-4E93-43FB-B567-3959F603DF78} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A4EB64F-4E93-43FB-B567-3959F603DF78} => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0354134E-C304-4964-AF07-5A3AE8A92C74} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0354134E-C304-4964-AF07-5A3AE8A92C74} => Key deleted successfully.
C:\Windows\System32\Tasks\Advanced System Protector_startup => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80F565A2-D34C-4398-AC65-2B096BEF2205} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80F565A2-D34C-4398-AC65-2B096BEF2205} => Key deleted successfully.
C:\Windows\System32\Tasks\ShopperPro => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8FFFF1F5-DC39-4EB1-8A3D-2E85B6976E5A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FFFF1F5-DC39-4EB1-8A3D-2E85B6976E5A} => Key deleted successfully.
C:\Windows\System32\Tasks\SPDriver => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9524426-15F4-4B69-8417-C671063E6001} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9524426-15F4-4B69-8417-C671063E6001} => Key deleted successfully.
C:\Windows\System32\Tasks\ShopperProJSUpd => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05AB1C6B-AE7C-400E-A13B-7F406A5E7DC6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05AB1C6B-AE7C-400E-A13B-7F406A5E7DC6} => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd => Key deleted successfully.
C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe => No running process found
"C:\Program Files (x86)\RegClean Pro" => File/Directory not found.
"C:\Program Files (x86)\YTDownloader" => File/Directory not found.
"C:\Program Files (x86)\Advanced System Protector" => File/Directory not found.
"C:\Program Files (x86)\ShopperPro" => File/Directory not found.
C:\Program Files\Common Files\Goobzo => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB4A8555-EFE5-49BE-81D0-BC434AE60338} => Key deleted successfully.
HKCR\CLSID\{FB4A8555-EFE5-49BE-81D0-BC434AE60338} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key deleted successfully.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311281150} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110311281150} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311551110} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110311551110} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511281100} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110511281100} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key deleted successfully.
HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key deleted successfully.
SMUpd => Service not found.
70e6ca8c => Service deleted successfully.
"c:\progra~2\optimi~1" => File/Directory not found.
SMUpdd => Service not found.
sbmntr => Service deleted successfully.
"C:\Windows\System32\Tasks\YTDownloaderUpd" => File/Directory not found.
"C:\Windows\System32\Tasks\ShopperProJSUpd" => File/Directory not found.
"C:\Windows\System32\Tasks\SPDriver" => File/Directory not found.
C:\Users\Public\Documents\ShopperPro => Moved successfully.
C:\ProgramData\SearchModule => Moved successfully.
"C:\Program Files\Common Files\Goobzo" => File/Directory not found.
C:\Users\Jose\AppData\Local\CrashRpt => Moved successfully.
C:\Users\Jose\AppData\Local\Tuguu_SL => Moved successfully.
"C:\Windows\System32\Tasks\Advanced System Protector_startup" => File/Directory not found.
"C:\Windows\System32\Tasks\RegClean Pro" => File/Directory not found.
C:\Windows\SysWOW64\wininit.exe => Moved successfully.
C:\Windows\erdnt\cache64\wininit.exe copied successfully to C:\Windows\SysWOW64\wininit.exe

==== End of Fixlog ====

# AdwCleaner v3.021 - Report created 11/03/2014 at 13:17:44
# Updated 10/03/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Jose - QUATRINEDESKTOP
# Running from : C:\Users\Jose\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : 70e6ca8c
[#] Service Deleted : sbmntr

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Users\Jose\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Jose\AppData\Roaming\UpdaterEX
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552210}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522282200}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566286600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322282250}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322552210}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522282200}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366286650}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366556610}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566286600}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798


-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3610 octets] - [11/03/2014 13:16:36]
AdwCleaner[S0].txt - [3485 octets] - [11/03/2014 13:17:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3545 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Jose on Tue 03/11/2014 at 13:22:10.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] qknfd



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/11/2014 at 13:25:02.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Jose (administrator) on QUATRINEDESKTOP on 11-03-2014 13:26:33
Running from C:\Users\Jose\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

() C:\Program Files (x86)\CloudClient\isfacs.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInRC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [CloudClient] - C:\Program Files (x86)\CloudClient\isfagent.exe [2155416 2013-12-09] (Cloud Security)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {FB4A8555-EFE5-49BE-81D0-BC434AE60338} URL =
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Hosts: Hosts file not detected in the default directory

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "sync": {
"dictionary": false,
"keep_everything_synced": false,
"preferences": false,
"priority_preferences": false,
"search_engines"
CHR DefaultSearchKeyword: www-search.net
CHR DefaultSearchProvider: Search
CHR DefaultSearchURL: http://www-search.ne...q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-02]
CHR Extension: (Google Drive) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-02]
CHR Extension: (YouTube) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
CHR Extension: (Search) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Gmail) - C:\Users\Jose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]

==================== Services (Whitelisted) =================

R2 Cloud Client Service; C:\Program Files (x86)\CloudClient\isfacs.exe [594432 2014-03-03] ()
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-20] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-03-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-12-05] (Microsoft Corporation)
S3 wmiApSrv; C:\Windows\SysWOW64\wbem\WmiApSrv.exe [0 2014-03-06] ()
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2014-02-26] (Glarysoft Ltd)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 qknfd; C:\Windows\System32\drivers\qknfd.sys [58256 2014-02-05] (Quiknowledge)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 13:25 - 2014-03-11 13:25 - 00000655 _____ () C:\Users\Jose\Desktop\JRT.txt
2014-03-11 13:22 - 2014-03-11 13:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-11 13:21 - 2014-03-11 13:21 - 01037734 _____ (Thisisu) C:\Users\Jose\Downloads\JRT.exe
2014-03-11 13:16 - 2014-03-11 13:17 - 00000000 ____D () C:\AdwCleaner
2014-03-11 13:14 - 2014-03-11 13:14 - 01949184 _____ () C:\Users\Jose\Downloads\adwcleaner.exe
2014-03-11 12:04 - 2014-03-11 12:05 - 00000871 _____ () C:\Users\Jose\Downloads\Search.txt
2014-03-11 10:42 - 2014-03-11 10:42 - 00001788 _____ () C:\Users\Jose\Downloads\aswMBR.txt
2014-03-11 10:42 - 2014-03-11 10:42 - 00000512 _____ () C:\Users\Jose\Downloads\MBR.dat
2014-03-11 10:39 - 2014-03-11 10:39 - 04745728 _____ (AVAST Software) C:\Users\Jose\Downloads\aswmbr.exe
2014-03-11 10:33 - 2014-03-11 10:33 - 00023409 _____ () C:\Users\Jose\Downloads\Addition.txt
2014-03-11 10:32 - 2014-03-11 13:26 - 00009357 _____ () C:\Users\Jose\Downloads\FRST.txt
2014-03-11 10:32 - 2014-03-11 13:26 - 00000000 ____D () C:\FRST
2014-03-11 10:31 - 2014-03-11 10:31 - 02157056 _____ (Farbar) C:\Users\Jose\Downloads\FRST64.exe
2014-03-10 20:12 - 2014-03-10 20:12 - 00000000 ____D () C:\Users\Jose\Downloads\EndpointSecurity (1)
2014-03-10 20:11 - 2014-03-10 20:11 - 03784351 _____ () C:\Users\Jose\Downloads\EndpointSecurity (1).zip
2014-03-10 20:09 - 2014-03-10 20:09 - 00000020 ___SH () C:\Users\caloffice\ntuser.ini
2014-03-10 20:09 - 2014-03-10 20:09 - 00000000 ____D () C:\Users\caloffice
2014-03-10 20:09 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-10 20:09 - 2013-12-05 04:39 - 00000000 ___RD () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-10 20:09 - 2013-12-05 04:39 - 00000000 ___RD () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-10 20:09 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-10 20:09 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-10 14:57 - 2014-03-10 14:57 - 00041472 _____ () C:\Users\Jose\Documents\CRF Rosenkranz 3.10.14.xls
2014-03-09 16:54 - 2014-03-09 16:54 - 00065024 _____ () C:\Users\Jose\Desktop\Copy of Supply Requisition Form.xls
2014-03-09 13:00 - 2014-03-09 13:00 - 00011776 ___SH () C:\Users\Jose\Desktop\Thumbs.db
2014-03-08 12:44 - 2014-03-08 12:44 - 00657408 _____ () C:\Users\Jose\Desktop\Current Fabric Retail Price List January 2014.xls
2014-03-07 13:13 - 2014-03-07 13:13 - 00439360 _____ () C:\Users\Jose\Desktop\segment_export_43aa5fa5a6.csv
2014-03-07 12:26 - 2014-03-07 12:26 - 00148907 _____ () C:\Users\Jose\Downloads\pillow front.jpeg
2014-03-06 18:27 - 2014-03-08 05:57 - 23077843 _____ () C:\Users\Jose\AppData\Local\census.cache
2014-03-06 18:24 - 2014-03-08 04:09 - 00071299 _____ () C:\Users\Jose\AppData\Local\ars.cache
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\winlogon.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\taskhostex.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\taskhost.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\spoolsv.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\smss.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\services.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\RuntimeBroker.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\lsass.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\dwm.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\dasHost.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\csrss.exe
2014-03-06 12:47 - 2012-07-25 22:08 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininit.exe
2014-03-06 12:44 - 2014-03-06 12:44 - 00000010 _____ () C:\Users\Jose\AppData\Local\sponge.last.runtime.cache
2014-03-06 12:41 - 2014-03-06 12:41 - 02049128 _____ (Trend Micro Inc.) C:\Users\Jose\Downloads\HousecallLauncher.exe
2014-03-06 12:41 - 2014-03-06 12:41 - 00000036 _____ () C:\Users\Jose\AppData\Local\housecall.guid.cache
2014-03-06 12:31 - 2014-03-11 13:18 - 00000000 ____D () C:\Program Files (x86)\CloudClient
2014-03-06 12:28 - 2014-03-06 12:30 - 00000000 ____D () C:\Users\Jose\AppData\Local\join.me
2014-03-06 12:28 - 2014-03-06 12:28 - 00001072 _____ () C:\Users\Jose\Desktop\join.me.lnk
2014-03-06 12:28 - 2014-03-06 12:28 - 00001072 _____ () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-03-06 11:35 - 2014-03-06 11:35 - 10619688 _____ (VS Revo Group ) C:\Users\Jose\Downloads\RevoUninProSetup.exe
2014-03-06 11:35 - 2014-03-06 11:35 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\Users\Jose\AppData\Local\VS Revo Group
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-06 11:35 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-03-06 11:12 - 2014-03-06 11:16 - 00000000 ____D () C:\Users\Jose\Downloads\EndpointSecurity
2014-03-06 11:11 - 2014-03-06 11:11 - 03784351 _____ () C:\Users\Jose\Downloads\EndpointSecurity.zip
2014-03-06 11:06 - 2014-03-06 11:06 - 07056016 _____ () C:\Users\Jose\Downloads\join.me.exe
2014-03-05 15:45 - 2014-03-05 15:45 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-03-05 15:45 - 2014-03-05 15:45 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-03-05 14:23 - 2014-03-05 14:23 - 05603808 _____ (IvoSoft) C:\Users\Jose\Downloads\ClassicShellSetup_4_0_0.exe
2014-03-05 13:03 - 2014-03-05 13:03 - 00024540 _____ () C:\ComboFix.txt
2014-03-05 12:28 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-05 12:28 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-05 12:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-05 12:28 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-05 12:24 - 2014-03-05 13:03 - 00000000 ____D () C:\Qoobox
2014-03-05 12:24 - 2014-03-05 12:32 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 12:24 - 2014-03-05 12:24 - 00000000 ___RD () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 12:24 - 2014-03-05 12:24 - 00000000 ___RD () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-04 19:16 - 2014-03-04 19:16 - 00001736 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-03-04 19:16 - 2014-03-04 19:16 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Canneverbe Limited
2014-03-04 19:16 - 2014-03-04 19:16 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-03-04 19:15 - 2014-03-11 13:20 - 00000362 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-03-04 19:15 - 2014-03-11 13:19 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-03-04 19:15 - 2014-03-04 19:15 - 00002984 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-03-04 19:15 - 2014-03-04 19:15 - 00002650 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-03-04 19:15 - 2014-03-04 19:15 - 00001086 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-03-04 19:15 - 2014-03-04 19:15 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\GlarySoft
2014-03-04 19:15 - 2014-02-26 00:39 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-03-04 19:15 - 2014-02-26 00:17 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-03-04 19:14 - 2014-03-11 13:06 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\ClassicShell
2014-03-04 19:14 - 2014-03-05 14:23 - 00000000 ____D () C:\Program Files\Classic Shell
2014-03-04 19:14 - 2014-03-04 19:14 - 00001270 _____ () C:\Users\Jose\Desktop\Revo Uninstaller.lnk
2014-03-04 19:14 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files\TeraCopy
2014-03-04 19:14 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-04 18:43 - 2014-03-04 18:43 - 00000000 ____D () C:\Windows\SysWOW64\tmp
2014-03-04 18:42 - 2014-03-06 11:29 - 00000000 ____D () C:\Program Files (x86)\CloudClient2
2014-03-04 16:48 - 2014-03-04 16:48 - 00432288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-04 16:38 - 2014-03-04 16:41 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\PCDr
2014-03-04 16:25 - 2014-03-04 16:25 - 00000600 _____ () C:\Users\Jose\PUTTY.RND
2014-03-04 16:06 - 2014-03-04 16:06 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Malwarebytes
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-04 16:06 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 15:47 - 2014-03-11 12:37 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-04 15:47 - 2014-03-04 15:47 - 00001024 _____ () C:\.rnd
2014-03-04 15:47 - 2014-03-04 15:47 - 00000000 ____D () C:\Users\Jose\AppData\Local\LogMeIn
2014-03-04 15:47 - 2014-03-04 15:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-03-04 15:47 - 2014-01-20 14:35 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-03-04 15:47 - 2014-01-20 14:35 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-03-04 15:47 - 2014-01-20 14:35 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-03-04 15:47 - 2013-12-11 18:11 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys
2014-03-04 15:33 - 2014-03-04 16:48 - 00000000 ____D () C:\SUPERDelete
2014-03-04 15:21 - 2014-03-04 16:26 - 00000000 ____D () C:\Program Files (x86)\ShowMyPCService
2014-03-04 15:08 - 2014-02-17 17:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 15:08 - 2014-02-17 17:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-04 14:17 - 2014-03-04 19:43 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\WordExtra
2014-03-04 14:17 - 2014-03-04 14:17 - 00001109 _____ () C:\Users\Jose\Desktop\Flash Player Pro.lnk
2014-03-04 14:17 - 2014-03-04 14:17 - 00000000 ____D () C:\Users\Jose\Documents\Flash Player Pro
2014-03-04 14:17 - 2014-03-04 14:17 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-03-04 14:16 - 2014-03-04 14:16 - 00003734 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-03-04 13:41 - 2014-03-04 13:41 - 00663040 _____ () C:\Users\Jose\Desktop\Current Fabric Retail Price List March 2014.xls
2014-03-04 13:41 - 2014-03-04 13:41 - 00303104 _____ () C:\Users\Jose\Desktop\Shop Swatch Iventory March 2014.xls
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Users\Jose\AppData\Local\Amazon_Services_LLC
2014-03-03 12:23 - 2014-03-03 12:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-03 12:23 - 2014-02-04 20:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-03 10:52 - 2013-09-04 13:47 - 00000117 ____H () C:\DBAR_Ver.txt
2014-03-03 10:51 - 2014-03-03 10:52 - 00000000 ____D () C:\ProgramData\softthinks
2014-03-03 10:51 - 2014-03-03 10:51 - 00003998 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-03 10:51 - 2014-03-03 10:51 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-03 10:51 - 2014-03-03 10:51 - 00003208 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-03 10:51 - 2014-03-03 10:51 - 00000000 ____D () C:\Users\Jose\AppData\Local\softthinks
2014-03-03 10:45 - 2014-03-11 13:19 - 00003794 _____ () C:\Users\Public\CAFADEBUG.log
2014-03-02 17:48 - 2014-03-02 17:48 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-03-02 17:47 - 2012-07-25 13:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-03-02 17:46 - 2014-03-02 17:46 - 17660184 _____ (Google Inc.) C:\Users\Jose\Downloads\picasa-setup.exe
2014-03-02 17:46 - 2014-03-02 17:46 - 00000000 ____D () C:\Program Files\Quiknowledge
2014-03-02 17:45 - 2014-03-04 10:50 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-02 17:44 - 2014-03-11 13:19 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-02 17:44 - 2014-03-11 12:49 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 17:44 - 2014-03-04 15:45 - 00000000 ____D () C:\Users\Jose\AppData\Local\Deployment
2014-03-02 17:44 - 2014-03-02 17:48 - 00000000 ____D () C:\Users\Jose\AppData\Local\Google
2014-03-02 17:44 - 2014-03-02 17:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 17:44 - 2014-03-02 17:44 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-02 17:44 - 2014-03-02 17:44 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-02 17:44 - 2014-03-02 17:44 - 00000000 ____D () C:\Users\Jose\AppData\Local\Apps\2.0
2014-03-02 17:38 - 2013-12-04 18:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-02 17:38 - 2013-12-04 18:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-02 17:38 - 2013-10-10 06:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-03-02 17:38 - 2013-10-10 04:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-02 17:38 - 2013-10-10 04:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-03-02 17:37 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-02 17:37 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-02 17:37 - 2013-09-03 22:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-02 17:37 - 2013-07-05 19:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-02 17:37 - 2013-07-03 21:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-02 17:36 - 2013-11-01 00:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-02 17:35 - 2013-12-08 19:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-02 17:35 - 2013-12-08 18:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-02 17:35 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-02 17:35 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-03-02 17:35 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-03-02 17:35 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-03-02 17:35 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-03-02 17:35 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-02 17:35 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-02 17:35 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-03-02 17:35 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-03-02 17:35 - 2013-10-02 18:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-02 17:35 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-03-02 17:35 - 2013-10-01 17:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-02 17:35 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-03-02 17:35 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-03-02 17:35 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-02 17:35 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-03-02 17:35 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-03-02 17:35 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-03-02 17:35 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-03-02 17:32 - 2013-09-13 17:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2014-03-02 17:32 - 2013-09-13 17:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-03-02 17:32 - 2013-08-30 00:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2014-03-02 17:32 - 2013-08-30 00:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-03-02 17:32 - 2013-08-29 18:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-03-02 17:32 - 2013-08-21 01:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-03-02 17:32 - 2013-08-10 01:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2014-03-02 17:32 - 2013-08-10 00:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-03-02 17:32 - 2013-08-09 22:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-03-02 17:32 - 2013-07-24 18:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-03-02 17:32 - 2013-07-24 18:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-03-02 17:32 - 2013-07-11 20:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-03-02 17:32 - 2013-07-11 20:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-03-02 17:31 - 2013-06-22 00:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-02 17:31 - 2013-06-22 00:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-02 17:26 - 2014-03-02 17:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-02 17:26 - 2013-07-05 17:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-03-02 17:26 - 2013-07-01 17:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-03-02 17:25 - 2013-10-01 18:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-02 17:25 - 2013-10-01 18:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-02 17:21 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ___RD () C:\Users\Jose\SkyDrive
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-03-02 17:16 - 2014-03-02 17:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-02 17:16 - 2013-09-23 17:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-02 17:16 - 2013-09-23 17:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-02 17:13 - 2012-10-23 22:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2014-03-02 17:13 - 2012-10-23 21:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2014-03-02 17:12 - 2013-12-04 18:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-02 17:12 - 2013-12-04 18:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-02 17:12 - 2013-11-26 19:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-03-02 17:12 - 2013-11-25 18:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-02 17:12 - 2013-10-31 00:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-03-02 17:12 - 2013-10-31 00:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-03-02 17:12 - 2013-10-30 23:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-03-02 17:12 - 2013-10-30 22:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-03-02 17:12 - 2013-10-28 00:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-03-02 17:12 - 2013-10-27 23:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-03-02 17:12 - 2013-10-13 15:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-03-02 17:12 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-02 17:12 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-03-02 17:12 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-02 17:12 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-02 17:12 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-02 17:12 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-03-02 17:12 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-02 17:12 - 2013-08-27 00:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-02 17:12 - 2013-08-27 00:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-02 17:12 - 2013-08-26 17:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-02 17:12 - 2013-08-26 17:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-03-02 17:12 - 2013-07-19 17:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-02 17:12 - 2013-07-19 17:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-02 17:12 - 2013-06-30 20:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-02 17:12 - 2013-06-30 20:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-02 17:12 - 2013-06-30 20:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-02 17:12 - 2013-06-30 20:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-02 17:12 - 2013-06-28 22:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-02 17:12 - 2013-06-28 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-02 17:12 - 2013-06-28 22:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-02 17:12 - 2013-05-26 18:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-02 17:12 - 2013-05-26 17:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-02 17:12 - 2013-05-24 22:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-02 17:12 - 2013-05-24 21:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-02 17:10 - 2014-02-01 04:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-02 17:10 - 2014-02-01 04:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-02 17:10 - 2014-02-01 04:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-02 17:10 - 2014-02-01 04:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-02 17:10 - 2014-02-01 04:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-02 17:10 - 2014-02-01 02:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-02 17:10 - 2014-02-01 02:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-02 17:10 - 2014-02-01 02:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-02 17:10 - 2014-02-01 02:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-02 17:09 - 2014-02-01 04:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-02 17:09 - 2014-02-01 04:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-02 17:09 - 2014-02-01 04:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-02 17:09 - 2014-02-01 02:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-02 17:09 - 2014-02-01 02:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-02 17:09 - 2014-02-01 02:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-02 17:09 - 2014-02-01 02:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-02 17:09 - 2014-02-01 00:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-02 17:08 - 2014-01-12 18:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-02 17:08 - 2014-01-12 18:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-02 17:08 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-02 17:08 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-02 17:08 - 2013-11-19 19:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-02 17:08 - 2013-11-19 18:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-02 17:08 - 2013-08-23 02:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-02 17:08 - 2013-08-22 20:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-02 17:08 - 2013-07-01 20:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-03-02 17:08 - 2013-07-01 20:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-03-02 17:08 - 2013-03-21 22:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-03-02 17:08 - 2013-03-21 17:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-03-02 17:06 - 2013-12-07 01:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-03-02 17:06 - 2013-12-07 01:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-02 17:06 - 2013-12-07 00:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-03-02 17:06 - 2013-12-07 00:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-02 17:06 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-02 17:06 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-02 17:05 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-03-02 17:05 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-03-02 17:05 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-03-02 17:05 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-03-02 17:05 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-03-02 17:05 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-03-02 17:05 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-03-02 17:05 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-03-02 17:05 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-03-02 17:05 - 2013-08-02 01:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-02 17:05 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-02 17:05 - 2013-08-02 00:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-02 17:05 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-02 17:05 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-03-02 17:05 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-03-02 17:05 - 2013-04-09 18:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-03-02 17:05 - 2013-04-09 17:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-03-02 17:04 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-02 17:04 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-02 17:04 - 2013-10-01 18:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-02 17:04 - 2013-10-01 18:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-02 17:04 - 2013-08-02 01:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-03-02 17:04 - 2013-08-02 00:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-03-02 16:59 - 2014-03-10 14:06 - 00510464 _____ () C:\Users\Jose\Desktop\Chicago Commission Worsheet2014.xls
2014-03-02 16:59 - 2014-03-09 17:08 - 00593920 _____ () C:\Users\Jose\Desktop\401-INVENTORY_2.22.14.xls
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ___RD () C:\Users\Jose\Desktop\TIME SHEET & SCHEDULE
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Zenkewicz Comp pillows
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Wyrick
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Siegel
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Sabo
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Ruge-Anderson
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Purchase Orders
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\PILOT Freight Services
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Pending Orders
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\New DRF's
2014-03-02 16:59 - 2014-03-02 16:01 - 00000310 _____ () C:\Users\Jose\Desktop\My Documents.lnk
2014-03-02 16:59 - 2014-02-03 18:39 - 00258184 _____ () C:\Users\Jose\Desktop\Client contact info 2.3.14.xlsx
2014-03-02 16:59 - 2013-10-18 15:07 - 00233984 _____ () C:\Users\Jose\Desktop\Furniture Price Tags 01 02 10.xls
2014-03-02 16:59 - 2013-02-14 13:43 - 00215552 _____ () C:\Users\Jose\Desktop\Fabric+Inventory+colorcoded.xls
2014-03-02 16:58 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Metal Hardware
2014-03-02 16:57 - 2014-03-02 16:58 - 00000000 ____D () C:\Users\Jose\Desktop\Merchandising Folder
2014-03-02 16:56 - 2014-03-11 10:18 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1872610917-3398350509-3947348075-1001
2014-03-02 16:56 - 2014-03-08 13:27 - 00000000 ____D () C:\Users\Jose\Desktop\Manager
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ___RD () C:\Users\Jose\Desktop\Forms
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Forms Folder
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Fabric Care Sheets
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Fabric
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Designer Paperwork & Outreach
2014-03-02 16:55 - 2014-03-09 14:31 - 00000000 ____D () C:\Users\Jose\Desktop\Commission
2014-03-02 16:55 - 2014-03-02 16:56 - 00000000 ___RD () C:\Users\Jose\Desktop\DER 2014
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Customer Appreciation Folder
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Container Folder
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\AT&T
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Administrative Folder
2014-03-02 16:54 - 2014-03-02 16:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-03-02 16:49 - 2014-03-02 16:49 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Intel Corporation
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Leadertech
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Users\Jose\AppData\Local\Conexant
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Macromedia
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Adobe
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Local\Power2Go8
2014-03-02 16:46 - 2014-03-10 14:06 - 00000000 ____D () C:\Users\Jose\AppData\Local\Packages
2014-03-02 16:46 - 2014-03-04 16:25 - 00000000 ____D () C:\Users\Jose
2014-03-02 16:46 - 2014-03-02 17:16 - 00000000 ____D () C:\Users\Jose\AppData\Local\VirtualStore
2014-03-02 16:46 - 2014-03-02 16:48 - 00000000 ____D () C:\ProgramData\PRICache
2014-03-02 16:46 - 2014-03-02 16:46 - 00000020 ___SH () C:\Users\Jose\ntuser.ini

==================== One Month Modified Files and Folders =======

2014-03-11 13:26 - 2014-03-11 10:32 - 00009357 _____ () C:\Users\Jose\Downloads\FRST.txt
2014-03-11 13:26 - 2014-03-11 10:32 - 00000000 ____D () C:\FRST
2014-03-11 13:25 - 2014-03-11 13:25 - 00000655 _____ () C:\Users\Jose\Desktop\JRT.txt
2014-03-11 13:24 - 2012-07-26 02:28 - 00870438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-11 13:22 - 2014-03-11 13:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-11 13:21 - 2014-03-11 13:21 - 01037734 _____ (Thisisu) C:\Users\Jose\Downloads\JRT.exe
2014-03-11 13:20 - 2014-03-04 19:15 - 00000362 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-03-11 13:19 - 2014-03-04 19:15 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-03-11 13:19 - 2014-03-03 10:45 - 00003794 _____ () C:\Users\Public\CAFADEBUG.log
2014-03-11 13:19 - 2014-03-02 17:44 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 13:18 - 2014-03-06 12:31 - 00000000 ____D () C:\Program Files (x86)\CloudClient
2014-03-11 13:18 - 2013-12-05 04:50 - 01771212 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 13:18 - 2013-12-05 04:43 - 00247220 _____ () C:\Windows\PFRO.log
2014-03-11 13:18 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 13:18 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-11 13:17 - 2014-03-11 13:16 - 00000000 ____D () C:\AdwCleaner
2014-03-11 13:14 - 2014-03-11 13:14 - 01949184 _____ () C:\Users\Jose\Downloads\adwcleaner.exe
2014-03-11 13:06 - 2014-03-04 19:14 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\ClassicShell
2014-03-11 13:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-11 12:49 - 2014-03-02 17:44 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 12:37 - 2014-03-04 15:47 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-11 12:05 - 2014-03-11 12:04 - 00000871 _____ () C:\Users\Jose\Downloads\Search.txt
2014-03-11 10:42 - 2014-03-11 10:42 - 00001788 _____ () C:\Users\Jose\Downloads\aswMBR.txt
2014-03-11 10:42 - 2014-03-11 10:42 - 00000512 _____ () C:\Users\Jose\Downloads\MBR.dat
2014-03-11 10:39 - 2014-03-11 10:39 - 04745728 _____ (AVAST Software) C:\Users\Jose\Downloads\aswmbr.exe
2014-03-11 10:33 - 2014-03-11 10:33 - 00023409 _____ () C:\Users\Jose\Downloads\Addition.txt
2014-03-11 10:31 - 2014-03-11 10:31 - 02157056 _____ (Farbar) C:\Users\Jose\Downloads\FRST64.exe
2014-03-11 10:18 - 2014-03-02 16:56 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1872610917-3398350509-3947348075-1001
2014-03-10 20:12 - 2014-03-10 20:12 - 00000000 ____D () C:\Users\Jose\Downloads\EndpointSecurity (1)
2014-03-10 20:11 - 2014-03-10 20:11 - 03784351 _____ () C:\Users\Jose\Downloads\EndpointSecurity (1).zip
2014-03-10 20:09 - 2014-03-10 20:09 - 00000020 ___SH () C:\Users\caloffice\ntuser.ini
2014-03-10 20:09 - 2014-03-10 20:09 - 00000000 ____D () C:\Users\caloffice
2014-03-10 14:57 - 2014-03-10 14:57 - 00041472 _____ () C:\Users\Jose\Documents\CRF Rosenkranz 3.10.14.xls
2014-03-10 14:06 - 2014-03-02 16:59 - 00510464 _____ () C:\Users\Jose\Desktop\Chicago Commission Worsheet2014.xls
2014-03-10 14:06 - 2014-03-02 16:46 - 00000000 ____D () C:\Users\Jose\AppData\Local\Packages
2014-03-09 17:08 - 2014-03-02 16:59 - 00593920 _____ () C:\Users\Jose\Desktop\401-INVENTORY_2.22.14.xls
2014-03-09 16:54 - 2014-03-09 16:54 - 00065024 _____ () C:\Users\Jose\Desktop\Copy of Supply Requisition Form.xls
2014-03-09 16:54 - 2013-12-05 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2014-03-09 14:31 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Commission
2014-03-09 13:00 - 2014-03-09 13:00 - 00011776 ___SH () C:\Users\Jose\Desktop\Thumbs.db
2014-03-08 13:27 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Manager
2014-03-08 12:44 - 2014-03-08 12:44 - 00657408 _____ () C:\Users\Jose\Desktop\Current Fabric Retail Price List January 2014.xls
2014-03-08 05:57 - 2014-03-06 18:27 - 23077843 _____ () C:\Users\Jose\AppData\Local\census.cache
2014-03-08 04:09 - 2014-03-06 18:24 - 00071299 _____ () C:\Users\Jose\AppData\Local\ars.cache
2014-03-07 13:31 - 2013-12-06 13:48 - 00500736 _____ () C:\Users\Jose\Desktop\Fabrics Received 2014.xls
2014-03-07 13:29 - 2013-12-06 13:48 - 00472576 _____ () C:\Users\Jose\Desktop\Fabric Status 2014.xls
2014-03-07 13:13 - 2014-03-07 13:13 - 00439360 _____ () C:\Users\Jose\Desktop\segment_export_43aa5fa5a6.csv
2014-03-07 12:46 - 2013-12-06 13:48 - 00250880 _____ () C:\Users\Jose\Desktop\Floor Pieces Fabric Inventory 2014.xls
2014-03-07 12:45 - 2013-12-06 13:48 - 00271360 _____ () C:\Users\Jose\Desktop\Inactive Fabric Inventory 2014.xls
2014-03-07 12:44 - 2013-12-06 13:48 - 00144384 _____ () C:\Users\Jose\Desktop\Current Fabric Inventory 2014.xls
2014-03-07 12:26 - 2014-03-07 12:26 - 00148907 _____ () C:\Users\Jose\Downloads\pillow front.jpeg
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\winlogon.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\taskhostex.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\taskhost.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\spoolsv.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\smss.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\services.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\RuntimeBroker.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\lsass.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\dwm.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\dasHost.exe
2014-03-06 12:47 - 2014-03-06 12:47 - 00000000 _____ () C:\Windows\SysWOW64\csrss.exe
2014-03-06 12:44 - 2014-03-06 12:44 - 00000010 _____ () C:\Users\Jose\AppData\Local\sponge.last.runtime.cache
2014-03-06 12:41 - 2014-03-06 12:41 - 02049128 _____ (Trend Micro Inc.) C:\Users\Jose\Downloads\HousecallLauncher.exe
2014-03-06 12:41 - 2014-03-06 12:41 - 00000036 _____ () C:\Users\Jose\AppData\Local\housecall.guid.cache
2014-03-06 12:30 - 2014-03-06 12:28 - 00000000 ____D () C:\Users\Jose\AppData\Local\join.me
2014-03-06 12:28 - 2014-03-06 12:28 - 00001072 _____ () C:\Users\Jose\Desktop\join.me.lnk
2014-03-06 12:28 - 2014-03-06 12:28 - 00001072 _____ () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-03-06 11:35 - 2014-03-06 11:35 - 10619688 _____ (VS Revo Group ) C:\Users\Jose\Downloads\RevoUninProSetup.exe
2014-03-06 11:35 - 2014-03-06 11:35 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\Users\Jose\AppData\Local\VS Revo Group
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-06 11:35 - 2014-03-06 11:35 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-06 11:29 - 2014-03-04 18:42 - 00000000 ____D () C:\Program Files (x86)\CloudClient2
2014-03-06 11:16 - 2014-03-06 11:12 - 00000000 ____D () C:\Users\Jose\Downloads\EndpointSecurity
2014-03-06 11:11 - 2014-03-06 11:11 - 03784351 _____ () C:\Users\Jose\Downloads\EndpointSecurity.zip
2014-03-06 11:06 - 2014-03-06 11:06 - 07056016 _____ () C:\Users\Jose\Downloads\join.me.exe
2014-03-05 15:45 - 2014-03-05 15:45 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-03-05 15:45 - 2014-03-05 15:45 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-03-05 14:23 - 2014-03-05 14:23 - 05603808 _____ (IvoSoft) C:\Users\Jose\Downloads\ClassicShellSetup_4_0_0.exe
2014-03-05 14:23 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files\Classic Shell
2014-03-05 13:16 - 2013-12-05 05:08 - 00866796 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-05 13:03 - 2014-03-05 13:03 - 00024540 _____ () C:\ComboFix.txt
2014-03-05 13:03 - 2014-03-05 12:24 - 00000000 ____D () C:\Qoobox
2014-03-05 13:02 - 2012-07-26 00:26 - 00000215 _____ () C:\Windows\system.ini
2014-03-05 12:33 - 2012-07-26 00:37 - 00000000 __RHD () C:\Users\Default
2014-03-05 12:32 - 2014-03-05 12:24 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 12:32 - 2012-07-26 00:26 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-03-05 12:24 - 2014-03-05 12:24 - 00000000 ___RD () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 12:24 - 2014-03-05 12:24 - 00000000 ___RD () C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-05 11:10 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-03-04 19:43 - 2014-03-04 14:17 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\WordExtra
2014-03-04 19:16 - 2014-03-04 19:16 - 00001736 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk
2014-03-04 19:16 - 2014-03-04 19:16 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Canneverbe Limited
2014-03-04 19:16 - 2014-03-04 19:16 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-03-04 19:15 - 2014-03-04 19:15 - 00002984 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-03-04 19:15 - 2014-03-04 19:15 - 00002650 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-03-04 19:15 - 2014-03-04 19:15 - 00001086 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-03-04 19:15 - 2014-03-04 19:15 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\GlarySoft
2014-03-04 19:14 - 2014-03-04 19:14 - 00001270 _____ () C:\Users\Jose\Desktop\Revo Uninstaller.lnk
2014-03-04 19:14 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files\TeraCopy
2014-03-04 19:14 - 2014-03-04 19:14 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-03-04 18:55 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-03-04 18:43 - 2014-03-04 18:43 - 00000000 ____D () C:\Windows\SysWOW64\tmp
2014-03-04 17:14 - 2013-12-05 05:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-04 16:48 - 2014-03-04 16:48 - 00432288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-04 16:48 - 2014-03-04 15:33 - 00000000 ____D () C:\SUPERDelete
2014-03-04 16:42 - 2013-12-05 05:05 - 00000000 ____D () C:\ProgramData\PCDr
2014-03-04 16:42 - 2013-12-05 05:05 - 00000000 ____D () C:\Program Files\My Dell
2014-03-04 16:41 - 2014-03-04 16:38 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\PCDr
2014-03-04 16:26 - 2014-03-04 15:21 - 00000000 ____D () C:\Program Files (x86)\ShowMyPCService
2014-03-04 16:25 - 2014-03-04 16:25 - 00000600 _____ () C:\Users\Jose\PUTTY.RND
2014-03-04 16:25 - 2014-03-02 16:46 - 00000000 ____D () C:\Users\Jose
2014-03-04 16:06 - 2014-03-04 16:06 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Malwarebytes
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 16:06 - 2014-03-04 16:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-04 15:47 - 2014-03-04 15:47 - 00001024 _____ () C:\.rnd
2014-03-04 15:47 - 2014-03-04 15:47 - 00000000 ____D () C:\Users\Jose\AppData\Local\LogMeIn
2014-03-04 15:47 - 2014-03-04 15:47 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-03-04 15:45 - 2014-03-02 17:44 - 00000000 ____D () C:\Users\Jose\AppData\Local\Deployment
2014-03-04 15:04 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-04 15:03 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-04 15:03 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-03-04 14:17 - 2014-03-04 14:17 - 00001109 _____ () C:\Users\Jose\Desktop\Flash Player Pro.lnk
2014-03-04 14:17 - 2014-03-04 14:17 - 00000000 ____D () C:\Users\Jose\Documents\Flash Player Pro
2014-03-04 14:17 - 2014-03-04 14:17 - 00000000 ____D () C:\Program Files (x86)\Flash Player Pro
2014-03-04 14:16 - 2014-03-04 14:16 - 00003734 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-03-04 14:16 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-04 13:41 - 2014-03-04 13:41 - 00663040 _____ () C:\Users\Jose\Desktop\Current Fabric Retail Price List March 2014.xls
2014-03-04 13:41 - 2014-03-04 13:41 - 00303104 _____ () C:\Users\Jose\Desktop\Shop Swatch Iventory March 2014.xls
2014-03-04 10:50 - 2014-03-02 17:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 15:33 - 2014-03-03 15:33 - 00000000 ____D () C:\Users\Jose\AppData\Local\Amazon_Services_LLC
2014-03-03 12:24 - 2014-03-03 12:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-03 12:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-03-03 12:22 - 2012-07-26 00:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-03 12:21 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-03 10:52 - 2014-03-03 10:51 - 00000000 ____D () C:\ProgramData\softthinks
2014-03-03 10:51 - 2014-03-03 10:51 - 00003998 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-03 10:51 - 2014-03-03 10:51 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-03 10:51 - 2014-03-03 10:51 - 00003208 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-03-03 10:51 - 2014-03-03 10:51 - 00000000 ____D () C:\Users\Jose\AppData\Local\softthinks
2014-03-02 17:48 - 2014-03-02 17:48 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-03-02 17:48 - 2014-03-02 17:44 - 00000000 ____D () C:\Users\Jose\AppData\Local\Google
2014-03-02 17:47 - 2014-03-02 17:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 17:46 - 2014-03-02 17:46 - 17660184 _____ (Google Inc.) C:\Users\Jose\Downloads\picasa-setup.exe
2014-03-02 17:46 - 2014-03-02 17:46 - 00000000 ____D () C:\Program Files\Quiknowledge
2014-03-02 17:44 - 2014-03-02 17:44 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-02 17:44 - 2014-03-02 17:44 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-02 17:44 - 2014-03-02 17:44 - 00000000 ____D () C:\Users\Jose\AppData\Local\Apps\2.0
2014-03-02 17:26 - 2014-03-02 17:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-03-02 17:26 - 2012-07-26 02:21 - 00012886 _____ () C:\Windows\setupact.log
2014-03-02 17:21 - 2014-03-10 20:09 - 00002106 _____ () C:\Users\caloffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00002106 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ___RD () C:\Users\Jose\SkyDrive
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive
2014-03-02 17:21 - 2014-03-02 17:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-03-02 17:16 - 2014-03-02 17:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-02 17:16 - 2014-03-02 16:46 - 00000000 ____D () C:\Users\Jose\AppData\Local\VirtualStore
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ___RD () C:\Users\Jose\Desktop\TIME SHEET & SCHEDULE
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Zenkewicz Comp pillows
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Wyrick
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Siegel
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Sabo
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Ruge-Anderson
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Purchase Orders
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\PILOT Freight Services
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\Pending Orders
2014-03-02 16:59 - 2014-03-02 16:59 - 00000000 ____D () C:\Users\Jose\Desktop\New DRF's
2014-03-02 16:59 - 2014-03-02 16:58 - 00000000 ____D () C:\Users\Jose\Desktop\Metal Hardware
2014-03-02 16:58 - 2014-03-02 16:57 - 00000000 ____D () C:\Users\Jose\Desktop\Merchandising Folder
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ___RD () C:\Users\Jose\Desktop\Forms
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Forms Folder
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Fabric Care Sheets
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Fabric
2014-03-02 16:56 - 2014-03-02 16:56 - 00000000 ____D () C:\Users\Jose\Desktop\Designer Paperwork & Outreach
2014-03-02 16:56 - 2014-03-02 16:55 - 00000000 ___RD () C:\Users\Jose\Desktop\DER 2014
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Customer Appreciation Folder
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Container Folder
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\AT&T
2014-03-02 16:55 - 2014-03-02 16:55 - 00000000 ____D () C:\Users\Jose\Desktop\Administrative Folder
2014-03-02 16:54 - 2014-03-02 16:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-03-02 16:49 - 2014-03-02 16:49 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Intel Corporation
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Leadertech
2014-03-02 16:48 - 2014-03-02 16:48 - 00000000 ____D () C:\Users\Jose\AppData\Local\Conexant
2014-03-02 16:48 - 2014-03-02 16:46 - 00000000 ____D () C:\ProgramData\PRICache
2014-03-02 16:48 - 2013-12-05 05:02 - 00000000 ____D () C:\ProgramData\Intel
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Macromedia
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Roaming\Adobe
2014-03-02 16:47 - 2014-03-02 16:47 - 00000000 ____D () C:\Users\Jose\AppData\Local\Power2Go8
2014-03-02 16:47 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-02 16:46 - 2014-03-02 16:46 - 00000020 ___SH () C:\Users\Jose\ntuser.ini
2014-03-02 16:46 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-03-02 16:01 - 2014-03-02 16:59 - 00000310 _____ () C:\Users\Jose\Desktop\My Documents.lnk
2014-02-26 00:39 - 2014-03-04 19:15 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-02-26 00:17 - 2014-03-04 19:15 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-02-17 17:03 - 2014-03-04 15:08 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 17:03 - 2014-03-04 15:08 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Jose\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe
[2014-03-06 12:47] - [2012-07-25 22:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-05 04:43

==================== End Of Log ============================

Let me check how it is running...
I will report back.
  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.

  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, close the window.

  • 0

Advertisements


#11
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Ok did that.
  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
I didn't mean to split this into 2 posts. Please change your Chrome Search Provider as well.

Changing Chrome's Search Provider

We need to change your default Search Provider in Chrome. Please follow the instructions below.

  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under Search and then click the box that has your current search provider listed. Change it from the malware related search engine to another (Such as Google.)
  • Once you have changed it, click on Manage Search Engines and delete Searchfrom the list.
  • Once you have removed it, close the window.


Please let me know whenever you can how the machine is doing and we'll continue with the cleaning. :thumbsup:
  • 0

#13
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
Ok I removed search.
  • 0

#14
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 219 posts
So far it is not acting crazy anymore and seems to be back to normal.
  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

So far it is not acting crazy anymore and seems to be back to normal.


Good to hear, let's continue. :)



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Posted Image Please download Malwarebytes' Anti-Malware from Here.

  • Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
  • Proceed through the setup
    • Choose your language
    • Accept the License Agreement
    • Select Destination Location
    • Select Start Menu Folder
    • Select Addtional Tasks
    • Click Install
    • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
      • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
      • Keep the check mark beside Update Malwarebytes' Anti-Malware
      • Keep the check mark beside Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan
  • Click Scan. The scan may take some time to finish,so please be patient.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP