Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Version Installer (Rocket Browser) [Closed]


  • This topic is locked This topic is locked

#1
Jrt2006

Jrt2006

    Member

  • Member
  • PipPip
  • 42 posts

Hello, been awhile since Ive been on here because i havent owned a computer in so long.  Well, I decided to fork up 300$ today for a laptop to begin school, and low and behold after one download of Mozilla Firefox browser, I seem to be getting this Windows Version Installer pop up consistently asking me to install Rocket browser.  I've also seen a (i think it is called) VUUCP updater?

 

Please help, 10 minutes after windows setup and I'm already irritated with this bugger.  i remember there used to be a "do this first" thread that pointed you to different programs to run and clean your system first before posting, I dont see that on here anymore, so I havent done anything besides uninstall a few programs to get rid of this monster.

 

Thanks


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to GeeksToGo! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

  • 0

#3
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Sorry for the delay, I have a grueling work schedule.  Since my post I have run malware bytes once.  Here are the requested the logs:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by James (administrator) on THOMPSONPC on 23-07-2014 09:07:47
Running from C:\Users\James\Downloads
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sendori) C:\Program Files (x86)\PureLeads\plsapp.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe
(AMD) C:\Windows\System32\atieclxx.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(PureLeads) C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUicnt.exe
(sendori) C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-07-24] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-06-27] (PureLeads)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49184;https=127.0.0.1:49184
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\plsapp.dll [357664] (Sendori)
Winsock: Catalog9 02 C:\Windows\SysWOW64\plsapp.dll [357664] (Sendori)
Winsock: Catalog9 03 C:\Windows\SysWOW64\plsapp.dll [357664] (Sendori)
Winsock: Catalog9 04 C:\Windows\SysWOW64\plsapp.dll [357664] (Sendori)
Winsock: Catalog9 15 C:\Windows\SysWOW64\plsapp.dll [357664] (Sendori)
Winsock: Catalog9-x64 01 C:\Windows\system32\plsapp64.dll [464160] (Sendori)
Winsock: Catalog9-x64 02 C:\Windows\system32\plsapp64.dll [464160] (Sendori)
Winsock: Catalog9-x64 03 C:\Windows\system32\plsapp64.dll [464160] (Sendori)
Winsock: Catalog9-x64 04 C:\Windows\system32\plsapp64.dll [464160] (Sendori)
Winsock: Catalog9-x64 15 C:\Windows\system32\plsapp64.dll [464160] (Sendori)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ajwadlwx.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\James\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-22]

==================== Services (Whitelisted) =================

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-25] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-07-13] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [175464 2013-07-24] (McAfee, Inc.)
R3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-25] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-25] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-07-05] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-25] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-25] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-25] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-25] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3846944 2014-06-27] (Sendori)
R2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-06-27] (PureLeads)
R2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-06-27] (sendori)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-04-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-04-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390680 2013-10-31] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-04-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 09:07 - 2014-07-23 09:08 - 00016625 _____ () C:\Users\James\Downloads\FRST.txt
2014-07-23 09:07 - 2014-07-23 09:08 - 00000000 ____D () C:\FRST
2014-07-23 09:06 - 2014-07-23 09:06 - 02091520 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2014-07-23 09:06 - 2014-07-23 09:06 - 01082368 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2014-07-23 08:48 - 2014-07-23 08:48 - 00000000 ____D () C:\Users\James\AppData\Roaming\Electronic Arts
2014-07-23 08:46 - 2014-07-23 08:47 - 09091423 _____ (Electronic Arts) C:\Users\James\Downloads\GameFaceBrowserPluginInstaller.1.8.0.0.exe
2014-07-23 08:44 - 2014-07-23 08:44 - 00000000 ____D () C:\Users\James\AppData\Local\Unity
2014-07-23 08:43 - 2014-07-23 08:43 - 01080480 _____ (Unity Technologies ApS) C:\Users\James\Downloads\UnityWebPlayer.exe
2014-07-22 20:02 - 2014-07-22 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-20 12:22 - 2014-07-23 08:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 12:19 - 2014-07-20 12:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:19 - 2014-07-20 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 12:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 12:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 12:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 12:18 - 2014-07-20 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 11:36 - 2014-07-20 11:36 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-20 11:35 - 2014-07-20 11:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-20 10:33 - 2014-07-20 10:33 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-07-20 10:33 - 2014-07-20 10:33 - 00000000 ____D () C:\Windows\system32\config\Before Compact
2014-07-20 10:25 - 2014-07-23 08:40 - 00000000 ____D () C:\Users\James\Documents\Food
2014-07-20 08:12 - 2014-07-20 08:12 - 00021464 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-20 00:55 - 2014-07-20 17:50 - 00000386 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-07-20 00:54 - 2014-07-20 00:54 - 00004028 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-07-20 00:53 - 2014-07-20 12:22 - 00000000 ____D () C:\Users\James\Desktop\Cleanup_Security
2014-07-20 00:53 - 2014-07-20 00:56 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-20 00:52 - 2014-07-20 00:52 - 00000000 ____D () C:\Windows\system32\config\Original
2014-07-20 00:52 - 2014-07-20 00:52 - 00000000 ____D () C:\Users\James\Desktop\Fantasy Tools
2014-07-20 00:50 - 2014-07-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2014-07-20 00:50 - 2014-07-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineupDominator
2014-07-20 00:50 - 2014-07-13 13:36 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2014-07-20 00:50 - 2014-07-13 13:36 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2014-07-20 00:49 - 2014-07-23 09:04 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-07-20 00:49 - 2014-07-20 00:49 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-07-20 00:49 - 2014-07-20 00:49 - 00000000 ____D () C:\Users\James\AppData\Roaming\ioloGovernor
2014-07-20 00:49 - 2014-07-20 00:49 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-07-20 00:49 - 2014-07-13 13:53 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2014-07-20 00:49 - 2014-07-13 13:53 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2014-07-20 00:49 - 2014-07-13 13:31 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2014-07-20 00:48 - 2014-07-13 18:39 - 43459232 _____ (iolo technologies, LLC ) C:\Users\James\Documents\SystemMechanic.exe
2014-07-20 00:47 - 2014-07-20 00:48 - 05562242 _____ ( ) C:\Users\James\Downloads\LD90a_Setup.exe
2014-07-20 00:43 - 2014-07-20 00:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-07-20 00:41 - 2014-07-23 08:14 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F95BF861-9522-41E9-87DD-C49DDC66815A}
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 ____D () C:\Users\James\AppData\Roaming\Macromedia
2014-07-20 00:40 - 2014-07-20 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Projections Dominator
2014-07-20 00:40 - 1998-10-07 16:05 - 00154392 _____ (Sheridan Software Systems, Inc.) C:\Windows\SysWOW64\Splitter.ocx
2014-07-20 00:39 - 2014-07-20 00:53 - 00000000 ____D () C:\Users\James\AppData\Roaming\Hewlett-Packard
2014-07-20 00:39 - 2014-07-20 00:39 - 00459696 _____ () C:\Users\James\Downloads\sm_dm.exe
2014-07-20 00:39 - 2014-07-20 00:39 - 00000000 ____D () C:\Users\James\AppData\Local\AMD
2014-07-20 00:38 - 2014-07-22 06:14 - 00000000 __RDO () C:\Users\James\OneDrive
2014-07-20 00:37 - 2014-07-20 00:37 - 03516556 _____ ( ) C:\Users\James\Downloads\PD90c_Setup.exe
2014-07-20 00:37 - 2014-07-20 00:37 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-07-20 00:37 - 2014-07-20 00:37 - 00000000 ____D () C:\iolo
2014-07-20 00:37 - 2014-07-16 08:30 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2014-07-20 00:36 - 2014-07-22 21:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-376113473-2297420903-2571305959-1002
2014-07-20 00:36 - 2014-07-20 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeDominator
2014-07-20 00:32 - 2014-07-20 00:33 - 02789154 _____ ( ) C:\Users\James\Downloads\TD90a_Setup.exe
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Roaming\ATI
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Local\CyberLink
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Local\ATI
2014-07-20 00:31 - 2014-07-20 00:31 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-20 00:30 - 2014-07-20 00:53 - 00000000 ____D () C:\Users\James\AppData\Local\Packages
2014-07-20 00:30 - 2014-07-20 00:30 - 00001449 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Synaptics
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Adobe
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Local\VirtualStore
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\ProgramData\Synaptics
2014-07-20 00:29 - 2014-07-21 08:00 - 00000000 ____D () C:\Users\James
2014-07-20 00:29 - 2014-07-20 00:29 - 00000020 ___SH () C:\Users\James\ntuser.ini
2014-07-20 00:29 - 2014-04-22 13:07 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-20 00:29 - 2014-04-22 12:23 - 00000000 ___HD () C:\Users\James\Documents\hp.system.package.metadata
2014-07-20 00:29 - 2014-03-18 05:06 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-20 00:29 - 2014-03-18 04:54 - 00000369 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-20 00:29 - 2014-03-18 04:54 - 00000369 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-20 00:29 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-20 00:29 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-20 00:27 - 2014-07-20 10:33 - 00000000 ____D () C:\Users\James\AppData\Roaming\iolo
2014-07-20 00:27 - 2014-07-20 08:11 - 00000000 ____D () C:\ProgramData\iolo
2014-07-20 00:27 - 2014-07-20 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DraftDominator
2014-07-20 00:27 - 2006-03-08 09:27 - 01353360 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\fpSpr60.ocx
2014-07-20 00:27 - 2004-12-07 13:03 - 00451760 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\Tab32x30.ocx
2014-07-20 00:27 - 2002-12-20 15:02 - 01077336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-07-20 00:27 - 2001-03-13 15:49 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-07-20 00:27 - 2000-05-22 01:00 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-07-20 00:27 - 1999-01-06 18:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xl5en32.olb
2014-07-20 00:26 - 2014-07-20 00:49 - 00000000 ____D () C:\FBG
2014-07-20 00:25 - 2014-07-23 09:02 - 01498991 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 00:25 - 2014-07-20 00:26 - 00459696 _____ () C:\Users\James\Downloads\smpro_dm.exe
2014-07-20 00:22 - 2014-07-20 00:23 - 05477715 _____ ( ) C:\Users\James\Downloads\DD150c_Setup.exe
2014-07-19 07:46 - 2014-07-19 07:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-19 07:37 - 2014-07-19 07:37 - 00000000 ____D () C:\Users\James\AppData\Local\Macromedia
2014-07-19 06:56 - 2014-07-19 06:56 - 00000000 ____D () C:\Users\James\AppData\Roaming\hpqlog
2014-07-19 06:56 - 2014-07-19 06:56 - 00000000 ____D () C:\Users\James\AppData\Local\Hewlett-Packard
2014-07-19 06:48 - 2014-07-19 06:49 - 00001333 _____ () C:\install.log
2014-07-19 06:46 - 2014-07-19 06:46 - 00000000 ____D () C:\Users\James\AppData\Roaming\OpenOffice
2014-07-19 06:45 - 2014-07-23 08:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 06:45 - 2014-07-19 06:45 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-19 06:38 - 2014-07-19 06:38 - 00000000 ____D () C:\Users\Public\CyberLink
2014-07-19 06:10 - 2014-07-19 06:13 - 00000000 ____D () C:\Users\James\AppData\Roaming\Mozilla
2014-07-19 06:10 - 2014-07-19 06:13 - 00000000 ____D () C:\Users\James\AppData\Local\Mozilla
2014-07-19 06:10 - 2014-07-19 06:10 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 06:10 - 2014-07-19 06:10 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-19 06:09 - 2014-07-20 01:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-19 06:09 - 2014-07-19 06:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-19 06:09 - 2014-07-19 06:09 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-19 06:06 - 2014-06-27 13:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-07-19 06:06 - 2014-06-27 13:50 - 00357664 _____ (Sendori) C:\Windows\SysWOW64\plsapp.dll
2014-07-19 06:05 - 2014-07-19 06:06 - 00000000 ____D () C:\ProgramData\PureLeads
2014-07-19 06:05 - 2014-07-19 06:05 - 00000000 ____D () C:\Program Files (x86)\PureLeads
2014-07-19 06:04 - 2014-07-19 06:12 - 00000000 ____D () C:\Users\James\AppData\Roaming\Systweak
2014-07-19 06:04 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-07-19 05:58 - 2014-07-19 05:58 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-19 05:58 - 2014-07-19 05:58 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-30 15:56 - 2014-06-30 15:56 - 03694016 _____ (PureLeads) C:\PureLeadsSetupx21715.exe

==================== One Month Modified Files and Folders =======

2014-07-23 09:08 - 2014-07-23 09:07 - 00016625 _____ () C:\Users\James\Downloads\FRST.txt
2014-07-23 09:08 - 2014-07-23 09:07 - 00000000 ____D () C:\FRST
2014-07-23 09:06 - 2014-07-23 09:06 - 02091520 _____ (Farbar) C:\Users\James\Downloads\FRST64.exe
2014-07-23 09:06 - 2014-07-23 09:06 - 01082368 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2014-07-23 09:04 - 2014-07-20 00:49 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-07-23 09:02 - 2014-07-20 00:25 - 01498991 _____ () C:\Windows\WindowsUpdate.log
2014-07-23 09:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-23 08:54 - 2014-07-19 06:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-23 08:50 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-23 08:48 - 2014-07-23 08:48 - 00000000 ____D () C:\Users\James\AppData\Roaming\Electronic Arts
2014-07-23 08:47 - 2014-07-23 08:46 - 09091423 _____ (Electronic Arts) C:\Users\James\Downloads\GameFaceBrowserPluginInstaller.1.8.0.0.exe
2014-07-23 08:44 - 2014-07-23 08:44 - 00000000 ____D () C:\Users\James\AppData\Local\Unity
2014-07-23 08:43 - 2014-07-23 08:43 - 01080480 _____ (Unity Technologies ApS) C:\Users\James\Downloads\UnityWebPlayer.exe
2014-07-23 08:40 - 2014-07-20 10:25 - 00000000 ____D () C:\Users\James\Documents\Food
2014-07-23 08:17 - 2014-07-20 12:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 08:14 - 2014-07-20 00:41 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F95BF861-9522-41E9-87DD-C49DDC66815A}
2014-07-23 03:25 - 2014-04-22 13:41 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-07-22 21:54 - 2014-07-20 00:36 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-376113473-2297420903-2571305959-1002
2014-07-22 20:02 - 2014-07-22 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-22 13:15 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-22 06:14 - 2014-07-20 00:38 - 00000000 __RDO () C:\Users\James\OneDrive
2014-07-21 08:10 - 2014-03-18 04:53 - 00956412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 08:00 - 2014-07-20 00:29 - 00000000 ____D () C:\Users\James
2014-07-21 07:59 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 23:17 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-20 17:50 - 2014-07-20 00:55 - 00000386 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-07-20 17:50 - 2014-03-18 04:44 - 00045718 _____ () C:\Windows\PFRO.log
2014-07-20 17:45 - 2013-08-22 08:25 - 00000226 _____ () C:\Windows\win.ini
2014-07-20 12:22 - 2014-07-20 00:53 - 00000000 ____D () C:\Users\James\Desktop\Cleanup_Security
2014-07-20 12:20 - 2014-07-20 12:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:19 - 2014-07-20 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 12:18 - 2014-07-20 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 11:36 - 2014-07-20 11:36 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-20 11:35 - 2014-07-20 11:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-20 11:35 - 2014-04-22 12:23 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-07-20 10:33 - 2014-07-20 10:33 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-07-20 10:33 - 2014-07-20 10:33 - 00000000 ____D () C:\Windows\system32\config\Before Compact
2014-07-20 10:33 - 2014-07-20 00:27 - 00000000 ____D () C:\Users\James\AppData\Roaming\iolo
2014-07-20 08:12 - 2014-07-20 08:12 - 00021464 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-20 08:11 - 2014-07-20 00:27 - 00000000 ____D () C:\ProgramData\iolo
2014-07-20 01:04 - 2014-07-19 06:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 01:04 - 2014-04-02 05:25 - 00000000 ____D () C:\Windows\Panther
2014-07-20 01:04 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-07-20 00:56 - 2014-07-20 00:53 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-20 00:54 - 2014-07-20 00:54 - 00004028 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-07-20 00:53 - 2014-07-20 00:39 - 00000000 ____D () C:\Users\James\AppData\Roaming\Hewlett-Packard
2014-07-20 00:53 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Local\Packages
2014-07-20 00:52 - 2014-07-20 00:52 - 00000000 ____D () C:\Windows\system32\config\Original
2014-07-20 00:52 - 2014-07-20 00:52 - 00000000 ____D () C:\Users\James\Desktop\Fantasy Tools
2014-07-20 00:50 - 2014-07-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2014-07-20 00:50 - 2014-07-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineupDominator
2014-07-20 00:50 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\restore
2014-07-20 00:49 - 2014-07-20 00:49 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-07-20 00:49 - 2014-07-20 00:49 - 00000000 ____D () C:\Users\James\AppData\Roaming\ioloGovernor
2014-07-20 00:49 - 2014-07-20 00:49 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-07-20 00:49 - 2014-07-20 00:26 - 00000000 ____D () C:\FBG
2014-07-20 00:48 - 2014-07-20 00:47 - 05562242 _____ ( ) C:\Users\James\Downloads\LD90a_Setup.exe
2014-07-20 00:43 - 2014-07-20 00:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 ____D () C:\Users\James\AppData\Roaming\Macromedia
2014-07-20 00:41 - 2014-04-22 12:53 - 00000000 ___HD () C:\HP
2014-07-20 00:40 - 2014-07-20 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Projections Dominator
2014-07-20 00:39 - 2014-07-20 00:39 - 00459696 _____ () C:\Users\James\Downloads\sm_dm.exe
2014-07-20 00:39 - 2014-07-20 00:39 - 00000000 ____D () C:\Users\James\AppData\Local\AMD
2014-07-20 00:37 - 2014-07-20 00:37 - 03516556 _____ ( ) C:\Users\James\Downloads\PD90c_Setup.exe
2014-07-20 00:37 - 2014-07-20 00:37 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-07-20 00:37 - 2014-07-20 00:37 - 00000000 ____D () C:\iolo
2014-07-20 00:36 - 2014-07-20 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeDominator
2014-07-20 00:33 - 2014-07-20 00:32 - 02789154 _____ ( ) C:\Users\James\Downloads\TD90a_Setup.exe
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Roaming\ATI
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Local\CyberLink
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Local\ATI
2014-07-20 00:31 - 2014-07-20 00:31 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-20 00:30 - 2014-07-20 00:30 - 00001449 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Synaptics
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Adobe
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Local\VirtualStore
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\ProgramData\Synaptics
2014-07-20 00:30 - 2014-04-22 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-07-20 00:30 - 2014-04-22 12:38 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-07-20 00:30 - 2014-04-22 12:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-07-20 00:30 - 2014-04-22 12:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-07-20 00:30 - 2014-03-31 20:07 - 00000000 ___HD () C:\SYSTEM.SAV
2014-07-20 00:29 - 2014-07-20 00:29 - 00000020 ___SH () C:\Users\James\ntuser.ini
2014-07-20 00:27 - 2014-07-20 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DraftDominator
2014-07-20 00:26 - 2014-07-20 00:25 - 00459696 _____ () C:\Users\James\Downloads\smpro_dm.exe
2014-07-20 00:23 - 2014-07-20 00:22 - 05477715 _____ ( ) C:\Users\James\Downloads\DD150c_Setup.exe
2014-07-20 00:21 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-07-19 07:47 - 2013-08-22 09:46 - 00025744 _____ () C:\Windows\setupact.log
2014-07-19 07:46 - 2014-07-19 07:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-19 07:37 - 2014-07-19 07:37 - 00000000 ____D () C:\Users\James\AppData\Local\Macromedia
2014-07-19 06:56 - 2014-07-19 06:56 - 00000000 ____D () C:\Users\James\AppData\Roaming\hpqlog
2014-07-19 06:56 - 2014-07-19 06:56 - 00000000 ____D () C:\Users\James\AppData\Local\Hewlett-Packard
2014-07-19 06:51 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-19 06:50 - 2013-08-22 09:44 - 00377712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-19 06:49 - 2014-07-19 06:48 - 00001333 _____ () C:\install.log
2014-07-19 06:46 - 2014-07-19 06:46 - 00000000 ____D () C:\Users\James\AppData\Roaming\OpenOffice
2014-07-19 06:45 - 2014-07-19 06:45 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-19 06:38 - 2014-07-19 06:38 - 00000000 ____D () C:\Users\Public\CyberLink
2014-07-19 06:13 - 2014-07-19 06:10 - 00000000 ____D () C:\Users\James\AppData\Roaming\Mozilla
2014-07-19 06:13 - 2014-07-19 06:10 - 00000000 ____D () C:\Users\James\AppData\Local\Mozilla
2014-07-19 06:12 - 2014-07-19 06:04 - 00000000 ____D () C:\Users\James\AppData\Roaming\Systweak
2014-07-19 06:10 - 2014-07-19 06:10 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 06:10 - 2014-07-19 06:10 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-19 06:10 - 2014-07-19 06:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-19 06:09 - 2014-07-19 06:09 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-19 06:06 - 2014-07-19 06:05 - 00000000 ____D () C:\ProgramData\PureLeads
2014-07-19 06:05 - 2014-07-19 06:05 - 00000000 ____D () C:\Program Files (x86)\PureLeads
2014-07-19 06:03 - 2014-04-22 13:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-19 05:58 - 2014-07-19 05:58 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-19 05:58 - 2014-07-19 05:58 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-16 08:30 - 2014-07-20 00:37 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2014-07-13 18:39 - 2014-07-20 00:48 - 43459232 _____ (iolo technologies, LLC ) C:\Users\James\Documents\SystemMechanic.exe
2014-07-13 13:53 - 2014-07-20 00:49 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2014-07-13 13:53 - 2014-07-20 00:49 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2014-07-13 13:36 - 2014-07-20 00:50 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2014-07-13 13:36 - 2014-07-20 00:50 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2014-07-13 13:31 - 2014-07-20 00:49 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2014-06-30 15:56 - 2014-06-30 15:56 - 03694016 _____ (PureLeads) C:\PureLeadsSetupx21715.exe
2014-06-27 13:50 - 2014-07-19 06:06 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-06-27 13:50 - 2014-07-19 06:06 - 00357664 _____ (Sendori) C:\Windows\SysWOW64\plsapp.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 21:26

==================== End Of Log ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2014 01
Ran by James at 2014-07-23 09:10:24
Running from C:\Users\James\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 13.15.100.30925 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{301D3AA1-5DCC-FCFD-622E-3C7CBA87C80F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
AMD Start Now (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0925.0644.10236 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0925.645.10236 - Advanced Micro Devices, Inc.) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.4.4824 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.6.3912 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.2.3302 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DraftDominator Version 15.0c (HKLM-x32\...\DraftDominator_is1) (Version:  - )
Dragon Notes en-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AFCD-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{2C0CCB21-5ED3-4417-93D2-CC6BEEB3C7CF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 1.14.1420 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP SimplePass (Version: 8.00.54 - Hewlett-Packard) Hidden
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.0 - iolo technologies, LLC)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LineupDominator Version 9.0a Full (HKLM-x32\...\LineupDominator_is1) (Version:  - )
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.414 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Projections Dominator Version 9.0c (HKLM-x32\...\Projections Dominator_is1) (Version:  - )
PureLeads (HKLM-x32\...\PureLeads) (Version: 2.0.18 - PureLeads)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TradeDominator version 9.0a (HKLM-x32\...\TradeDominator_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID entries: ==========================

CustomCLSID: HKU\S-1-5-21-376113473-2297420903-2571305959-1002_Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5} -> Orphan?
CustomCLSID: HKU\S-1-5-21-376113473-2297420903-2571305959-1002_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5} -> Orphan?

==================== Restore Points  =========================

20-07-2014 18:09:10 HPSF Applying updates

==================== Hosts content: ==========================

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {062D3B8C-600B-4CB9-8EE3-CB3736078983} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1FE3E7C6-C061-45FD-83EB-5345F6A2CFD7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21199D4C-F9E7-4A63-8AFD-C469861365D8} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {22B71CD6-FEEE-43DA-B2B4-6E6E54F80998} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2013-10-05] ()
Task: {244A0FBB-42E7-49A7-8BF3-F6DA4E9E887E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {607A5E9C-5971-41F3-A678-672322FA0B41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {98292BAF-42C3-4FC1-9056-7EB1EE3B3C57} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9EABA8FA-C484-4699-B1A4-037BEA7D0425} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-07-13] (iolo technologies, LLC)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AE774EC5-B5A2-4296-A5AD-926DA9EFF8AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {C510B5F0-CF58-4E00-B795-06B13259B338} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CBDA51B5-18F3-4C3F-BBAD-09E7E42FDD0E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D15F360A-8493-4CF4-AB82-323228CD3982} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {D352DA66-6B83-46D8-9915-8E7B856C5978} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DEDF4EF9-A287-4E83-898F-411D44A80BE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-19] (Adobe Systems Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-26 13:26 - 2013-09-26 13:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-26 13:32 - 2013-09-26 13:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 13:28 - 2013-09-26 13:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 13:25 - 2013-09-26 13:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 13:25 - 2013-09-26 13:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 13:25 - 2013-09-26 13:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 13:39 - 2013-09-26 13:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 13:39 - 2013-09-26 13:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 08:49 - 2013-09-25 08:49 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-25 08:48 - 2013-09-25 08:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-09-26 13:34 - 2013-09-26 13:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2013-09-25 08:48 - 2013-09-25 08:48 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-09-25 08:49 - 2013-09-25 08:49 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-04-22 14:50 - 2014-04-22 14:50 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-04-22 14:05 - 2013-02-01 13:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2014-04-22 14:05 - 2013-02-01 13:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2014-04-22 14:05 - 2013-02-01 13:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2014-04-22 14:05 - 2013-02-01 13:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2014-04-22 14:05 - 2013-02-01 13:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2014-04-22 14:05 - 2013-02-01 13:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2014-04-22 14:05 - 2013-02-01 13:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2014-07-19 06:09 - 2014-06-05 23:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\James\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2014 09:10:50 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 09:05:50 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 09:00:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:55:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:50:50 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:45:50 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:40:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:35:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:30:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:25:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server


System errors:
=============
Error: (07/23/2014 08:12:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlsvcV1 service.

Error: (07/23/2014 06:29:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/23/2014 00:12:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/22/2014 07:43:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/22/2014 03:18:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/22/2014 11:15:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/22/2014 06:18:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The PlsvcV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/22/2014 06:15:04 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (07/22/2014 06:14:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcpltsvc service.

Error: (07/21/2014 08:04:51 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}


Microsoft Office Sessions:
=========================
Error: (07/23/2014 09:10:50 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 09:05:50 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 09:00:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:55:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:50:50 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:45:50 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:40:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:35:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:30:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server

Error: (07/23/2014 08:25:49 AM) (Source: PureLeads) (EventID: 99) (User: )
Description: TV ERRORUnable to connect to the remote server


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3554.07 MB
Available physical RAM: 1717.16 MB
Total Pagefile: 4898.07 MB
Available Pagefile: 2630.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:445.12 GB) (Free:410.61 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.62 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A9A16C4F)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Asw.txt

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-23 09:18:23
-----------------------------
09:18:23.761 OS Version: Windows x64 6.2.9200
09:18:23.761 Number of processors: 2 586 0x1
09:18:23.777 ComputerName: THOMPSONPC UserName: James
09:18:25.605 Initialize success
09:18:25.605 VM: initialized successfully
09:18:25.621 VM: Amd CPU BiosDisabled
09:18:27.214 VM: supported disk I/O storport.sys
09:18:34.261 AVAST engine download error: 0
09:18:39.355 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002a
09:18:39.355 Disk 0 Vendor: ST500LT012-1DG142 1002YAM1 Size: 476940MB BusType: 11
09:18:39.511 Disk 0 MBR read successfully
09:18:39.511 Disk 0 MBR scan
09:18:39.527 Disk 0 unknown MBR code
09:18:39.543 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
09:18:39.621 Disk 0 scanning C:\Windows\system32\drivers
09:18:47.855 Service scanning
09:19:15.699 Modules scanning
09:19:15.730 Disk 0 trace - called modules:
09:19:16.262
09:19:16.277 Scan finished successfully
09:19:43.402 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
09:19:43.418 The log file has been saved successfully to "C:\Users\James\Desktop\asw.txt"


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
No worries on the delay, we do this on the schedule that works best for you. :thumbsup:

I'm reviewing your logs, but wanted to ask a question: Are you using a proxy on your machine? IE is showing a proxy.
  • 0

#5
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
A proxy, I honestly don't know. I didn't manually set one up if that is what's required. I went through the normal windows setup at the first power of the computer, selected my wireless name from the list and entered my password. That is all I have done as far network is involved. I haven't even used IE since I downloaded Firefox which was almost immediately

Edited by Jrt2006, 23 July 2014 - 06:45 PM.

  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

A proxy, I honestly don't know. I didn't manually set one up if that is what's required. I went through the normal windows setup at the first power of the computer, selected my wireless name from the list and entered my password. That is all I have done as far network is involved. I haven't even used IE since I downloaded Firefox which was almost immediately


Ok, thank you. I'll remove the proxy when I finish up your fix. In the meantime, please uninstall the following program from your machine.

PureLeads
  • 0

#7
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

PureLeads is uninstallled


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, let's get to work. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Multiple Anti-Virus Programs


Multiple Anti-Virus Programs Installed

Your log indicates you have 2 or more anti-virus programs installed on your machine. They are "McAfee" and " Windows Defender".
  • Research shows that having multiple anti-virus programs installed is not a good idea. This is a case of more is not better.
  • They will often conflict with each, provide false positives, and additional problems including potential BSOD's, and locking the machine up.
  • We need to remove one or more of these from your system. I would suggest McAfee be uninstalled, unless you are paying for it.
Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: RogueKiller

Download RogueKiller to your desktop.


Click on Scan

The scan will take a short amount of time

Click on Report to open the log.

Copy and paste the content of the log in your next reply.


Things I need to see in your next post:

AdwCleaner Log

Junkware Removal Tool Log

RogueKiller Log

  • 0

#9
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

ADW Log

# AdwCleaner v3.216 - Report created 24/07/2014 at 21:54:30
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 Connected (64 bits)
# Username : James - THOMPSONPC
# Running from : C:\Users\James\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\James\AppData\Local\Temp\focusbase
Folder Deleted : C:\Users\James\AppData\Roaming\Systweak
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ajwadlwx.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1681 octets] - [24/07/2014 21:51:18]
AdwCleaner[S0].txt - [1582 octets] - [24/07/2014 21:54:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1642 octets] ##########

 

Junk Removal Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Connected x64
Ran by James on Thu 07/24/2014 at 22:02:22.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/24/2014 at 22:23:28.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

RogueKiller Log:

RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : James [Admin rights]
Mode : Scan -- Date : 07/25/2014  07:55:02

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 22 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8E02059E-EC13-441B-AFD6-CD70C258610A} | DhcpNameServer : 40.21.1.201 40.21.1.202  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8E02059E-EC13-441B-AFD6-CD70C258610A} | DhcpNameServer : 40.21.1.201 40.21.1.202  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] ajwadlwx.default : user_pref("network.proxy.type", 4); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  ST500LT012-1DG14 SATA Disk Device +++++
--- User ---
[MBR] 55c7d48b15b05eeaee79cd08435a02e3
[BSP] d68d1025fa001fbe686c631bc49d0e2c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
 


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :)

Thank you for the logs, let's get rid of the proxy using RogueKiller and then run a fresh scan with Farbar's.


Please disable your anti-virus program before running these steps. Don't forget to re-enable it afterwards.

Step 1: Re-Run RogueKiller

Please re-run RogueKiller and when it finishes scanning, please remove only the items listed below.
 

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184 -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184 -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184 -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184 -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184 -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49184;https=127.0.0.1:49184 -> FOUND

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] ajwadlwx.default : user_pref("network.proxy.type", 4); -> FOUND


Once it's done, it will produce a log, please post that log in your next reply.


Step 2: Fresh Scan with Farbar's Recovery Scan Tool


Start FRST and press the Scan button. When it is finished, it will produce one log. Please post it in your next reply.

Things I need to see in your next post

RogueKiller Log

Fresh FRST Log

  • 0

#11
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

RKreport:

RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : James [Admin rights]
Mode : Scan -- Date : 07/26/2014  14:01:52

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8E02059E-EC13-441B-AFD6-CD70C258610A} | DhcpNameServer : 40.21.1.201 40.21.1.202  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8E02059E-EC13-441B-AFD6-CD70C258610A} | DhcpNameServer : 40.21.1.201 40.21.1.202  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-376113473-2297420903-2571305959-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  ST500LT012-1DG14 SATA Disk Device +++++
--- User ---
[MBR] 55c7d48b15b05eeaee79cd08435a02e3
[BSP] d68d1025fa001fbe686c631bc49d0e2c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_07252014_075502.log - RKreport_SCN_07262014_134217.log - RKreport_DEL_07262014_134904.log

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by James (administrator) on THOMPSONPC on 26-07-2014 14:03:29
Running from C:\Users\James\Desktop\Cleanup_Security
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Footballguys.com) C:\FBG\DraftDominator\DraftDominator.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2755640 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-09-26] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF ProfilePath: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\ajwadlwx.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\James\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-26] () [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-07-13] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-26] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-07-26] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 11:54 - 2014-01-19 02:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-25 07:41 - 2014-07-26 13:28 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-25 07:41 - 2014-07-25 07:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-24 22:02 - 2014-07-24 22:02 - 00000000 ____D () C:\Windows\ERUNT
2014-07-24 21:50 - 2014-07-24 21:58 - 00000000 ____D () C:\AdwCleaner
2014-07-24 10:46 - 2014-07-24 10:47 - 00024064 ___SH () C:\Users\James\Downloads\Thumbs.db
2014-07-23 12:07 - 2014-06-26 15:55 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-23 12:07 - 2014-06-26 15:55 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-23 12:01 - 2014-07-23 16:38 - 00000000 ____D () C:\Windows\Minidump
2014-07-23 12:01 - 2014-07-23 12:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-23 11:19 - 2014-07-23 11:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-23 11:18 - 2014-06-26 17:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-23 09:42 - 2014-07-23 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 09:19 - 2014-07-23 09:19 - 00000512 _____ () C:\Users\James\Desktop\MBR.dat
2014-07-23 09:07 - 2014-07-26 14:03 - 00000000 ____D () C:\FRST
2014-07-23 09:06 - 2014-07-23 09:06 - 01082368 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2014-07-23 08:48 - 2014-07-23 08:48 - 00000000 ____D () C:\Users\James\AppData\Roaming\Electronic Arts
2014-07-23 08:46 - 2014-07-23 08:47 - 09091423 _____ (Electronic Arts) C:\Users\James\Downloads\GameFaceBrowserPluginInstaller.1.8.0.0.exe
2014-07-23 08:44 - 2014-07-23 08:44 - 00000000 ____D () C:\Users\James\AppData\Local\Unity
2014-07-23 08:43 - 2014-07-23 08:43 - 01080480 _____ (Unity Technologies ApS) C:\Users\James\Downloads\UnityWebPlayer.exe
2014-07-22 15:31 - 2014-03-04 01:32 - 00356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2014-07-22 15:30 - 2014-03-19 19:53 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-07-22 15:30 - 2014-03-19 19:48 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2014-07-22 15:30 - 2014-03-19 18:55 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-07-22 15:30 - 2014-03-19 18:39 - 00800256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-07-22 15:30 - 2014-03-19 18:36 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReInfo.dll
2014-07-22 15:30 - 2014-03-19 00:57 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-07-22 15:30 - 2014-03-08 03:33 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2014-07-22 15:30 - 2014-03-08 02:47 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2014-07-22 15:30 - 2014-03-08 02:12 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-07-22 15:30 - 2014-03-08 02:04 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2014-07-22 15:30 - 2014-03-08 01:40 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2014-07-22 15:30 - 2014-03-08 01:31 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2014-07-22 15:30 - 2014-03-08 01:30 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2014-07-22 15:30 - 2014-03-08 00:11 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-07-22 15:30 - 2014-03-06 07:53 - 00518552 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-07-22 15:30 - 2014-03-06 07:51 - 00488280 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-07-22 15:30 - 2014-03-06 06:19 - 00390488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-07-22 15:30 - 2014-03-06 06:13 - 01779800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-07-22 15:30 - 2014-03-06 06:13 - 00406912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-07-22 15:30 - 2014-03-06 01:23 - 02270208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-07-22 15:30 - 2014-03-06 01:23 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2014-07-22 15:30 - 2014-03-06 01:09 - 01764864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-07-22 15:30 - 2014-03-04 07:14 - 00360512 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-07-22 15:30 - 2014-03-04 06:10 - 00355832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-07-22 15:30 - 2014-03-04 02:00 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2014-07-22 15:29 - 2014-03-19 23:19 - 01291200 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-07-22 15:29 - 2014-03-19 22:41 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-07-22 15:29 - 2014-03-19 22:40 - 01112536 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-07-22 15:29 - 2014-03-19 02:13 - 00836096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-07-22 15:29 - 2014-03-11 10:18 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2014-07-22 15:29 - 2014-03-11 09:28 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2014-07-22 15:29 - 2014-03-08 15:38 - 01542768 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-07-22 15:29 - 2014-03-08 15:35 - 00467800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-07-22 15:29 - 2014-03-08 10:29 - 00356848 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2014-07-22 15:29 - 2014-03-08 06:34 - 01095488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2014-07-22 15:29 - 2014-03-08 02:53 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-07-22 15:29 - 2014-03-08 01:48 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2014-07-22 15:29 - 2014-03-08 00:41 - 01306624 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-07-22 15:29 - 2014-03-06 07:53 - 02141912 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-07-22 15:29 - 2014-03-06 07:51 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-07-22 15:29 - 2014-03-06 07:51 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-07-22 15:29 - 2014-03-06 07:39 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-07-22 15:29 - 2014-03-06 04:22 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-07-22 15:29 - 2014-03-06 01:51 - 02900992 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-07-22 15:29 - 2014-03-06 01:39 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-07-22 15:29 - 2014-03-04 07:25 - 02373784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-07-22 15:29 - 2014-03-04 06:16 - 02088160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-07-22 15:29 - 2014-03-04 01:50 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-07-22 15:28 - 2014-03-19 22:41 - 00376152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2014-07-22 15:28 - 2014-03-19 00:50 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe
2014-07-22 15:28 - 2014-03-19 00:31 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-07-22 15:28 - 2014-03-19 00:08 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-07-22 15:28 - 2014-03-08 15:40 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-07-22 15:28 - 2014-03-08 04:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\sxproxy.dll
2014-07-22 15:28 - 2014-03-08 03:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxproxy.dll
2014-07-22 15:28 - 2014-03-08 02:03 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-22 15:28 - 2014-03-08 02:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-07-22 15:28 - 2014-03-08 01:46 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-07-22 15:28 - 2014-03-08 01:41 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-07-22 15:28 - 2014-03-08 01:37 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-22 15:28 - 2014-03-06 09:34 - 02331000 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-07-22 15:28 - 2014-03-06 09:34 - 00113648 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2014-07-22 15:28 - 2014-03-06 06:19 - 00094016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2014-07-22 15:28 - 2014-03-06 05:46 - 01679128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-07-22 15:28 - 2014-03-06 04:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-07-22 15:28 - 2014-03-06 03:38 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-07-22 15:28 - 2014-03-06 03:00 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2014-07-22 15:28 - 2014-03-06 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-07-22 15:28 - 2014-03-06 02:16 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2014-07-22 15:28 - 2014-03-06 02:02 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2014-07-22 15:28 - 2014-03-06 01:31 - 02479616 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-07-22 15:28 - 2014-03-06 01:29 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2014-07-22 15:28 - 2014-03-06 01:24 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2014-07-22 15:28 - 2014-03-06 01:21 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2014-07-22 15:28 - 2014-03-06 01:13 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-07-22 15:28 - 2014-03-06 01:11 - 02030080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-07-22 15:28 - 2014-03-06 01:04 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2014-07-22 15:28 - 2014-03-06 00:47 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-07-22 15:28 - 2014-03-06 00:42 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2014-07-22 15:28 - 2014-03-04 02:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-07-22 15:28 - 2014-03-04 02:13 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-07-22 15:28 - 2014-03-04 02:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2014-07-22 15:28 - 2014-03-04 01:42 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-07-22 15:28 - 2014-03-04 01:39 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2014-07-22 15:28 - 2014-03-04 01:15 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.dll
2014-07-22 15:28 - 2014-03-04 01:03 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2014-07-22 15:28 - 2014-03-04 00:52 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2014-07-22 15:27 - 2014-03-19 00:20 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2014-07-22 15:27 - 2014-03-12 08:45 - 00387210 _____ () C:\Windows\system32\ApnDatabase.xml
2014-07-22 15:27 - 2014-03-08 03:25 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\SetNetworkLocation.dll
2014-07-22 15:27 - 2014-03-08 01:25 - 00264192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-07-22 15:27 - 2014-03-08 01:04 - 00717312 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-07-22 15:27 - 2014-03-08 00:58 - 00567296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-07-22 15:27 - 2014-03-06 04:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-07-22 15:27 - 2014-03-06 04:24 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-07-22 15:27 - 2014-03-06 04:22 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-07-22 15:27 - 2014-03-06 04:19 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-07-22 15:27 - 2014-03-06 04:19 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-07-22 15:27 - 2014-03-06 04:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\l2gpstore.dll
2014-07-22 15:27 - 2014-03-06 03:41 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\DevPropMgr.dll
2014-07-22 15:27 - 2014-03-06 03:10 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\l2gpstore.dll
2014-07-22 15:27 - 2014-03-06 01:27 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-07-22 15:27 - 2014-03-06 01:06 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2014-07-22 15:27 - 2014-03-06 01:01 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2014-07-22 15:27 - 2014-03-06 00:51 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2014-07-22 15:27 - 2014-03-04 01:56 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2014-07-22 15:27 - 2014-03-04 01:05 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.dll
2014-07-22 15:27 - 2014-03-04 01:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2014-07-22 15:27 - 2014-03-04 00:54 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2014-07-22 15:27 - 2013-12-23 18:28 - 00262656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2014-07-22 15:27 - 2013-12-23 18:26 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2014-07-22 15:22 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-22 15:22 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-22 15:22 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-22 15:22 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-22 15:22 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-22 15:22 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-22 15:22 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-22 15:22 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-22 15:22 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-22 15:22 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-22 15:22 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-22 15:22 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-22 15:22 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-22 15:22 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-22 15:22 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-22 15:22 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-22 15:22 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-22 15:22 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-22 15:22 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-22 15:22 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-22 15:22 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-22 15:22 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-22 15:22 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-22 15:22 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-22 15:22 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-22 15:22 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-22 15:22 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-22 15:22 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-22 15:22 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-22 15:22 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-22 15:22 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-22 15:22 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-22 15:22 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-22 15:21 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-22 15:21 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-22 15:21 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-22 15:21 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-22 15:21 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-22 15:21 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-22 15:21 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-22 15:21 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-22 15:21 - 2014-05-30 04:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-22 15:21 - 2014-05-30 04:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-22 15:21 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-22 15:21 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-22 15:19 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-22 15:15 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-22 15:15 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-22 15:15 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-22 15:15 - 2014-05-09 22:46 - 02151424 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-22 15:15 - 2014-05-09 22:22 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-22 15:15 - 2014-05-08 18:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-07-22 15:15 - 2014-04-03 02:59 - 02518872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-22 15:15 - 2014-04-03 02:59 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-22 15:14 - 2014-03-23 21:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-07-22 15:14 - 2014-03-23 21:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-07-22 15:14 - 2014-03-23 21:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-07-22 15:14 - 2014-03-13 02:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-07-22 15:14 - 2014-03-13 01:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-07-22 15:13 - 2014-04-10 22:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-07-22 15:13 - 2014-04-10 22:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-22 15:13 - 2014-04-10 22:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-22 15:13 - 2014-04-10 22:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-22 15:13 - 2014-04-10 22:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-22 15:13 - 2014-04-10 21:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-07-22 15:13 - 2014-04-10 21:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-07-22 15:13 - 2014-04-10 21:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-22 15:11 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-22 15:11 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-22 15:11 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-22 15:11 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-22 15:11 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-22 15:11 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-22 15:11 - 2014-05-04 23:02 - 03360256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-22 15:11 - 2014-04-30 06:16 - 01336648 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-22 15:11 - 2014-04-29 22:51 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-22 15:11 - 2014-04-08 17:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-07-22 15:11 - 2014-04-08 17:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-07-22 15:11 - 2014-04-08 13:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-07-22 15:11 - 2014-04-08 13:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-07-22 15:10 - 2014-04-06 11:31 - 21268952 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-22 15:09 - 2014-04-18 03:21 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-07-22 15:09 - 2014-04-18 03:09 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-07-22 15:09 - 2014-04-18 02:49 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-07-22 15:09 - 2014-04-09 06:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-07-22 15:09 - 2014-04-06 11:20 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-07-22 15:09 - 2014-04-06 11:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-07-22 15:09 - 2014-04-06 11:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-07-22 15:09 - 2014-04-06 11:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-07-22 15:09 - 2014-04-06 11:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-07-22 15:09 - 2014-04-06 11:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-07-22 15:09 - 2014-04-06 10:22 - 18755672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-22 15:09 - 2014-04-06 10:16 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-07-22 15:09 - 2014-04-06 10:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-07-22 15:09 - 2014-04-06 10:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-07-22 15:09 - 2014-04-06 07:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-07-22 15:09 - 2014-04-06 06:55 - 16872448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-07-22 15:09 - 2014-04-06 06:54 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-07-22 15:09 - 2014-04-06 05:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-07-22 15:09 - 2014-04-06 05:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-07-22 15:09 - 2014-04-06 05:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-07-22 15:09 - 2014-04-03 03:12 - 02124840 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-07-22 15:09 - 2014-04-02 22:53 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-07-22 15:09 - 2014-04-02 21:53 - 04269056 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-07-22 15:09 - 2014-04-02 21:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-07-22 15:09 - 2014-04-02 21:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-07-22 15:09 - 2014-03-30 17:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-07-22 15:09 - 2014-03-30 17:11 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-07-22 15:09 - 2014-03-30 16:47 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-07-22 15:09 - 2014-03-28 10:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2014-07-22 15:09 - 2014-03-27 01:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-07-22 15:09 - 2014-03-26 22:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-07-22 15:09 - 2014-03-24 17:58 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-07-22 15:09 - 2014-03-19 19:44 - 06645248 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-22 15:09 - 2014-03-19 18:33 - 05774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-22 15:09 - 2014-03-19 03:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-07-22 15:09 - 2014-03-19 00:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-07-22 15:09 - 2014-03-18 23:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-07-22 15:09 - 2014-03-18 00:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-07-22 15:09 - 2014-03-17 23:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-07-22 15:09 - 2014-03-17 00:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-07-22 15:09 - 2014-03-16 23:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-07-22 15:09 - 2014-03-16 22:01 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-07-22 15:09 - 2014-03-16 21:47 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-22 15:09 - 2014-03-14 01:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2014-07-22 15:09 - 2014-03-14 01:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-07-22 15:09 - 2014-03-06 07:42 - 00310616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-07-22 15:08 - 2014-04-18 09:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-07-22 15:08 - 2014-04-18 09:44 - 01466856 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-07-22 15:08 - 2014-04-18 08:29 - 01200288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-07-22 15:08 - 2014-04-18 04:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2014-07-22 15:08 - 2014-04-18 03:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-07-22 15:08 - 2014-04-18 02:51 - 00836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-07-22 15:08 - 2014-04-14 04:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2014-07-22 15:08 - 2014-04-14 03:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-07-22 15:08 - 2014-04-10 23:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-07-22 15:08 - 2014-04-10 23:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-07-22 15:08 - 2014-04-10 22:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-07-22 15:08 - 2014-04-09 01:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-07-22 15:08 - 2014-04-09 00:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-07-22 15:08 - 2014-04-08 22:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-07-22 15:08 - 2014-04-07 21:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-07-22 15:08 - 2014-04-06 11:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-07-22 15:08 - 2014-04-06 11:34 - 00275800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-07-22 15:08 - 2014-04-06 11:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-07-22 15:08 - 2014-04-06 11:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2014-07-22 15:08 - 2014-04-06 11:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-07-22 15:08 - 2014-04-06 11:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-07-22 15:08 - 2014-04-06 11:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-07-22 15:08 - 2014-04-06 11:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-07-22 15:08 - 2014-04-06 11:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-07-22 15:08 - 2014-04-06 11:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-07-22 15:08 - 2014-04-06 11:20 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-07-22 15:08 - 2014-04-06 11:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-07-22 15:08 - 2014-04-06 10:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-07-22 15:08 - 2014-04-06 10:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2014-07-22 15:08 - 2014-04-06 10:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-07-22 15:08 - 2014-04-06 10:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-07-22 15:08 - 2014-04-06 10:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-07-22 15:08 - 2014-04-06 10:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-07-22 15:08 - 2014-04-06 10:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-07-22 15:08 - 2014-04-06 10:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-07-22 15:08 - 2014-04-06 07:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-07-22 15:08 - 2014-04-06 07:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-07-22 15:08 - 2014-04-06 07:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-07-22 15:08 - 2014-04-06 07:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-07-22 15:08 - 2014-04-06 06:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2014-07-22 15:08 - 2014-04-06 06:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-07-22 15:08 - 2014-04-06 06:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-07-22 15:08 - 2014-04-06 05:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-07-22 15:08 - 2014-04-06 05:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-07-22 15:08 - 2014-04-06 04:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-07-22 15:08 - 2014-04-03 03:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-07-22 15:08 - 2014-04-03 03:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2014-07-22 15:08 - 2014-04-02 23:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-07-22 15:08 - 2014-04-02 23:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-07-22 15:08 - 2014-04-02 21:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-07-22 15:08 - 2014-04-02 21:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-07-22 15:08 - 2014-04-02 21:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2014-07-22 15:08 - 2014-04-01 01:23 - 00384856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-07-22 15:08 - 2014-03-31 00:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-22 15:08 - 2014-03-30 19:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-07-22 15:08 - 2014-03-30 19:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-07-22 15:08 - 2014-03-30 18:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-07-22 15:08 - 2014-03-30 17:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-07-22 15:08 - 2014-03-30 17:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-07-22 15:08 - 2014-03-27 00:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-07-22 15:08 - 2014-03-26 23:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-07-22 15:08 - 2014-03-26 23:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-07-22 15:08 - 2014-03-26 23:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-07-22 15:08 - 2014-03-26 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-07-22 15:08 - 2014-03-26 22:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-07-22 15:08 - 2014-03-19 22:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-07-22 15:08 - 2014-03-19 03:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-07-22 15:08 - 2014-03-19 02:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-22 15:08 - 2014-03-19 02:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-07-22 15:08 - 2014-03-19 01:36 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-22 15:08 - 2014-03-19 00:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-22 15:08 - 2014-03-19 00:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-07-22 15:08 - 2014-03-19 00:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-07-22 15:08 - 2014-03-19 00:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-07-22 15:08 - 2014-03-19 00:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-07-22 15:08 - 2014-03-18 23:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-07-22 15:08 - 2014-03-18 23:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-07-22 15:08 - 2014-03-18 03:19 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-22 15:08 - 2014-03-16 21:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-07-22 15:08 - 2014-03-08 15:47 - 00180056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-07-22 15:08 - 2014-03-06 04:19 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2014-07-22 15:08 - 2014-03-06 03:20 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-07-22 15:08 - 2014-01-27 13:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-22 15:04 - 2014-05-27 05:05 - 00791552 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-07-22 15:04 - 2014-05-27 04:44 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\lockscreencn.dll
2014-07-22 15:04 - 2014-05-27 04:16 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-07-22 15:04 - 2014-05-27 04:12 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-07-22 15:04 - 2014-05-19 01:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2014-07-22 15:04 - 2014-05-19 01:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2014-07-22 15:04 - 2014-05-19 00:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-07-22 15:04 - 2014-03-06 04:19 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-07-22 13:14 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-22 13:03 - 2014-06-30 17:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-22 13:03 - 2014-06-28 02:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-22 13:03 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-22 13:03 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-22 13:03 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-22 13:03 - 2014-04-29 23:43 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-07-22 13:03 - 2014-04-29 23:26 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-07-22 13:03 - 2014-04-29 22:47 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-07-22 13:02 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-22 13:02 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-22 13:02 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-22 13:02 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-22 13:02 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-22 13:02 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-22 13:02 - 2014-03-11 08:21 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-07-22 13:02 - 2014-03-11 08:02 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-07-22 13:01 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-22 13:01 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-22 13:01 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-22 13:01 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-22 13:01 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-22 13:01 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-22 13:01 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-22 13:01 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-22 13:01 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-22 13:01 - 2014-05-01 08:31 - 03048904 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-07-22 13:01 - 2014-05-01 08:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2014-07-22 13:01 - 2014-05-01 02:14 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-07-22 13:01 - 2014-05-01 02:05 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-07-22 13:01 - 2014-05-01 01:51 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-07-22 13:01 - 2014-05-01 00:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-07-22 13:01 - 2014-04-11 03:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-07-22 13:01 - 2014-04-11 01:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-22 13:01 - 2014-04-11 00:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-22 13:01 - 2014-04-11 00:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-20 12:22 - 2014-07-25 15:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 12:19 - 2014-07-20 12:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:19 - 2014-07-20 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 12:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 12:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 12:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 12:18 - 2014-07-20 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 11:36 - 2014-07-20 11:36 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-20 11:35 - 2014-07-20 11:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-20 10:33 - 2014-07-20 10:33 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-07-20 10:33 - 2014-07-20 10:33 - 00000000 ____D () C:\Windows\system32\config\Before Compact
2014-07-20 10:25 - 2014-07-24 21:58 - 00000000 ____D () C:\Users\James\Documents\Food
2014-07-20 08:12 - 2014-07-20 08:12 - 00021464 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-20 00:55 - 2014-07-20 17:50 - 00000386 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-07-20 00:54 - 2014-07-20 00:54 - 00004028 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-07-20 00:53 - 2014-07-26 14:03 - 00000000 ____D () C:\Users\James\Desktop\Cleanup_Security
2014-07-20 00:53 - 2014-07-20 00:56 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-20 00:52 - 2014-07-20 00:52 - 00000000 ____D () C:\Windows\system32\config\Original
2014-07-20 00:52 - 2014-07-20 00:52 - 00000000 ____D () C:\Users\James\Desktop\Fantasy Tools
2014-07-20 00:50 - 2014-07-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2014-07-20 00:50 - 2014-07-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineupDominator
2014-07-20 00:50 - 2014-07-13 13:36 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2014-07-20 00:50 - 2014-07-13 13:36 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2014-07-20 00:49 - 2014-07-26 13:59 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-07-20 00:49 - 2014-07-20 00:49 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-07-20 00:49 - 2014-07-20 00:49 - 00000000 ____D () C:\Users\James\AppData\Roaming\ioloGovernor
2014-07-20 00:49 - 2014-07-20 00:49 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-07-20 00:49 - 2014-07-13 13:53 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2014-07-20 00:49 - 2014-07-13 13:53 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2014-07-20 00:49 - 2014-07-13 13:31 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2014-07-20 00:48 - 2014-07-13 18:39 - 43459232 _____ (iolo technologies, LLC ) C:\Users\James\Documents\SystemMechanic.exe
2014-07-20 00:47 - 2014-07-20 00:48 - 05562242 _____ ( ) C:\Users\James\Downloads\LD90a_Setup.exe
2014-07-20 00:43 - 2014-07-20 00:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-07-20 00:41 - 2014-07-26 13:31 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F95BF861-9522-41E9-87DD-C49DDC66815A}
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 ____D () C:\Users\James\AppData\Roaming\Macromedia
2014-07-20 00:40 - 2014-07-20 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Projections Dominator
2014-07-20 00:40 - 1998-10-07 16:05 - 00154392 _____ (Sheridan Software Systems, Inc.) C:\Windows\SysWOW64\Splitter.ocx
2014-07-20 00:39 - 2014-07-20 00:53 - 00000000 ____D () C:\Users\James\AppData\Roaming\Hewlett-Packard
2014-07-20 00:39 - 2014-07-20 00:39 - 00459696 _____ () C:\Users\James\Downloads\sm_dm.exe
2014-07-20 00:39 - 2014-07-20 00:39 - 00000000 ____D () C:\Users\James\AppData\Local\AMD
2014-07-20 00:38 - 2014-07-26 14:05 - 00000000 __RDO () C:\Users\James\OneDrive
2014-07-20 00:37 - 2014-07-20 00:37 - 03516556 _____ ( ) C:\Users\James\Downloads\PD90c_Setup.exe
2014-07-20 00:37 - 2014-07-20 00:37 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-07-20 00:37 - 2014-07-20 00:37 - 00000000 ____D () C:\iolo
2014-07-20 00:37 - 2014-07-16 08:30 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2014-07-20 00:36 - 2014-07-24 22:24 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-376113473-2297420903-2571305959-1002
2014-07-20 00:36 - 2014-07-20 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeDominator
2014-07-20 00:32 - 2014-07-20 00:33 - 02789154 _____ ( ) C:\Users\James\Downloads\TD90a_Setup.exe
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Roaming\ATI
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Local\CyberLink
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Local\ATI
2014-07-20 00:31 - 2014-07-20 00:31 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-20 00:30 - 2014-07-20 00:53 - 00000000 ____D () C:\Users\James\AppData\Local\Packages
2014-07-20 00:30 - 2014-07-20 00:30 - 00001449 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Synaptics
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Adobe
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Local\VirtualStore
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\ProgramData\Synaptics
2014-07-20 00:29 - 2014-07-24 09:14 - 00000000 ____D () C:\Users\James
2014-07-20 00:29 - 2014-07-20 00:29 - 00000020 ___SH () C:\Users\James\ntuser.ini
2014-07-20 00:29 - 2014-04-22 13:07 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-20 00:29 - 2014-04-22 12:23 - 00000000 ___HD () C:\Users\James\Documents\hp.system.package.metadata
2014-07-20 00:29 - 2014-03-18 05:06 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-20 00:29 - 2014-03-18 04:54 - 00000369 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-20 00:29 - 2014-03-18 04:54 - 00000369 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-20 00:29 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-20 00:29 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-20 00:27 - 2014-07-23 17:18 - 00000000 ____D () C:\ProgramData\iolo
2014-07-20 00:27 - 2014-07-20 10:33 - 00000000 ____D () C:\Users\James\AppData\Roaming\iolo
2014-07-20 00:27 - 2014-07-20 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DraftDominator
2014-07-20 00:27 - 2006-03-08 09:27 - 01353360 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\fpSpr60.ocx
2014-07-20 00:27 - 2004-12-07 13:03 - 00451760 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\Tab32x30.ocx
2014-07-20 00:27 - 2002-12-20 15:02 - 01077336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-07-20 00:27 - 2001-03-13 15:49 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-07-20 00:27 - 2000-05-22 01:00 - 00115920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2014-07-20 00:27 - 1999-01-06 18:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xl5en32.olb
2014-07-20 00:26 - 2014-07-20 00:49 - 00000000 ____D () C:\FBG
2014-07-20 00:25 - 2014-07-26 13:51 - 01128927 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 00:25 - 2014-07-20 00:26 - 00459696 _____ () C:\Users\James\Downloads\smpro_dm.exe
2014-07-20 00:22 - 2014-07-20 00:23 - 05477715 _____ ( ) C:\Users\James\Downloads\DD150c_Setup.exe
2014-07-19 07:46 - 2014-07-19 07:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-19 07:37 - 2014-07-19 07:37 - 00000000 ____D () C:\Users\James\AppData\Local\Macromedia
2014-07-19 06:56 - 2014-07-19 06:56 - 00000000 ____D () C:\Users\James\AppData\Roaming\hpqlog
2014-07-19 06:56 - 2014-07-19 06:56 - 00000000 ____D () C:\Users\James\AppData\Local\Hewlett-Packard
2014-07-19 06:48 - 2014-07-19 06:49 - 00001333 _____ () C:\install.log
2014-07-19 06:46 - 2014-07-19 06:46 - 00000000 ____D () C:\Users\James\AppData\Roaming\OpenOffice
2014-07-19 06:45 - 2014-07-26 13:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-19 06:45 - 2014-07-19 06:45 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-19 06:38 - 2014-07-19 06:38 - 00000000 ____D () C:\Users\Public\CyberLink
2014-07-19 06:10 - 2014-07-19 06:13 - 00000000 ____D () C:\Users\James\AppData\Roaming\Mozilla
2014-07-19 06:10 - 2014-07-19 06:13 - 00000000 ____D () C:\Users\James\AppData\Local\Mozilla
2014-07-19 06:10 - 2014-07-19 06:10 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 06:10 - 2014-07-19 06:10 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-19 06:09 - 2014-07-23 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-19 06:09 - 2014-07-19 06:09 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-19 06:06 - 2014-06-27 13:50 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-07-19 05:58 - 2014-07-19 05:58 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-19 05:58 - 2014-07-19 05:58 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-06-30 15:56 - 2014-06-30 15:56 - 03694016 _____ (PureLeads) C:\PureLeadsSetupx21715.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 14:05 - 2014-07-20 00:38 - 00000000 __RDO () C:\Users\James\OneDrive
2014-07-26 14:03 - 2014-07-23 09:07 - 00000000 ____D () C:\FRST
2014-07-26 14:03 - 2014-07-20 00:53 - 00000000 ____D () C:\Users\James\Desktop\Cleanup_Security
2014-07-26 14:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-26 13:59 - 2014-07-20 00:49 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-07-26 13:54 - 2014-07-19 06:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 13:51 - 2014-07-20 00:25 - 01128927 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 13:31 - 2014-07-20 00:41 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F95BF861-9522-41E9-87DD-C49DDC66815A}
2014-07-26 13:28 - 2014-07-25 07:41 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-07-25 19:00 - 2014-04-22 13:41 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-07-25 15:08 - 2014-07-20 12:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 11:58 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-25 08:03 - 2014-07-24 21:50 - 00000000 ____D () C:\AdwCleaner
2014-07-25 07:41 - 2014-07-25 07:41 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-24 22:24 - 2014-07-20 00:36 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-376113473-2297420903-2571305959-1002
2014-07-24 22:02 - 2014-07-24 22:02 - 00000000 ____D () C:\Windows\ERUNT
2014-07-24 22:01 - 2014-03-18 04:53 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-24 21:58 - 2014-07-20 10:25 - 00000000 ____D () C:\Users\James\Documents\Food
2014-07-24 21:56 - 2014-04-22 13:59 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-24 21:56 - 2014-04-22 13:59 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-24 21:56 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 21:55 - 2014-03-18 04:44 - 00048894 _____ () C:\Windows\PFRO.log
2014-07-24 21:55 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-24 21:16 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-24 10:47 - 2014-07-24 10:46 - 00024064 ___SH () C:\Users\James\Downloads\Thumbs.db
2014-07-24 09:14 - 2014-07-20 00:29 - 00000000 ____D () C:\Users\James
2014-07-24 09:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\setup
2014-07-24 06:11 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-07-24 05:54 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-24 05:40 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-24 05:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-07-23 17:18 - 2014-07-20 00:27 - 00000000 ____D () C:\ProgramData\iolo
2014-07-23 16:38 - 2014-07-23 12:01 - 00000000 ____D () C:\Windows\Minidump
2014-07-23 16:38 - 2014-07-23 09:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 16:38 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-07-23 12:05 - 2013-08-22 09:44 - 00377712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-23 12:01 - 2014-07-23 12:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-23 12:01 - 2014-03-18 04:38 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-23 12:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-07-23 12:01 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-07-23 11:50 - 2014-07-23 11:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-23 10:12 - 2014-07-19 06:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-23 09:19 - 2014-07-23 09:19 - 00000512 _____ () C:\Users\James\Desktop\MBR.dat
2014-07-23 09:06 - 2014-07-23 09:06 - 01082368 _____ (Farbar) C:\Users\James\Downloads\FRST.exe
2014-07-23 08:48 - 2014-07-23 08:48 - 00000000 ____D () C:\Users\James\AppData\Roaming\Electronic Arts
2014-07-23 08:47 - 2014-07-23 08:46 - 09091423 _____ (Electronic Arts) C:\Users\James\Downloads\GameFaceBrowserPluginInstaller.1.8.0.0.exe
2014-07-23 08:44 - 2014-07-23 08:44 - 00000000 ____D () C:\Users\James\AppData\Local\Unity
2014-07-23 08:43 - 2014-07-23 08:43 - 01080480 _____ (Unity Technologies ApS) C:\Users\James\Downloads\UnityWebPlayer.exe
2014-07-20 17:50 - 2014-07-20 00:55 - 00000386 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2014-07-20 17:45 - 2013-08-22 08:25 - 00000226 _____ () C:\Windows\win.ini
2014-07-20 12:20 - 2014-07-20 12:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 12:19 - 2014-07-20 12:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 12:18 - 2014-07-20 12:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\James\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 11:36 - 2014-07-20 11:36 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-20 11:35 - 2014-07-20 11:35 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-20 11:35 - 2014-04-22 12:23 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-07-20 10:33 - 2014-07-20 10:33 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-07-20 10:33 - 2014-07-20 10:33 - 00000000 ____D () C:\Windows\system32\config\Before Compact
2014-07-20 10:33 - 2014-07-20 00:27 - 00000000 ____D () C:\Users\James\AppData\Roaming\iolo
2014-07-20 08:12 - 2014-07-20 08:12 - 00021464 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-07-20 01:04 - 2014-04-02 05:25 - 00000000 ____D () C:\Windows\Panther
2014-07-20 01:04 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-07-20 00:56 - 2014-07-20 00:53 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-20 00:54 - 2014-07-20 00:54 - 00004028 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2014-07-20 00:53 - 2014-07-20 00:39 - 00000000 ____D () C:\Users\James\AppData\Roaming\Hewlett-Packard
2014-07-20 00:53 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Local\Packages
2014-07-20 00:52 - 2014-07-20 00:52 - 00000000 ____D () C:\Windows\system32\config\Original
2014-07-20 00:52 - 2014-07-20 00:52 - 00000000 ____D () C:\Users\James\Desktop\Fantasy Tools
2014-07-20 00:50 - 2014-07-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2014-07-20 00:50 - 2014-07-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineupDominator
2014-07-20 00:50 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\restore
2014-07-20 00:49 - 2014-07-20 00:49 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-07-20 00:49 - 2014-07-20 00:49 - 00000000 ____D () C:\Users\James\AppData\Roaming\ioloGovernor
2014-07-20 00:49 - 2014-07-20 00:49 - 00000000 ____D () C:\Program Files (x86)\iolo
2014-07-20 00:49 - 2014-07-20 00:26 - 00000000 ____D () C:\FBG
2014-07-20 00:48 - 2014-07-20 00:47 - 05562242 _____ ( ) C:\Users\James\Downloads\LD90a_Setup.exe
2014-07-20 00:43 - 2014-07-20 00:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieUserList
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 __SHD () C:\Users\James\AppData\Local\EmieSiteList
2014-07-20 00:41 - 2014-07-20 00:41 - 00000000 ____D () C:\Users\James\AppData\Roaming\Macromedia
2014-07-20 00:41 - 2014-04-22 12:53 - 00000000 ___HD () C:\HP
2014-07-20 00:40 - 2014-07-20 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Projections Dominator
2014-07-20 00:39 - 2014-07-20 00:39 - 00459696 _____ () C:\Users\James\Downloads\sm_dm.exe
2014-07-20 00:39 - 2014-07-20 00:39 - 00000000 ____D () C:\Users\James\AppData\Local\AMD
2014-07-20 00:37 - 2014-07-20 00:37 - 03516556 _____ ( ) C:\Users\James\Downloads\PD90c_Setup.exe
2014-07-20 00:37 - 2014-07-20 00:37 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2014-07-20 00:37 - 2014-07-20 00:37 - 00000000 ____D () C:\iolo
2014-07-20 00:36 - 2014-07-20 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeDominator
2014-07-20 00:33 - 2014-07-20 00:32 - 02789154 _____ ( ) C:\Users\James\Downloads\TD90a_Setup.exe
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Roaming\ATI
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Local\CyberLink
2014-07-20 00:32 - 2014-07-20 00:32 - 00000000 ____D () C:\Users\James\AppData\Local\ATI
2014-07-20 00:31 - 2014-07-20 00:31 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-20 00:30 - 2014-07-20 00:30 - 00001449 _____ () C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Synaptics
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Roaming\Adobe
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\Users\James\AppData\Local\VirtualStore
2014-07-20 00:30 - 2014-07-20 00:30 - 00000000 ____D () C:\ProgramData\Synaptics
2014-07-20 00:30 - 2014-04-22 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-07-20 00:30 - 2014-04-22 12:38 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-07-20 00:30 - 2014-04-22 12:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-07-20 00:30 - 2014-04-22 12:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-07-20 00:30 - 2014-03-31 20:07 - 00000000 ___HD () C:\SYSTEM.SAV
2014-07-20 00:29 - 2014-07-20 00:29 - 00000020 ___SH () C:\Users\James\ntuser.ini
2014-07-20 00:27 - 2014-07-20 00:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DraftDominator
2014-07-20 00:26 - 2014-07-20 00:25 - 00459696 _____ () C:\Users\James\Downloads\smpro_dm.exe
2014-07-20 00:23 - 2014-07-20 00:22 - 05477715 _____ ( ) C:\Users\James\Downloads\DD150c_Setup.exe
2014-07-19 07:47 - 2013-08-22 09:46 - 00025744 _____ () C:\Windows\setupact.log
2014-07-19 07:46 - 2014-07-19 07:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-19 07:37 - 2014-07-19 07:37 - 00000000 ____D () C:\Users\James\AppData\Local\Macromedia
2014-07-19 06:56 - 2014-07-19 06:56 - 00000000 ____D () C:\Users\James\AppData\Roaming\hpqlog
2014-07-19 06:56 - 2014-07-19 06:56 - 00000000 ____D () C:\Users\James\AppData\Local\Hewlett-Packard
2014-07-19 06:49 - 2014-07-19 06:48 - 00001333 _____ () C:\install.log
2014-07-19 06:46 - 2014-07-19 06:46 - 00000000 ____D () C:\Users\James\AppData\Roaming\OpenOffice
2014-07-19 06:45 - 2014-07-19 06:45 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-19 06:38 - 2014-07-19 06:38 - 00000000 ____D () C:\Users\Public\CyberLink
2014-07-19 06:13 - 2014-07-19 06:10 - 00000000 ____D () C:\Users\James\AppData\Roaming\Mozilla
2014-07-19 06:13 - 2014-07-19 06:10 - 00000000 ____D () C:\Users\James\AppData\Local\Mozilla
2014-07-19 06:10 - 2014-07-19 06:10 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 06:10 - 2014-07-19 06:10 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-19 06:09 - 2014-07-19 06:09 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-19 05:58 - 2014-07-19 05:58 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-19 05:58 - 2014-07-19 05:58 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-16 08:30 - 2014-07-20 00:37 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2014-07-13 18:39 - 2014-07-20 00:48 - 43459232 _____ (iolo technologies, LLC ) C:\Users\James\Documents\SystemMechanic.exe
2014-07-13 13:53 - 2014-07-20 00:49 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2014-07-13 13:53 - 2014-07-20 00:49 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2014-07-13 13:36 - 2014-07-20 00:50 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2014-07-13 13:36 - 2014-07-20 00:50 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2014-07-13 13:31 - 2014-07-20 00:49 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2014-06-30 17:45 - 2014-07-22 13:03 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 15:56 - 2014-06-30 15:56 - 03694016 _____ (PureLeads) C:\PureLeadsSetupx21715.exe
2014-06-28 02:48 - 2014-07-22 13:03 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 02:07 - 2014-07-22 13:03 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-27 13:50 - 2014-07-19 06:06 - 00464160 _____ (Sendori) C:\Windows\system32\plsapp64.dll
2014-06-26 17:40 - 2014-07-23 11:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-26 15:55 - 2014-07-23 12:07 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 15:55 - 2014-07-23 12:07 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\James\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 21:26

==================== End Of Log ============================


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looking good, how is the machine running?

Let's run a scan for remnants and check for out of date programs.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#13
Jrt2006

Jrt2006

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

As far as the annoying popup, that had been gone since I first scanned with MWB before your beginning topic reply.  I assumed that something may be lingering around afterwards though and knew this was the place to go to get rid of all the dirt, running good though.

 

Let me knock out these other scans for you real quick


  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

As far as the annoying popup, that had been gone since I first scanned with MWB before your beginning topic reply.  I assumed that something may be lingering around afterwards though and knew this was the place to go to get rid of all the dirt, running good though.
 
Let me knock out these other scans for you real quick


:thumbsup:
  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP