Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

have virus and need help


  • This topic is locked This topic is locked
14 replies to this topic

#1 happytobeme

happytobeme

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 14 August 2014 - 08:30 AM

Running windows 7 and need help. everytime i go on the internet i get popups and things install by themself. i have malwarebytes installed and it is not helping me.


Edited by happytobeme, 14 August 2014 - 08:31 AM.


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:35 AM

Posted 16 August 2014 - 03:03 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 16 August 2014 - 05:44 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Ray (administrator) on RAY-PC on 16-08-2014 15:41:26
Running from C:\Users\Ray\Desktop\New folder
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGGA.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\Run: [EPSON NX125 NX127 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\MountPoints2: {38ff4d20-e903-11e3-ad0a-806e6f6e6963} - D:\SETUP.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x951188ADF67ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {6816DDCE-7757-4691-A43C-89A1137C0445} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {6816DDCE-7757-4691-A43C-89A1137C0445} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default
FF Homepage: https://www.yahoo.com/
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default\searchplugins\yahoo_ff.xml
FF Extension: cosstminn - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default\Extensions\e8wwnn@oeolwuiaa.com [2014-08-10]

Chrome:
=======
CHR Extension: (cosstminn) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\glninmcfmpjiaiemlindkgoeilneamcj [2014-08-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 15:40 - 2014-08-16 15:41 - 00000000 ____D () C:\Users\Ray\Desktop\New folder
2014-08-16 15:38 - 2014-08-16 15:41 - 00000000 ____D () C:\FRST
2014-08-16 15:37 - 2014-08-16 15:37 - 02101760 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe
2014-08-16 07:13 - 2014-08-16 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-16 07:11 - 2014-08-16 11:41 - 00000000 ____D () C:\Users\Ray\Desktop\mbar
2014-08-16 07:11 - 2014-08-16 07:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ray\Downloads\mbar-1.07.0.1012.exe
2014-08-16 03:01 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:01 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:01 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:01 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:01 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:01 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:00 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:00 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 22:44 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 22:44 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 22:44 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 22:44 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 22:44 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 22:44 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 22:44 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 22:44 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 22:44 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 22:44 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 22:44 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 22:44 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 22:44 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 22:44 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 22:44 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 22:44 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 22:44 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 22:44 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 22:44 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 22:44 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 22:44 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 22:44 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 22:44 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 22:44 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 22:44 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 22:44 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 22:44 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 22:44 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 22:44 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 22:44 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 22:44 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 22:44 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 22:44 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 22:44 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 22:44 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 22:44 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 22:44 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 22:44 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 22:44 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 22:44 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 22:44 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 22:44 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 22:44 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 22:44 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 22:44 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 22:44 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 22:44 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 22:44 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 22:44 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 22:44 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 22:44 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 22:44 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 22:44 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 22:44 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 22:44 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 22:44 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 22:44 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 22:44 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 22:44 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 22:44 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 22:44 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 22:44 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 22:44 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 22:44 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 22:44 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 22:44 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 22:44 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 22:44 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 22:43 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 22:43 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 22:43 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 22:43 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-14 19:25 - 2014-08-14 19:26 - 00000000 ____D () C:\Users\Ray\Downloads\Robin Williams - Live 2002 (Big Papi) Stand-Up Comedy Audio Explicit Lyrics
2014-08-10 09:57 - 2014-08-16 13:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 09:56 - 2014-08-16 07:12 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-10 09:56 - 2014-08-10 09:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 09:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-10 09:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-10 09:31 - 2014-08-10 09:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 09:30 - 2014-08-10 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 09:28 - 2014-08-10 10:12 - 00000000 ____D () C:\Support
2014-08-10 09:28 - 2014-08-10 09:31 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-10 09:28 - 2014-08-10 09:31 - 00000000 ____D () C:\ProgramData\5ab511c187cd183f
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Torch
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Packages
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Comodo
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Chromatic Browser
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator
2014-08-01 09:12 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 09:12 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 09:12 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 09:12 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 09:11 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 09:11 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 09:11 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 09:11 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 18:59 - 2014-08-01 12:13 - 00011432 _____ () C:\Users\Ray\Desktop\overseed cost.xlsx
2014-07-31 18:59 - 2014-07-31 18:59 - 00237568 _____ () C:\Users\Ray\Downloads\7-25-14 seed.xls
2014-07-31 18:58 - 2014-07-31 18:58 - 00011396 _____ () C:\Users\Ray\Downloads\overseed cost.xlsx
2014-07-30 16:45 - 2014-08-10 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 14:07 - 2014-07-26 14:07 - 00000000 _____ () C:\Users\Ray\Sti_Trace.log
2014-07-26 13:48 - 2014-07-26 13:48 - 00003136 _____ () C:\Windows\System32\Tasks\{BF426F6D-9977-4ADF-8BD7-4D713263CEF6}
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 09:49 - 2014-07-26 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 09:49 - 2014-07-26 09:49 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 09:49 - 2009-11-20 00:00 - 00464384 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2014-07-26 09:49 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2014-07-26 09:49 - 2009-05-01 00:00 - 00017408 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcdev.dll
2014-07-26 09:42 - 2014-07-26 09:42 - 00003112 _____ () C:\Windows\System32\Tasks\{B051AAFA-AA0B-4F47-BF84-E6F774616016}
2014-07-26 09:33 - 2009-10-01 03:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGEA.DLL
2014-07-26 09:33 - 2008-11-12 03:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMGEA.DLL
2014-07-26 09:20 - 2014-07-26 09:20 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Epson
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\InstallShield
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-26 09:06 - 2009-08-20 01:00 - 00000119 _____ () C:\Windows\SysWOW64\epson.sep
2014-07-26 09:06 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2014-07-26 09:06 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicMgr.dll
2014-07-26 09:06 - 2006-10-31 00:10 - 00000097 _____ () C:\Windows\SysWOW64\PICSDK.ini
2014-07-26 09:06 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2014-07-26 09:06 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2014-07-26 09:06 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2014-07-26 09:06 - 2004-03-03 06:10 - 00073220 _____ () C:\Windows\SysWOW64\EPPICPrinterDB.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00031053 _____ () C:\Windows\SysWOW64\EPPICPattern131.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00029114 _____ () C:\Windows\SysWOW64\EPPICPattern1.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00027417 _____ () C:\Windows\SysWOW64\EPPICPattern121.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00021021 _____ () C:\Windows\SysWOW64\EPPICPattern3.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00015670 _____ () C:\Windows\SysWOW64\EPPICPattern5.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00013280 _____ () C:\Windows\SysWOW64\EPPICPattern2.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00012669 _____ () C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00010673 _____ () C:\Windows\SysWOW64\EPPICPattern4.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00006478 _____ () C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006478 _____ () C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006366 _____ () C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006366 _____ () C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006226 _____ () C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00004943 _____ () C:\Windows\SysWOW64\EPPICPattern6.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001140 _____ () C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001140 _____ () C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001137 _____ () C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001130 _____ () C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001130 _____ () C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001104 _____ () C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2014-07-26 09:05 - 2014-07-26 09:52 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 09:05 - 2014-07-26 09:49 - 00000000 ____D () C:\ProgramData\EPSON
2014-07-26 09:05 - 2009-09-30 20:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGGA.DLL
2014-07-26 09:05 - 2008-11-11 20:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMGGA.DLL
2014-07-26 09:04 - 2014-07-26 09:04 - 00000051 _____ () C:\Windows\ENX125_127.ini
2014-07-26 09:00 - 2014-07-26 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 17:56 - 2014-08-04 18:12 - 00231936 _____ () C:\Users\Ray\Desktop\7-25-14 seed.xls
2014-07-25 17:55 - 2014-07-25 18:29 - 00033280 _____ () C:\Users\Ray\Desktop\4-25-14 FERTILIZER 21-0-0.xls
2014-07-25 16:13 - 2014-07-25 16:13 - 00973824 ____N () C:\Users\Ray\Desktop\WEEKLY TIMECARDS (2).xls
2014-07-25 16:12 - 2014-07-25 17:55 - 00197120 _____ () C:\Users\Ray\Desktop\Equipment List.xls
2014-07-20 20:12 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Google
2014-07-20 20:12 - 2014-07-21 17:06 - 00000019 _____ () C:\END
2014-07-19 08:26 - 2014-08-10 09:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 08:17 - 2014-07-19 08:18 - 00006718 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 15:41 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\Ray\Desktop\New folder
2014-08-16 15:41 - 2014-08-16 15:38 - 00000000 ____D () C:\FRST
2014-08-16 15:37 - 2014-08-16 15:37 - 02101760 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe
2014-08-16 15:37 - 2014-06-07 16:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 15:26 - 2014-05-31 20:25 - 00003464 _____ () C:\Windows\System32\Tasks\GPUpdateCheck
2014-08-16 14:37 - 2014-05-28 19:27 - 01569041 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 13:45 - 2014-08-10 09:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 12:06 - 2014-05-28 20:18 - 00000000 _____ () C:\Windows\Path.idx
2014-08-16 11:41 - 2014-08-16 07:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-16 11:41 - 2014-08-16 07:11 - 00000000 ____D () C:\Users\Ray\Desktop\mbar
2014-08-16 07:12 - 2014-08-10 09:56 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 07:11 - 2014-08-16 07:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ray\Downloads\mbar-1.07.0.1012.exe
2014-08-16 04:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 03:40 - 2009-07-13 21:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 03:40 - 2009-07-13 21:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 03:32 - 2009-07-13 22:13 - 00781778 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 03:27 - 2014-05-28 20:13 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-08-16 03:25 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 03:25 - 2009-07-13 21:51 - 00028821 _____ () C:\Windows\setupact.log
2014-08-16 03:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 03:08 - 2014-05-28 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 03:05 - 2014-07-13 14:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:04 - 2014-07-13 14:02 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:00 - 2014-05-29 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-08-15 20:26 - 2014-06-07 16:45 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 20:26 - 2014-06-07 16:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 20:26 - 2014-05-31 17:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 20:00 - 2014-05-28 19:35 - 00000343 _____ () C:\Windows\lgfwup.ini
2014-08-15 20:00 - 2014-05-28 19:35 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-08-14 23:53 - 2014-06-03 18:44 - 00002208 _____ () C:\Windows\MB.idx
2014-08-14 19:54 - 2014-05-29 20:33 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\uTorrent
2014-08-14 19:26 - 2014-08-14 19:25 - 00000000 ____D () C:\Users\Ray\Downloads\Robin Williams - Live 2002 (Big Papi) Stand-Up Comedy Audio Explicit Lyrics
2014-08-11 18:29 - 2010-11-20 20:47 - 00119736 _____ () C:\Windows\PFRO.log
2014-08-10 10:12 - 2014-08-10 09:28 - 00000000 ____D () C:\Support
2014-08-10 09:56 - 2014-08-10 09:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 09:54 - 2014-07-30 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 09:36 - 2014-05-29 20:35 - 00000827 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-08-10 09:33 - 2014-07-19 08:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 09:32 - 2014-05-28 21:35 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 09:32 - 2014-05-28 21:35 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 09:32 - 2014-05-28 19:28 - 00001413 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-10 09:31 - 2014-08-10 09:28 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-10 09:31 - 2014-08-10 09:28 - 00000000 ____D () C:\ProgramData\5ab511c187cd183f
2014-08-10 09:30 - 2014-08-10 09:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 09:30 - 2014-08-10 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 09:30 - 2014-05-28 20:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Torch
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Packages
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Comodo
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Chromatic Browser
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator
2014-08-10 09:28 - 2014-07-20 20:12 - 00000000 ____D () C:\Users\Ray\AppData\Local\Google
2014-08-10 09:28 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-10 09:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-10 08:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-09 17:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Web
2014-08-06 19:06 - 2014-08-15 22:43 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-15 22:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 18:12 - 2014-07-25 17:56 - 00231936 _____ () C:\Users\Ray\Desktop\7-25-14 seed.xls
2014-08-04 16:30 - 2014-05-28 21:57 - 00000000 ____D () C:\Users\Ray\Documents\Outlook Files
2014-08-04 16:27 - 2014-05-28 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 12:13 - 2014-07-31 18:59 - 00011432 _____ () C:\Users\Ray\Desktop\overseed cost.xlsx
2014-07-31 18:59 - 2014-07-31 18:59 - 00237568 _____ () C:\Users\Ray\Downloads\7-25-14 seed.xls
2014-07-31 18:58 - 2014-07-31 18:58 - 00011396 _____ () C:\Users\Ray\Downloads\overseed cost.xlsx
2014-07-31 16:41 - 2014-08-15 22:44 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 16:16 - 2014-08-15 22:44 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-26 14:07 - 2014-07-26 14:07 - 00000000 _____ () C:\Users\Ray\Sti_Trace.log
2014-07-26 14:07 - 2014-05-28 19:27 - 00000000 ____D () C:\Users\Ray
2014-07-26 14:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Vss
2014-07-26 13:48 - 2014-07-26 13:48 - 00003136 _____ () C:\Windows\System32\Tasks\{BF426F6D-9977-4ADF-8BD7-4D713263CEF6}
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 09:52 - 2014-07-26 09:05 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 09:52 - 2014-05-28 19:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-26 09:51 - 2014-07-26 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 09:49 - 2014-07-26 09:49 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 09:49 - 2014-07-26 09:05 - 00000000 ____D () C:\ProgramData\EPSON
2014-07-26 09:42 - 2014-07-26 09:42 - 00003112 _____ () C:\Windows\System32\Tasks\{B051AAFA-AA0B-4F47-BF84-E6F774616016}
2014-07-26 09:20 - 2014-07-26 09:20 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Epson
2014-07-26 09:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-07-26 09:17 - 2014-05-31 20:13 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\rmi
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\InstallShield
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-26 09:04 - 2014-07-26 09:04 - 00000051 _____ () C:\Windows\ENX125_127.ini
2014-07-26 09:00 - 2014-07-26 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 18:29 - 2014-07-25 17:55 - 00033280 _____ () C:\Users\Ray\Desktop\4-25-14 FERTILIZER 21-0-0.xls
2014-07-25 17:55 - 2014-07-25 16:12 - 00197120 _____ () C:\Users\Ray\Desktop\Equipment List.xls
2014-07-25 16:13 - 2014-07-25 16:13 - 00973824 ____N () C:\Users\Ray\Desktop\WEEKLY TIMECARDS (2).xls
2014-07-25 07:52 - 2014-08-15 22:44 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 07:02 - 2014-08-15 22:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 07:01 - 2014-08-15 22:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 06:51 - 2014-08-15 22:44 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 06:30 - 2014-08-15 22:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 06:28 - 2014-08-15 22:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 06:28 - 2014-08-15 22:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 06:25 - 2014-08-15 22:44 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 06:25 - 2014-08-15 22:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 06:11 - 2014-08-15 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 06:10 - 2014-08-15 22:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 06:04 - 2014-08-15 22:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 06:03 - 2014-08-15 22:44 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 06:00 - 2014-08-15 22:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 06:00 - 2014-08-15 22:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 05:59 - 2014-08-15 22:44 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 05:47 - 2014-08-15 22:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 05:40 - 2014-08-15 22:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 05:34 - 2014-08-15 22:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 05:34 - 2014-08-15 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 05:33 - 2014-08-15 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 05:30 - 2014-08-15 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 05:28 - 2014-08-15 22:44 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 05:28 - 2014-08-15 22:44 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 05:21 - 2014-08-15 22:44 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 05:19 - 2014-08-15 22:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 05:18 - 2014-08-15 22:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 05:17 - 2014-08-15 22:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 05:17 - 2014-08-15 22:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 05:12 - 2014-08-15 22:44 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 05:10 - 2014-08-15 22:44 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 05:10 - 2014-08-15 22:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 05:08 - 2014-08-15 22:44 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 05:06 - 2014-08-15 22:44 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 04:52 - 2014-08-15 22:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 04:47 - 2014-08-15 22:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 04:43 - 2014-08-15 22:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 04:42 - 2014-08-15 22:44 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 04:39 - 2014-08-15 22:44 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 04:39 - 2014-08-15 22:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 04:36 - 2014-08-15 22:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 04:34 - 2014-08-15 22:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 04:29 - 2014-08-15 22:44 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 04:23 - 2014-08-15 22:44 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 04:13 - 2014-08-15 22:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 04:07 - 2014-08-15 22:44 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 04:07 - 2014-08-15 22:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 04:03 - 2014-08-15 22:44 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 03:52 - 2014-08-15 22:44 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 03:26 - 2014-08-15 22:44 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 03:17 - 2014-08-15 22:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 03:09 - 2014-08-15 22:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 03:05 - 2014-08-15 22:44 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 03:00 - 2014-08-15 22:44 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 17:36 - 2014-05-31 22:18 - 00000087 _____ () C:\Users\Ray\AppData\default.pls
2014-07-21 17:06 - 2014-07-20 20:12 - 00000019 _____ () C:\END
2014-07-19 08:18 - 2014-07-19 08:17 - 00006718 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

Some content of TEMP:
====================
C:\Users\Ray\AppData\Local\Temp\32yody2f.yai.exe
C:\Users\Ray\AppData\Local\Temp\h435v3ne.bxa.exe
C:\Users\Ray\AppData\Local\Temp\hghyi4i0.ayl.exe
C:\Users\Ray\AppData\Local\Temp\jbnfrpqa.30y.exe
C:\Users\Ray\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Ray\AppData\Local\Temp\kay5owyg.rq5.exe
C:\Users\Ray\AppData\Local\Temp\kesou02d.gho.exe
C:\Users\Ray\AppData\Local\Temp\ose00000.exe
C:\Users\Ray\AppData\Local\Temp\p4g0ih2b.3jk.exe
C:\Users\Ray\AppData\Local\Temp\y5r1vrnn.y4t.exe
C:\Users\Ray\AppData\Local\Temp\_is4E09.exe
C:\Users\Ray\AppData\Local\Temp\_isF008.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 15:58

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Ray at 2014-08-16 15:41:52
Running from C:\Users\Ray\Desktop\New folder
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
AMD Accelerated Video Transcoding (Version: 13.20.100.30911 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{4B5124DF-F465-2BA6-FCCF-82C149E1223D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0911.2153.37488 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
CPUID ASUS CPU-Z 1.65 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.65 - CPUID, Inc.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.6603 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.0.2812 - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (x32 Version: 7.0.0.3328 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland)
Epson Event Manager (HKLM-x32\...\{0A91B119-D61E-4526-8E32-5B2BA711C2A1}) (Version: 2.40.0000 - SEIKO EPSON CORPORATION)
EPSON NX125 NX127 Series Printer Uninstall (HKLM\...\EPSON NX125 NX127 Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{5FCCD531-1B38-4A94-924C-127F722F1033}) (Version: 8.2.89 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )
YouCam (x32 Version: 3.1.5324 - CyberLink Corp.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-07-2014 16:05:10 Installed Epson Event Manager
26-07-2014 16:33:29 Device Driver Package Install: EPSON Printers
26-07-2014 16:42:27 Installed Epson Event Manager
26-07-2014 16:43:21 Installed Epson Event Manager
26-07-2014 16:43:55 Removed Epson Event Manager
26-07-2014 16:51:53 Installed Epson Event Manager
27-07-2014 00:22:23 Windows Update
30-07-2014 22:54:28 Windows Update
01-08-2014 16:11:32 Windows Update
03-08-2014 01:11:10 Windows Update
07-08-2014 00:44:32 Windows Update
10-08-2014 03:20:55 Windows Update
10-08-2014 16:30:15 Installed Java 7 Update 67
13-08-2014 06:48:21 Windows Update
16-08-2014 10:00:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14BF3E3E-CF7E-4457-BDF5-6E816DCC4DAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {16A4F63F-78E6-4E8D-9EEB-E607CC8550AF} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {1B616D87-C8DD-41D6-90EE-E6FDA7F25DB3} - System32\Tasks\GPUpdate => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-09] ()
Task: {22A44140-ABD3-44A5-8942-F50C4C2C2B7B} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {24DF4A88-1E4A-4A16-B94A-7334E90C342B} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {39B6737A-6062-4B3D-9D7A-5BE4F4265B43} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {7BFF3CCF-23B7-468A-B8F7-40829AA83F55} - \AutoKMS No Task File <==== ATTENTION
Task: {81C2B581-EF45-49A7-AF17-370488CBB386} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-09] ()
Task: {BF9CAEE6-1740-406E-AFE0-D25B30043E39} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe [2013-08-26] (ASUSTeK Computer Inc.)
Task: {E6B67C83-08F0-46F8-A475-5993BA2F280E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {F2FE5494-48C8-4C74-82A7-3A17C513FD75} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-11 21:57 - 2013-09-11 21:57 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-09-17 03:58 - 2013-09-17 03:58 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-03-29 23:32 - 2009-03-29 23:32 - 00032768 ____R () C:\Windows\DAODx.exe
2013-09-11 21:57 - 2013-09-11 21:57 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2014-05-28 20:01 - 2014-08-16 03:25 - 00033792 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-05-28 20:01 - 2010-06-28 19:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-05-28 20:07 - 2012-02-06 21:08 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\pngio.dll
2014-05-28 20:07 - 2012-05-02 18:04 - 00233472 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\AudioProjection.dll
2014-05-28 20:07 - 2010-12-14 17:46 - 00067584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\CoreAudioCap.dll
2014-05-28 20:07 - 2013-08-05 11:14 - 00176128 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\DLCapPP.dll
2014-05-28 20:07 - 2013-06-11 12:06 - 00425984 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\awiscale.DLL
2014-05-28 20:07 - 2010-10-29 18:58 - 00221184 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\JpegCD.DLL
2014-05-28 20:07 - 2013-08-06 20:04 - 02502656 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\xH264E.DLL
2014-05-28 20:07 - 2012-01-12 16:44 - 00475136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFiGO_HookKey.dll
2014-05-28 20:07 - 2013-06-13 17:37 - 00156160 _____ () C:\Program Files (x86)\InstallShield Installation Information\{104BE4B8-D1DB-4170-977B-364960893DC8}\CloudAPI\CloudAPI.dll
2014-05-28 20:07 - 2013-03-21 19:38 - 00716800 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiMoveHelp.dll
2014-05-28 20:07 - 2012-04-25 14:47 - 00659456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\PhoneCtrlAPI.dll
2014-05-28 20:09 - 2013-08-19 02:23 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-05-28 20:08 - 2013-08-19 17:21 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2014-05-28 20:02 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-05-28 20:02 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-05-28 20:04 - 2013-01-28 15:58 - 00870400 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2014-05-28 20:02 - 2012-10-08 17:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-05-28 20:02 - 2013-05-08 16:22 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2014-05-28 20:04 - 2012-06-19 12:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2014-05-28 20:05 - 2013-06-24 15:59 - 01173504 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2014-05-28 20:05 - 2012-07-20 09:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2014-05-28 20:07 - 2013-06-24 17:48 - 02055168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\WiFiGO.dll
2014-05-28 20:02 - 2013-04-15 14:19 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-05-28 20:02 - 2012-05-28 21:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-05-28 20:02 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-05-28 20:02 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-05-28 20:02 - 2012-08-29 18:09 - 00875520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-05-28 20:01 - 2010-08-22 19:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2014-05-28 20:02 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-05-28 20:10 - 2012-01-19 09:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
2014-05-28 20:10 - 2010-09-23 11:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll
2014-05-28 20:10 - 2010-02-25 14:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll
2014-05-28 20:02 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2014-07-30 16:45 - 2014-07-30 16:45 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-15 20:26 - 2014-08-15 20:26 - 17048240 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2014 03:26:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 03:25:59 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Data.OracleClient, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86".  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Messaging, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Runtime.Serialization.Formatters.Soap, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.VisualBasic, Version=8.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "CustomMarshalers, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=x86" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.


System errors:
=============
Error: (08/12/2014 03:32:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/30/2014 03:43:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (07/20/2014 07:40:17 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.179.469.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/16/2014 06:16:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (07/12/2014 01:57:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (07/07/2014 08:47:53 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (07/05/2014 06:30:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (06/26/2014 10:29:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.177.864.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (06/26/2014 10:29:06 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.177.864.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (06/26/2014 08:19:08 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005


Microsoft Office Sessions:
=========================
Error: (08/16/2014 03:26:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/16/2014 03:25:59 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Data.OracleClient, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86".  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Deployment, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Messaging, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Utilities, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Runtime.Serialization.Formatters.Soap, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:58 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.VisualBasic, Version=8.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "CustomMarshalers, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=x86" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (08/16/2014 03:25:57 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "dfsvc, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.


==================== Memory info ===========================

Processor: AMD FX™-4300 Quad-Core Processor
Percentage of memory in use: 22%
Total physical RAM: 8089.47 MB
Available physical RAM: 6250.09 MB
Total Pagefile: 16177.13 MB
Available Pagefile: 13256.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:766.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A107348)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:35 AM

Posted 17 August 2014 - 01:46 PM

Hi,
please run the following fix.

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   2.08KB   6 downloads


After the reboot:


Step 2
frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
Please test how it is running and give me a feedback which problems still persist.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 17 August 2014 - 02:03 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Ray at 2014-08-17 11:56:47 Run:1
Running from C:\Users\Ray\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver1BlockAndSurf\BlockAndSurf.exe
C:\Program Files (x86)\ver1BlockAndSurf\
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
C:\Program Files (x86)\Common Files\ChromeHelper
Task: {7BFF3CCF-23B7-468A-B8F7-40829AA83F55} - \AutoKMS No Task File <==== ATTENTION
Task: {1B616D87-C8DD-41D6-90EE-E6FDA7F25DB3} - System32\Tasks\GPUpdate => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-09] ()
Task: {81C2B581-EF45-49A7-AF17-370488CBB386} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-09] ()
C:\Program Files (x86)\GetPrivate
C:\Users\Ray\AppData\Roaming\GetPrivate
2014-08-10 09:28 - 2014-08-10 10:12 - 00000000 ____D () C:\Support
2014-08-10 09:28 - 2014-08-10 09:31 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-10 09:28 - 2014-08-10 09:31 - 00000000 ____D () C:\ProgramData\5ab511c187cd183f
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Torch
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Packages
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Comodo
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Chromatic Browser
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Guest
2014-08-10 09:28 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Administrator
CHR Extension: (cosstminn) - C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\glninmcfmpjiaiemlindkgoeilneamcj [2014-08-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Extension: cosstminn - C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default\Extensions\e8wwnn@oeolwuiaa.com [2014-08-10]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
EmptyTemp:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BlockAndSurf => value deleted successfully.
"C:\Program Files (x86)\ver1BlockAndSurf" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ChromeHelper => value deleted successfully.
"C:\Program Files (x86)\Common Files\ChromeHelper" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7BFF3CCF-23B7-468A-B8F7-40829AA83F55}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BFF3CCF-23B7-468A-B8F7-40829AA83F55}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B616D87-C8DD-41D6-90EE-E6FDA7F25DB3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B616D87-C8DD-41D6-90EE-E6FDA7F25DB3}" => Key deleted successfully.
C:\Windows\System32\Tasks\GPUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81C2B581-EF45-49A7-AF17-370488CBB386}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81C2B581-EF45-49A7-AF17-370488CBB386}" => Key deleted successfully.
C:\Windows\System32\Tasks\GPUpdateCheck => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUpdateCheck" => Key deleted successfully.
C:\Program Files (x86)\GetPrivate => Moved successfully.
C:\Users\Ray\AppData\Roaming\GetPrivate => Moved successfully.
C:\Support => Moved successfully.
C:\ProgramData\ntuser.pol => Moved successfully.
C:\ProgramData\5ab511c187cd183f => Moved successfully.
C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf => Moved successfully.
C:\Users\Ray\AppData\Local\Torch => Moved successfully.
C:\Users\Ray\AppData\Local\Packages => Moved successfully.
C:\Users\Ray\AppData\Local\Comodo => Moved successfully.
C:\Users\Ray\AppData\Local\Chromatic Browser => Moved successfully.
C:\Users\HomeGroupUser$ => Moved successfully.
C:\Users\Guest => Moved successfully.
C:\Users\Administrator => Moved successfully.
C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\glninmcfmpjiaiemlindkgoeilneamcj => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default\Extensions\e8wwnn@oeolwuiaa.com => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
EmptyTemp: => Removed 212.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#6 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 17 August 2014 - 02:04 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Ray (administrator) on RAY-PC on 17-08-2014 12:03:31
Running from C:\Users\Ray\Desktop\New folder
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\Run: [EPSON NX125 NX127 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\MountPoints2: {38ff4d20-e903-11e3-ad0a-806e6f6e6963} - D:\SETUP.EXE

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x951188ADF67ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {6816DDCE-7757-4691-A43C-89A1137C0445} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKCU - {6816DDCE-7757-4691-A43C-89A1137C0445} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default
FF Homepage: https://www.yahoo.com/
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default\searchplugins\yahoo_ff.xml

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 11:58 - 2014-08-17 11:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-16 15:40 - 2014-08-17 12:03 - 00000000 ____D () C:\Users\Ray\Desktop\New folder
2014-08-16 15:38 - 2014-08-17 12:03 - 00000000 ____D () C:\FRST
2014-08-16 15:37 - 2014-08-16 15:37 - 02101760 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe
2014-08-16 07:13 - 2014-08-16 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-16 07:11 - 2014-08-16 11:41 - 00000000 ____D () C:\Users\Ray\Desktop\mbar
2014-08-16 07:11 - 2014-08-16 07:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ray\Downloads\mbar-1.07.0.1012.exe
2014-08-16 03:01 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:01 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:01 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:01 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:01 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:01 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:00 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:00 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 22:44 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 22:44 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 22:44 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 22:44 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 22:44 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 22:44 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 22:44 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 22:44 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 22:44 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 22:44 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 22:44 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 22:44 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 22:44 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 22:44 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 22:44 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 22:44 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 22:44 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 22:44 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 22:44 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 22:44 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 22:44 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 22:44 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 22:44 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 22:44 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 22:44 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 22:44 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 22:44 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 22:44 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 22:44 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 22:44 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 22:44 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 22:44 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 22:44 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 22:44 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 22:44 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 22:44 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 22:44 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 22:44 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 22:44 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 22:44 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 22:44 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 22:44 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 22:44 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 22:44 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 22:44 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 22:44 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 22:44 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 22:44 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 22:44 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 22:44 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 22:44 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 22:44 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 22:44 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 22:44 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 22:44 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 22:44 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 22:44 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 22:44 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 22:44 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 22:44 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 22:44 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 22:44 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 22:44 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 22:44 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 22:44 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 22:44 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 22:44 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 22:44 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 22:43 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 22:43 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 22:43 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 22:43 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-14 19:25 - 2014-08-14 19:26 - 00000000 ____D () C:\Users\Ray\Downloads\Robin Williams - Live 2002 (Big Papi) Stand-Up Comedy Audio Explicit Lyrics
2014-08-10 09:57 - 2014-08-17 11:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 09:56 - 2014-08-16 07:12 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-10 09:56 - 2014-08-10 09:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 09:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-10 09:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-10 09:31 - 2014-08-10 09:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 09:30 - 2014-08-10 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 09:12 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 09:12 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 09:12 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 09:12 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 09:11 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 09:11 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 09:11 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 09:11 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 18:59 - 2014-08-01 12:13 - 00011432 _____ () C:\Users\Ray\Desktop\overseed cost.xlsx
2014-07-31 18:59 - 2014-07-31 18:59 - 00237568 _____ () C:\Users\Ray\Downloads\7-25-14 seed.xls
2014-07-31 18:58 - 2014-07-31 18:58 - 00011396 _____ () C:\Users\Ray\Downloads\overseed cost.xlsx
2014-07-30 16:45 - 2014-08-10 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 14:07 - 2014-07-26 14:07 - 00000000 _____ () C:\Users\Ray\Sti_Trace.log
2014-07-26 13:48 - 2014-07-26 13:48 - 00003136 _____ () C:\Windows\System32\Tasks\{BF426F6D-9977-4ADF-8BD7-4D713263CEF6}
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 09:49 - 2014-07-26 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 09:49 - 2014-07-26 09:49 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 09:49 - 2009-11-20 00:00 - 00464384 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2014-07-26 09:49 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2014-07-26 09:49 - 2009-05-01 00:00 - 00017408 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcdev.dll
2014-07-26 09:42 - 2014-07-26 09:42 - 00003112 _____ () C:\Windows\System32\Tasks\{B051AAFA-AA0B-4F47-BF84-E6F774616016}
2014-07-26 09:33 - 2009-10-01 03:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGEA.DLL
2014-07-26 09:33 - 2008-11-12 03:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMGEA.DLL
2014-07-26 09:20 - 2014-07-26 09:20 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Epson
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\InstallShield
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-26 09:06 - 2009-08-20 01:00 - 00000119 _____ () C:\Windows\SysWOW64\epson.sep
2014-07-26 09:06 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2014-07-26 09:06 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicMgr.dll
2014-07-26 09:06 - 2006-10-31 00:10 - 00000097 _____ () C:\Windows\SysWOW64\PICSDK.ini
2014-07-26 09:06 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2014-07-26 09:06 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2014-07-26 09:06 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2014-07-26 09:06 - 2004-03-03 06:10 - 00073220 _____ () C:\Windows\SysWOW64\EPPICPrinterDB.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00031053 _____ () C:\Windows\SysWOW64\EPPICPattern131.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00029114 _____ () C:\Windows\SysWOW64\EPPICPattern1.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00027417 _____ () C:\Windows\SysWOW64\EPPICPattern121.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00021021 _____ () C:\Windows\SysWOW64\EPPICPattern3.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00015670 _____ () C:\Windows\SysWOW64\EPPICPattern5.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00013280 _____ () C:\Windows\SysWOW64\EPPICPattern2.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00012669 _____ () C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00010673 _____ () C:\Windows\SysWOW64\EPPICPattern4.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00006478 _____ () C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006478 _____ () C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006366 _____ () C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006366 _____ () C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006226 _____ () C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00004943 _____ () C:\Windows\SysWOW64\EPPICPattern6.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001140 _____ () C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001140 _____ () C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001137 _____ () C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001130 _____ () C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001130 _____ () C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001104 _____ () C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2014-07-26 09:05 - 2014-07-26 09:52 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 09:05 - 2014-07-26 09:49 - 00000000 ____D () C:\ProgramData\EPSON
2014-07-26 09:05 - 2009-09-30 20:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGGA.DLL
2014-07-26 09:05 - 2008-11-11 20:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMGGA.DLL
2014-07-26 09:04 - 2014-07-26 09:04 - 00000051 _____ () C:\Windows\ENX125_127.ini
2014-07-26 09:00 - 2014-07-26 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 17:56 - 2014-08-04 18:12 - 00231936 _____ () C:\Users\Ray\Desktop\7-25-14 seed.xls
2014-07-25 17:55 - 2014-07-25 18:29 - 00033280 _____ () C:\Users\Ray\Desktop\4-25-14 FERTILIZER 21-0-0.xls
2014-07-25 16:13 - 2014-07-25 16:13 - 00973824 ____N () C:\Users\Ray\Desktop\WEEKLY TIMECARDS (2).xls
2014-07-25 16:12 - 2014-07-25 17:55 - 00197120 _____ () C:\Users\Ray\Desktop\Equipment List.xls
2014-07-20 20:12 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Google
2014-07-20 20:12 - 2014-07-21 17:06 - 00000019 _____ () C:\END
2014-07-19 08:26 - 2014-08-10 09:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 08:17 - 2014-07-19 08:18 - 00006718 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 12:03 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\Ray\Desktop\New folder
2014-08-17 12:03 - 2014-08-16 15:38 - 00000000 ____D () C:\FRST
2014-08-17 11:59 - 2014-05-28 20:13 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-08-17 11:59 - 2014-05-28 19:35 - 00000343 _____ () C:\Windows\lgfwup.ini
2014-08-17 11:59 - 2014-05-28 19:35 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-08-17 11:58 - 2014-08-17 11:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-17 11:58 - 2014-08-10 09:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 11:58 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 11:58 - 2009-07-13 21:51 - 00028877 _____ () C:\Windows\setupact.log
2014-08-17 11:57 - 2014-05-28 19:27 - 01630349 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 11:57 - 2010-11-20 20:47 - 00120812 _____ () C:\Windows\PFRO.log
2014-08-17 11:56 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-17 11:48 - 2014-06-03 18:44 - 00002208 _____ () C:\Windows\MB.idx
2014-08-17 11:48 - 2014-05-28 20:18 - 00000551 _____ () C:\Windows\Path.idx
2014-08-17 11:37 - 2014-06-07 16:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-17 08:55 - 2009-07-13 21:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 08:55 - 2009-07-13 21:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 15:37 - 2014-08-16 15:37 - 02101760 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe
2014-08-16 11:41 - 2014-08-16 07:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-16 11:41 - 2014-08-16 07:11 - 00000000 ____D () C:\Users\Ray\Desktop\mbar
2014-08-16 07:12 - 2014-08-10 09:56 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 07:11 - 2014-08-16 07:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ray\Downloads\mbar-1.07.0.1012.exe
2014-08-16 04:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 03:32 - 2009-07-13 22:13 - 00781778 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-16 03:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 03:08 - 2014-05-28 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 03:05 - 2014-07-13 14:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:04 - 2014-07-13 14:02 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:00 - 2014-05-29 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-15 20:26 - 2014-06-07 16:45 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 20:26 - 2014-06-07 16:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 20:26 - 2014-05-31 17:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 19:54 - 2014-05-29 20:33 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\uTorrent
2014-08-14 19:26 - 2014-08-14 19:25 - 00000000 ____D () C:\Users\Ray\Downloads\Robin Williams - Live 2002 (Big Papi) Stand-Up Comedy Audio Explicit Lyrics
2014-08-10 09:56 - 2014-08-10 09:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 09:54 - 2014-07-30 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 09:36 - 2014-05-29 20:35 - 00000827 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-08-10 09:33 - 2014-07-19 08:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 09:32 - 2014-05-28 21:35 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 09:32 - 2014-05-28 21:35 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 09:32 - 2014-05-28 19:28 - 00001413 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-10 09:30 - 2014-08-10 09:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 09:30 - 2014-08-10 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 09:30 - 2014-05-28 20:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-10 09:28 - 2014-07-20 20:12 - 00000000 ____D () C:\Users\Ray\AppData\Local\Google
2014-08-10 09:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-10 08:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-09 17:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Web
2014-08-06 19:06 - 2014-08-15 22:43 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-15 22:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 18:12 - 2014-07-25 17:56 - 00231936 _____ () C:\Users\Ray\Desktop\7-25-14 seed.xls
2014-08-04 16:30 - 2014-05-28 21:57 - 00000000 ____D () C:\Users\Ray\Documents\Outlook Files
2014-08-04 16:27 - 2014-05-28 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 12:13 - 2014-07-31 18:59 - 00011432 _____ () C:\Users\Ray\Desktop\overseed cost.xlsx
2014-07-31 18:59 - 2014-07-31 18:59 - 00237568 _____ () C:\Users\Ray\Downloads\7-25-14 seed.xls
2014-07-31 18:58 - 2014-07-31 18:58 - 00011396 _____ () C:\Users\Ray\Downloads\overseed cost.xlsx
2014-07-31 16:41 - 2014-08-15 22:44 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 16:16 - 2014-08-15 22:44 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-26 14:07 - 2014-07-26 14:07 - 00000000 _____ () C:\Users\Ray\Sti_Trace.log
2014-07-26 14:07 - 2014-05-28 19:27 - 00000000 ____D () C:\Users\Ray
2014-07-26 14:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Vss
2014-07-26 13:48 - 2014-07-26 13:48 - 00003136 _____ () C:\Windows\System32\Tasks\{BF426F6D-9977-4ADF-8BD7-4D713263CEF6}
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 09:52 - 2014-07-26 09:05 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 09:52 - 2014-05-28 19:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-26 09:51 - 2014-07-26 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 09:49 - 2014-07-26 09:49 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 09:49 - 2014-07-26 09:05 - 00000000 ____D () C:\ProgramData\EPSON
2014-07-26 09:42 - 2014-07-26 09:42 - 00003112 _____ () C:\Windows\System32\Tasks\{B051AAFA-AA0B-4F47-BF84-E6F774616016}
2014-07-26 09:20 - 2014-07-26 09:20 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Epson
2014-07-26 09:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-07-26 09:17 - 2014-05-31 20:13 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\rmi
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\InstallShield
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-26 09:04 - 2014-07-26 09:04 - 00000051 _____ () C:\Windows\ENX125_127.ini
2014-07-26 09:00 - 2014-07-26 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 18:29 - 2014-07-25 17:55 - 00033280 _____ () C:\Users\Ray\Desktop\4-25-14 FERTILIZER 21-0-0.xls
2014-07-25 17:55 - 2014-07-25 16:12 - 00197120 _____ () C:\Users\Ray\Desktop\Equipment List.xls
2014-07-25 16:13 - 2014-07-25 16:13 - 00973824 ____N () C:\Users\Ray\Desktop\WEEKLY TIMECARDS (2).xls
2014-07-25 07:52 - 2014-08-15 22:44 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 07:02 - 2014-08-15 22:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 07:01 - 2014-08-15 22:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 06:51 - 2014-08-15 22:44 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 06:30 - 2014-08-15 22:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 06:28 - 2014-08-15 22:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 06:28 - 2014-08-15 22:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 06:25 - 2014-08-15 22:44 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 06:25 - 2014-08-15 22:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 06:11 - 2014-08-15 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 06:10 - 2014-08-15 22:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 06:04 - 2014-08-15 22:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 06:03 - 2014-08-15 22:44 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 06:00 - 2014-08-15 22:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 06:00 - 2014-08-15 22:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 05:59 - 2014-08-15 22:44 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 05:47 - 2014-08-15 22:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 05:40 - 2014-08-15 22:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 05:34 - 2014-08-15 22:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 05:34 - 2014-08-15 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 05:33 - 2014-08-15 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 05:30 - 2014-08-15 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 05:28 - 2014-08-15 22:44 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 05:28 - 2014-08-15 22:44 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 05:21 - 2014-08-15 22:44 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 05:19 - 2014-08-15 22:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 05:18 - 2014-08-15 22:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 05:17 - 2014-08-15 22:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 05:17 - 2014-08-15 22:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 05:12 - 2014-08-15 22:44 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 05:10 - 2014-08-15 22:44 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 05:10 - 2014-08-15 22:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 05:08 - 2014-08-15 22:44 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 05:06 - 2014-08-15 22:44 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 04:52 - 2014-08-15 22:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 04:47 - 2014-08-15 22:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 04:43 - 2014-08-15 22:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 04:42 - 2014-08-15 22:44 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 04:39 - 2014-08-15 22:44 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 04:39 - 2014-08-15 22:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 04:36 - 2014-08-15 22:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 04:34 - 2014-08-15 22:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 04:29 - 2014-08-15 22:44 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 04:23 - 2014-08-15 22:44 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 04:13 - 2014-08-15 22:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 04:07 - 2014-08-15 22:44 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 04:07 - 2014-08-15 22:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 04:03 - 2014-08-15 22:44 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 03:52 - 2014-08-15 22:44 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 03:26 - 2014-08-15 22:44 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 03:17 - 2014-08-15 22:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 03:09 - 2014-08-15 22:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 03:05 - 2014-08-15 22:44 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 03:00 - 2014-08-15 22:44 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 17:36 - 2014-05-31 22:18 - 00000087 _____ () C:\Users\Ray\AppData\default.pls
2014-07-21 17:06 - 2014-07-20 20:12 - 00000019 _____ () C:\END
2014-07-19 08:18 - 2014-07-19 08:17 - 00006718 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 15:58

==================== End Of Log ============================



#7 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 17 August 2014 - 02:09 PM

seems like the popup stopped and so far not going to a java page telling me to download



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:35 AM

Posted 17 August 2014 - 11:49 PM

Hi,

let's do a final check up:

Step 1
Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.
Step 2
Please download the eset.pngESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3
frst.pngfrstscan.png
Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste the log in your next reply.

Edited by deeprybka, 18 August 2014 - 12:18 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 19 August 2014 - 06:20 PM

# AdwCleaner v3.307 - Report created 19/08/2014 at 16:16:11
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ray - RAY-PC
# Running from : C:\Users\Ray\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\predm
File Deleted : C:\END

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-649636217
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\Tutorials

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default\prefs.js ]

Line Deleted : user_pref("extensions.4ILQd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [2040 octets] - [19/08/2014 16:12:04]
AdwCleaner[S0].txt - [1914 octets] - [19/08/2014 16:16:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1974 octets] ##########
 



#10 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 19 August 2014 - 08:01 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dfd8ee7d84f8054a9e3738da6f2b893e
# engine=19739
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-20 12:58:35
# local_time=2014-08-19 05:58:35 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 6236793 30526309 0 0
# scanned=135352
# found=14
# cleaned=0
# scan_time=5432
sh=C1531EB28936490DBB2D6851A50DFDE5FDE177D0 ft=1 fh=1b86bd35bdcb507a vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\Users\Ray\Documents\0 - setup.exe.back"
sh=5F533BB130395B5AE5357BBA43BE1A0757A4E892 ft=1 fh=bb1f3b8fc848c0d7 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Ray\Documents\Downloads\cnet2_fm_exe(1).exe"
sh=5F533BB130395B5AE5357BBA43BE1A0757A4E892 ft=1 fh=bb1f3b8fc848c0d7 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Ray\Documents\Downloads\cnet2_fm_exe.exe"
sh=A01361F36CC5CB265BAF44E2CD31BB03520024C6 ft=1 fh=7cac77fbbb2b129e vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Ray\Documents\Downloads\frostwire-5.0.8.windows.exe"
sh=CA5653424824A6C9437B6E8F76B453402E427F5F ft=1 fh=d10b7a04555ad0ad vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Ray\Documents\Downloads\frostwire-5.2.11.windows(1).exe"
sh=BD36C6A4B664FD83BDAE2A6CE586F6DE1890A984 ft=1 fh=b4cd4e0ce588020a vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Ray\Documents\Downloads\hardware-helper-1105.exe"
sh=1E7DBCE04E1C2546299A3B6BA72ABA2F254C44FF ft=1 fh=f746300853760cf2 vn="a variant of Win32/InstallCore.T potentially unwanted application" ac=I fn="C:\Users\Ray\Documents\Downloads\setup-converterlite-ic-1.4.0.exe"
sh=E6BDF445C3AD0CFE1C85C67E1C04557475DEAEE1 ft=1 fh=da08a10c4ddf797f vn="a variant of Win32/InstallCore.W potentially unwanted application" ac=I fn="C:\Users\Ray\Documents\Downloads\setup-converterlite-ic-1.5.0.exe"
sh=49113F82A4049A75B7CEA541EFCF6A17B3766974 ft=1 fh=64fdada71fec5c03 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="C:\Users\Ray\Documents\Downloads\setup.exe"
sh=0A26194258C4C8A86A3AD60901DA10174E097E09 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK trojan" ac=I fn="C:\Users\Ray\Documents\Downloads\SuperOneClickv2.3.1-ShortFuse.zip"
sh=985DD38DFE8FDD969227E05D017026F20C9FDFAA ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.AF potentially unsafe application" ac=I fn="C:\Users\Ray\Documents\Downloads\W200Mhz_Loader.rar"
sh=D198951586D43F35ECB4BFE82B373170D6005727 ft=0 fh=0000000000000000 vn="a variant of Win32/HotSpotShield potentially unwanted application" ac=I fn="C:\Users\Ray\Documents\Downloads\WiFi_Hack_AIO_2010.rar6146FE84"
sh=2D93CF548736BDFA31689B4C889B4BEF5080FB4F ft=1 fh=0938e7fc52d32f4c vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\Ray\Documents\Dropbox\asc4-setup-aff.exe"
sh=1DAD5571C55C639AC0BD64B1E2E0D2C3DD20FC6B ft=1 fh=034eef3f95e0475d vn="a variant of Win32/Packed.PESpin.A potentially unwanted application" ac=I fn="C:\Users\Ray\Downloads\CyberLink PowerDVD 14.0.4028.58 Ultra Multilingual + Keygen_ Activator\Activation\Activate.exe"
 



#11 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 19 August 2014 - 08:06 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Ray (administrator) on RAY-PC on 19-08-2014 18:05:21
Running from C:\Users\Ray\Desktop\New folder
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1391416 2013-06-21] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\Run: [EPSON NX125 NX127 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGA.EXE [224768 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3214889234-323691206-2033385329-1000\...\MountPoints2: {38ff4d20-e903-11e3-ad0a-806e6f6e6963} - D:\SETUP.EXE

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x951188ADF67ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {6816DDCE-7757-4691-A43C-89A1137C0445} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

FireFox:
========
FF ProfilePath: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default
FF Homepage: https://www.yahoo.com/
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\69hpmhv6.default\searchplugins\yahoo_ff.xml

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [42240 2013-07-31] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 16:12 - 2014-08-19 16:16 - 00000000 ____D () C:\AdwCleaner
2014-08-19 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-19 16:10 - 2014-08-19 16:10 - 02347384 _____ (ESET) C:\Users\Ray\Downloads\esetsmartinstaller_enu.exe
2014-08-19 16:09 - 2014-08-19 16:09 - 01361671 _____ () C:\Users\Ray\Downloads\AdwCleaner.exe
2014-08-19 16:09 - 2014-08-19 16:09 - 01361671 _____ () C:\Users\Ray\Desktop\AdwCleaner.exe
2014-08-17 11:58 - 2014-08-17 11:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-16 15:40 - 2014-08-19 18:05 - 00000000 ____D () C:\Users\Ray\Desktop\New folder
2014-08-16 15:38 - 2014-08-19 18:05 - 00000000 ____D () C:\FRST
2014-08-16 15:37 - 2014-08-16 15:37 - 02101760 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe
2014-08-16 07:13 - 2014-08-16 11:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-16 07:11 - 2014-08-16 11:41 - 00000000 ____D () C:\Users\Ray\Desktop\mbar
2014-08-16 03:01 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:01 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:01 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:01 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:01 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:01 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:00 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:00 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 22:44 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 22:44 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 22:44 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 22:44 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 22:44 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 22:44 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 22:44 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 22:44 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 22:44 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 22:44 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 22:44 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 22:44 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 22:44 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 22:44 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 22:44 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 22:44 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 22:44 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 22:44 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 22:44 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 22:44 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 22:44 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 22:44 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 22:44 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 22:44 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 22:44 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 22:44 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 22:44 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 22:44 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 22:44 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 22:44 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 22:44 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 22:44 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 22:44 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 22:44 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 22:44 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 22:44 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 22:44 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 22:44 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 22:44 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 22:44 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 22:44 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 22:44 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 22:44 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 22:44 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 22:44 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 22:44 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 22:44 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 22:44 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 22:44 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 22:44 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 22:44 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 22:44 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 22:44 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 22:44 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 22:44 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 22:44 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 22:44 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 22:44 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 22:44 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 22:44 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 22:44 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 22:44 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 22:44 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 22:44 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 22:44 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 22:44 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 22:44 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 22:44 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 22:43 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 22:43 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 22:43 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 22:43 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-14 19:25 - 2014-08-14 19:26 - 00000000 ____D () C:\Users\Ray\Downloads\Robin Williams - Live 2002 (Big Papi) Stand-Up Comedy Audio Explicit Lyrics
2014-08-10 09:57 - 2014-08-19 16:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 09:56 - 2014-08-16 07:12 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-10 09:56 - 2014-08-10 09:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 09:56 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-10 09:56 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-10 09:31 - 2014-08-10 09:30 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 09:30 - 2014-08-10 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 09:12 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 09:12 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 09:12 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 09:12 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 09:11 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 09:11 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 09:11 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 09:11 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 09:11 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 18:59 - 2014-08-01 12:13 - 00011432 _____ () C:\Users\Ray\Desktop\overseed cost.xlsx
2014-07-31 18:59 - 2014-07-31 18:59 - 00237568 _____ () C:\Users\Ray\Downloads\7-25-14 seed.xls
2014-07-31 18:58 - 2014-07-31 18:58 - 00011396 _____ () C:\Users\Ray\Downloads\overseed cost.xlsx
2014-07-30 16:45 - 2014-08-10 09:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 14:07 - 2014-07-26 14:07 - 00000000 _____ () C:\Users\Ray\Sti_Trace.log
2014-07-26 13:48 - 2014-07-26 13:48 - 00003136 _____ () C:\Windows\System32\Tasks\{BF426F6D-9977-4ADF-8BD7-4D713263CEF6}
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 09:49 - 2014-07-26 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 09:49 - 2014-07-26 09:49 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 09:49 - 2009-11-20 00:00 - 00464384 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2014-07-26 09:49 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2014-07-26 09:49 - 2009-05-01 00:00 - 00017408 _____ (SEIKO EPSON CORP.) C:\Windows\system32\esxcdev.dll
2014-07-26 09:42 - 2014-07-26 09:42 - 00003112 _____ () C:\Windows\System32\Tasks\{B051AAFA-AA0B-4F47-BF84-E6F774616016}
2014-07-26 09:33 - 2009-10-01 03:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGEA.DLL
2014-07-26 09:33 - 2008-11-12 03:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMGEA.DLL
2014-07-26 09:20 - 2014-07-26 09:20 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Epson
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\InstallShield
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-26 09:06 - 2009-08-20 01:00 - 00000119 _____ () C:\Windows\SysWOW64\epson.sep
2014-07-26 09:06 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2014-07-26 09:06 - 2006-10-31 00:10 - 00051360 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicMgr.dll
2014-07-26 09:06 - 2006-10-31 00:10 - 00000097 _____ () C:\Windows\SysWOW64\PICSDK.ini
2014-07-26 09:06 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2014-07-26 09:06 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2014-07-26 09:06 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2014-07-26 09:06 - 2004-03-03 06:10 - 00073220 _____ () C:\Windows\SysWOW64\EPPICPrinterDB.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00031053 _____ () C:\Windows\SysWOW64\EPPICPattern131.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00029114 _____ () C:\Windows\SysWOW64\EPPICPattern1.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00027417 _____ () C:\Windows\SysWOW64\EPPICPattern121.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00021021 _____ () C:\Windows\SysWOW64\EPPICPattern3.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00015670 _____ () C:\Windows\SysWOW64\EPPICPattern5.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00013280 _____ () C:\Windows\SysWOW64\EPPICPattern2.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00012669 _____ () C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00010673 _____ () C:\Windows\SysWOW64\EPPICPattern4.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00006478 _____ () C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006478 _____ () C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006366 _____ () C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006366 _____ () C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00006226 _____ () C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2014-07-26 09:06 - 2004-03-03 06:10 - 00004943 _____ () C:\Windows\SysWOW64\EPPICPattern6.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001140 _____ () C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001140 _____ () C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001137 _____ () C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001130 _____ () C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001130 _____ () C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2014-07-26 09:06 - 2004-03-03 06:10 - 00001104 _____ () C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2014-07-26 09:05 - 2014-07-26 09:52 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 09:05 - 2014-07-26 09:49 - 00000000 ____D () C:\ProgramData\EPSON
2014-07-26 09:05 - 2009-09-30 20:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGGA.DLL
2014-07-26 09:05 - 2008-11-11 20:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMGGA.DLL
2014-07-26 09:04 - 2014-07-26 09:04 - 00000051 _____ () C:\Windows\ENX125_127.ini
2014-07-26 09:00 - 2014-07-26 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 17:56 - 2014-08-04 18:12 - 00231936 _____ () C:\Users\Ray\Desktop\7-25-14 seed.xls
2014-07-25 17:55 - 2014-07-25 18:29 - 00033280 _____ () C:\Users\Ray\Desktop\4-25-14 FERTILIZER 21-0-0.xls
2014-07-25 16:13 - 2014-07-25 16:13 - 00973824 ____N () C:\Users\Ray\Desktop\WEEKLY TIMECARDS (2).xls
2014-07-25 16:12 - 2014-07-25 17:55 - 00197120 _____ () C:\Users\Ray\Desktop\Equipment List.xls
2014-07-20 20:12 - 2014-08-10 09:28 - 00000000 ____D () C:\Users\Ray\AppData\Local\Google

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 18:05 - 2014-08-16 15:40 - 00000000 ____D () C:\Users\Ray\Desktop\New folder
2014-08-19 18:05 - 2014-08-16 15:38 - 00000000 ____D () C:\FRST
2014-08-19 17:37 - 2014-06-07 16:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 17:08 - 2014-05-28 19:35 - 00000344 _____ () C:\Windows\lgfwup.ini
2014-08-19 17:08 - 2014-05-28 19:35 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-08-19 16:46 - 2014-08-10 09:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 16:24 - 2009-07-13 22:13 - 00781778 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 16:24 - 2009-07-13 21:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 16:24 - 2009-07-13 21:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 16:23 - 2014-05-28 20:18 - 00000000 _____ () C:\Windows\Path.idx
2014-08-19 16:21 - 2014-05-28 19:27 - 01698160 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 16:18 - 2014-05-28 20:13 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-08-19 16:17 - 2010-11-20 20:47 - 00121122 _____ () C:\Windows\PFRO.log
2014-08-19 16:17 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 16:17 - 2009-07-13 21:51 - 00028933 _____ () C:\Windows\setupact.log
2014-08-19 16:16 - 2014-08-19 16:12 - 00000000 ____D () C:\AdwCleaner
2014-08-19 16:10 - 2014-08-19 16:10 - 02347384 _____ (ESET) C:\Users\Ray\Downloads\esetsmartinstaller_enu.exe
2014-08-19 16:09 - 2014-08-19 16:09 - 01361671 _____ () C:\Users\Ray\Downloads\AdwCleaner.exe
2014-08-19 16:09 - 2014-08-19 16:09 - 01361671 _____ () C:\Users\Ray\Desktop\AdwCleaner.exe
2014-08-17 11:58 - 2014-08-17 11:58 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-17 11:56 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-17 11:48 - 2014-06-03 18:44 - 00002208 _____ () C:\Windows\MB.idx
2014-08-16 15:37 - 2014-08-16 15:37 - 02101760 _____ (Farbar) C:\Users\Ray\Downloads\FRST64.exe
2014-08-16 11:41 - 2014-08-16 07:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-16 11:41 - 2014-08-16 07:11 - 00000000 ____D () C:\Users\Ray\Desktop\mbar
2014-08-16 07:12 - 2014-08-10 09:56 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 04:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 03:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 03:08 - 2014-05-28 20:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 03:05 - 2014-07-13 14:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:04 - 2014-07-13 14:02 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:00 - 2014-05-29 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 20:26 - 2014-08-15 20:26 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-15 20:26 - 2014-06-07 16:45 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 20:26 - 2014-06-07 16:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-15 20:26 - 2014-05-31 17:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 19:54 - 2014-05-29 20:33 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\uTorrent
2014-08-14 19:26 - 2014-08-14 19:25 - 00000000 ____D () C:\Users\Ray\Downloads\Robin Williams - Live 2002 (Big Papi) Stand-Up Comedy Audio Explicit Lyrics
2014-08-10 09:56 - 2014-08-10 09:56 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 09:56 - 2014-08-10 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-10 09:54 - 2014-07-30 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 09:36 - 2014-05-29 20:35 - 00000827 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-08-10 09:33 - 2014-07-19 08:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-10 09:32 - 2014-05-28 21:35 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 09:32 - 2014-05-28 21:35 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 09:32 - 2014-05-28 19:28 - 00001413 _____ () C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-10 09:30 - 2014-08-10 09:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-10 09:30 - 2014-08-10 09:30 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-10 09:30 - 2014-08-10 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 09:30 - 2014-05-28 20:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-10 09:28 - 2014-07-20 20:12 - 00000000 ____D () C:\Users\Ray\AppData\Local\Google
2014-08-10 09:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-08-10 08:44 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-09 17:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Web
2014-08-06 19:06 - 2014-08-15 22:43 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-15 22:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 18:12 - 2014-07-25 17:56 - 00231936 _____ () C:\Users\Ray\Desktop\7-25-14 seed.xls
2014-08-04 16:30 - 2014-05-28 21:57 - 00000000 ____D () C:\Users\Ray\Documents\Outlook Files
2014-08-04 16:27 - 2014-05-28 21:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 12:13 - 2014-07-31 18:59 - 00011432 _____ () C:\Users\Ray\Desktop\overseed cost.xlsx
2014-07-31 18:59 - 2014-07-31 18:59 - 00237568 _____ () C:\Users\Ray\Downloads\7-25-14 seed.xls
2014-07-31 18:58 - 2014-07-31 18:58 - 00011396 _____ () C:\Users\Ray\Downloads\overseed cost.xlsx
2014-07-31 16:41 - 2014-08-15 22:44 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 16:16 - 2014-08-15 22:44 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-26 14:07 - 2014-07-26 14:07 - 00000000 _____ () C:\Users\Ray\Sti_Trace.log
2014-07-26 14:07 - 2014-05-28 19:27 - 00000000 ____D () C:\Users\Ray
2014-07-26 14:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Vss
2014-07-26 13:48 - 2014-07-26 13:48 - 00003136 _____ () C:\Windows\System32\Tasks\{BF426F6D-9977-4ADF-8BD7-4D713263CEF6}
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-07-26 09:52 - 2014-07-26 09:52 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-07-26 09:52 - 2014-07-26 09:05 - 00000000 ____D () C:\Program Files (x86)\epson
2014-07-26 09:52 - 2014-05-28 19:31 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-26 09:51 - 2014-07-26 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-07-26 09:49 - 2014-07-26 09:49 - 00000930 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk
2014-07-26 09:49 - 2014-07-26 09:05 - 00000000 ____D () C:\ProgramData\EPSON
2014-07-26 09:42 - 2014-07-26 09:42 - 00003112 _____ () C:\Windows\System32\Tasks\{B051AAFA-AA0B-4F47-BF84-E6F774616016}
2014-07-26 09:20 - 2014-07-26 09:20 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\Epson
2014-07-26 09:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-07-26 09:17 - 2014-05-31 20:13 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\rmi
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Users\Ray\AppData\Roaming\InstallShield
2014-07-26 09:06 - 2014-07-26 09:06 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-07-26 09:04 - 2014-07-26 09:04 - 00000051 _____ () C:\Windows\ENX125_127.ini
2014-07-26 09:00 - 2014-07-26 09:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-25 18:29 - 2014-07-25 17:55 - 00033280 _____ () C:\Users\Ray\Desktop\4-25-14 FERTILIZER 21-0-0.xls
2014-07-25 17:55 - 2014-07-25 16:12 - 00197120 _____ () C:\Users\Ray\Desktop\Equipment List.xls
2014-07-25 16:13 - 2014-07-25 16:13 - 00973824 ____N () C:\Users\Ray\Desktop\WEEKLY TIMECARDS (2).xls
2014-07-25 07:52 - 2014-08-15 22:44 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 07:02 - 2014-08-15 22:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 07:01 - 2014-08-15 22:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 06:51 - 2014-08-15 22:44 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 06:30 - 2014-08-15 22:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 06:28 - 2014-08-15 22:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 06:28 - 2014-08-15 22:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 06:25 - 2014-08-15 22:44 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 06:25 - 2014-08-15 22:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 06:11 - 2014-08-15 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 06:10 - 2014-08-15 22:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 06:04 - 2014-08-15 22:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 06:03 - 2014-08-15 22:44 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 06:00 - 2014-08-15 22:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 06:00 - 2014-08-15 22:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 05:59 - 2014-08-15 22:44 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 05:47 - 2014-08-15 22:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 05:40 - 2014-08-15 22:44 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 05:34 - 2014-08-15 22:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 05:34 - 2014-08-15 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 05:33 - 2014-08-15 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 05:30 - 2014-08-15 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 05:28 - 2014-08-15 22:44 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 05:28 - 2014-08-15 22:44 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 05:21 - 2014-08-15 22:44 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 05:19 - 2014-08-15 22:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 05:18 - 2014-08-15 22:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 05:17 - 2014-08-15 22:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 05:17 - 2014-08-15 22:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 05:12 - 2014-08-15 22:44 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 05:10 - 2014-08-15 22:44 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 05:10 - 2014-08-15 22:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 05:08 - 2014-08-15 22:44 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 05:06 - 2014-08-15 22:44 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 04:52 - 2014-08-15 22:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 04:47 - 2014-08-15 22:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 04:43 - 2014-08-15 22:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 04:42 - 2014-08-15 22:44 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 04:39 - 2014-08-15 22:44 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 04:39 - 2014-08-15 22:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 04:36 - 2014-08-15 22:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 04:34 - 2014-08-15 22:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 04:29 - 2014-08-15 22:44 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 04:23 - 2014-08-15 22:44 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 04:13 - 2014-08-15 22:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 04:07 - 2014-08-15 22:44 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 04:07 - 2014-08-15 22:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 04:03 - 2014-08-15 22:44 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 03:52 - 2014-08-15 22:44 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 03:26 - 2014-08-15 22:44 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 03:17 - 2014-08-15 22:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 03:09 - 2014-08-15 22:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 03:05 - 2014-08-15 22:44 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 03:00 - 2014-08-15 22:44 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-23 17:36 - 2014-05-31 22:18 - 00000087 _____ () C:\Users\Ray\AppData\default.pls

Some content of TEMP:
====================
C:\Users\Ray\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 15:58

==================== End Of Log ============================



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:35 AM

Posted 20 August 2014 - 12:22 PM

Hi,

this is looking good. No more active malware or adware has been found. icon_thumb.gif

That's it! abklatsch.gif
Your logs look clean to me at the moment. But...
 
C:\Users\Ray\Downloads\CyberLink PowerDVD 14.0.4028.58 Ultra Multilingual + Keygen_ Activator\Activation\Activate.exe
...the practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/ When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.




Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:



Adobe Reader X


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 20 August 2014 - 07:25 PM

thank you



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:35 AM

Posted 20 August 2014 - 11:57 PM

You are more than welcome!
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:35 AM

Posted 24 August 2014 - 02:05 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users