Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Check Your Proxy Setting 127.0.0.1:8800 after PastaLeads removed on Windows 8.1


  • This topic is locked This topic is locked
25 replies to this topic

#1 slucente

slucente

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 14 September 2014 - 09:49 PM

I recently found the PastaLeads PastaQuote adware on my Windows 8 Dell computer.  After following the BleepingComputer "Remove the PastaLeads and PastaQuotes Adware" article, I feel that it was removed.  But now the Windows 8.1 PC is unable to surf the web due to the unchangeable Proxy Server settings.  The message when using IE or Chrome is to check your proxy setting 127.0.0.1:8800.  The Internet Options Connection settings are incorrectly set to use a proxy server.  But changing them to not use a proxy server always gets reverted back.

Before going though a full rebuild of the PC, I wanted to explore the experts here.

I have tried many BleepingComputer utilities with no luck.  Any help is much appreciated.

Thanks -Sam



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 15 September 2014 - 06:26 AM

Hello Sam,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 slucente

slucente
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 15 September 2014 - 08:45 AM

Thanks for getting back to me so quickly. Below are the FRST and Addition txt logs back to back as requested. -Sam Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by Tower (administrator) on ACCOUNTINGPC on 15-09-2014 08:37:19 Running from C:\Users\Tower\Downloads\PastaLeads Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.5.0.19\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine\2014.7.6.15\nst.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine\2014.7.6.15\nst.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.5.0.19\nav.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Wyse Technology Inc.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe () C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe () C:\Program Files (x86)\DELL\Dell KM713 Wireless Keyboard software\CDCtr.exe (Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe (Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548624 2012-07-01] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-08-08] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-08-08] (Qualcomm Atheros Commnucations) HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [DELLOSD] => C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2011-08-26] () HKLM-x32\...\Run: [CDCtr] => C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard software\CDCtr.exe [412672 2011-10-07] () HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4867544 2014-09-13] (Emsisoft GmbH) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\PCANotify-x32: PCANotify.dll [X] HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-3272826584-1123945588-1435745448-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-3272826584-1123945588-1435745448-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) Startup: C:\Users\Tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File BootExecute: autocheck autochk * sh4native Sh4Removal GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) SearchScopes: HKLM - DefaultScope {B0FAE1B4-C09C-46C7-80AA-080F967ADD45} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtB0AtDtC0E0CzzzztAzytDtN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCyDtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtCyC0ByCtD0AtGtBtAyDyCtG0E0CyC0DtGtBzztC0CtGyD0DyDyDyByCyCtDyEyDzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0DtA0A0ByB0BtGzyyC0FtBtGyEyE0AyBtG0B0E0D0DtG0BzztB0AtAtD0FyCtB0A0CtB2Q&cr=1688469048&ir= SearchScopes: HKLM - {B0FAE1B4-C09C-46C7-80AA-080F967ADD45} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtB0AtDtC0E0CzzzztAzytDtN0D0Tzu0SzyyCyEtN1L2XzutAtFtDtFtCyDtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtCyC0ByCtD0AtGtBtAyDyCtG0E0CyC0DtGtBzztC0CtGyD0DyDyDyByCyCtDyEyDzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtA0DtA0A0ByB0BtGzyyC0FtBtGyEyE0AyBtG0B0E0D0DtG0BzztB0AtAtD0FyCtB0A0CtB2Q&cr=1688469048&ir= SearchScopes: HKLM-x32 - DefaultScope {B0FAE1B4-C09C-46C7-80AA-080F967ADD45} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm011^YYA^us&si=maps4pcIEboth&ptb=107486CD-C4C6-41F3-BE88-F05012084E8B&ind=2013072613&n=77fd0ce5&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM-x32 - {B0FAE1B4-C09C-46C7-80AA-080F967ADD45} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine64\2014.7.6.15\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine\2014.7.6.15\coIEPlg.dll (Symantec Corporation) Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 66.151.16.30 64.94.33.1 FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn [2014-09-15] Chrome: ======= CHR HomePage: Default -> 9FE134E9AA6D445E475036393681CF9BEF19B93229267178FFA34A180B3BF7F3 CHR DefaultSearchKeyword: Default -> CB4807F0B0AE06A36D304DEC04C0147E9F7AE2047041B51A8F540D8598503073 CHR DefaultSearchProvider: Default -> 00BF8D38440D34AFAA472635D874217FFE57F112A92649E707848339009D7F3B CHR DefaultSearchURL: Default -> 9E5314B6A1F60799E122B144560DE12882F4127EF38692FD96BFF9E49E374A34 CHR Profile: C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-11] CHR Extension: (Google Docs) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-11] CHR Extension: (Google Drive) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-11] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-11] CHR Extension: (YouTube) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-11] CHR Extension: (Google Search) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-11] CHR Extension: (Google Sheets) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-11] CHR Extension: (Norton Identity Safe) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-11] CHR Extension: (Google Wallet) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-11] CHR Extension: (Norton Security Toolbar) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-09-11] CHR Extension: (Gmail) - C:\Users\Tower\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-11] CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine\2014.7.6.15\Exts\Chrome.crx [2014-08-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-13] (Emsisoft GmbH) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation) R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [122880 2012-07-12] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.5.0.19\NAV.exe [262968 2014-07-31] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [130104 2014-07-31] (Symantec Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) S2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.) [File not signed] R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-22] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-22] (Intuit Inc.) [File not signed] R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe [679936 2012-12-22] (Intuit, Inc.) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation) R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-01-22] (RealVNC Ltd) R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed] R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed] R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.2.0.38\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-08] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1505000.013\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07060.00F\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation) S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] () R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] () R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33128 2012-06-07] (Fintek) R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.2.0.38\Definitions\IPSDefs\20140912.001\IDSvia64.sys [633560 2014-09-02] (Symantec Corporation) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20140913.021\ENG64.SYS [129752 2014-08-27] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\NortonData\21.2.0.38\Definitions\VirusDefs\20140913.021\EX64.SYS [2137304 2014-08-27] (Symantec Corporation) S3 NWUSBModem_001; C:\Windows\system32\DRIVERS\nwusbmdm_001.sys [217856 2012-08-07] (Novatel Wireless Inc.) S3 NWUSBPort2_001; C:\Windows\system32\DRIVERS\nwusbser2_001.sys [217856 2012-08-07] (Novatel Wireless Inc.) S3 NWUSBPort_001; C:\Windows\system32\DRIVERS\nwusbser_001.sys [217856 2012-08-07] (Novatel Wireless Inc.) S3 nwvzwmbnet_001; C:\Windows\system32\DRIVERS\nwvzwmbnet_001.sys [334848 2012-08-07] (Novatel Wireless Inc.) R1 SRTSP; C:\Windows\System32\Drivers\NAVx64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1505000.013\SymELAM.sys [23568 2013-10-30] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-08] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 08:32 - 2014-09-15 08:32 - 00000000 ___RD () C:\Users\Tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-09-15 07:33 - 2014-09-15 07:33 - 00000000 ____D () C:\Users\Tower\Desktop\KW TT CH12HO884 09 09 14 2014-09-13 22:48 - 2014-09-13 22:48 - 00002181 _____ () C:\Users\Tower\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2014-09-13 22:48 - 2014-09-13 22:48 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-ACCOUNTINGPC-Microsoft-Windows-8.1-(64-bit).dat 2014-09-13 22:48 - 2014-09-13 22:48 - 00000000 ____D () C:\RegBackup 2014-09-13 22:47 - 2014-09-13 22:47 - 00000000 ____D () C:\Users\Tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-09-13 22:47 - 2014-09-13 22:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2014-09-13 22:13 - 2014-09-15 08:37 - 00000000 ____D () C:\FRST 2014-09-13 21:31 - 2014-09-13 21:31 - 00036456 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-09-13 21:31 - 2014-09-13 21:31 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-13 19:45 - 2014-09-13 19:45 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-13 18:18 - 2014-09-15 08:32 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-09-13 18:18 - 2014-09-13 18:18 - 00001109 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-09-13 18:18 - 2014-09-13 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-09-13 18:10 - 2014-09-13 18:11 - 00000000 ____D () C:\Program Files\HijackThis 2014-09-13 17:45 - 2014-09-15 08:37 - 00000000 ____D () C:\Users\Tower\Downloads\PastaLeads 2014-09-13 17:45 - 2014-09-13 21:51 - 00002702 _____ () C:\Users\Tower\Desktop\Rkill.txt 2014-09-11 14:01 - 2014-09-11 14:04 - 00336927 _____ () C:\spyhunter.fix 2014-09-11 14:01 - 2010-08-05 17:01 - 00014680 _____ () C:\WINDOWS\system32\sh4native.exe 2014-09-11 12:02 - 2014-09-11 12:02 - 00000000 _____ () C:\autoexec.bat 2014-09-11 12:01 - 2014-09-11 12:01 - 00002276 _____ () C:\Users\Tower\Desktop\SpyHunter.lnk 2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\Users\Tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\sh4ldr 2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-11 12:00 - 2014-09-11 12:01 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-11 11:43 - 2014-09-15 08:32 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-11 11:43 - 2014-09-11 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-11 11:29 - 2014-09-02 15:06 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-09-11 11:29 - 2014-09-02 15:06 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-11 11:19 - 2014-08-15 21:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-09-11 11:19 - 2014-08-15 21:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-09-11 11:19 - 2014-08-15 21:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-09-11 11:19 - 2014-08-15 21:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-09-11 11:19 - 2014-08-15 20:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-09-11 11:19 - 2014-08-15 20:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-09-11 11:19 - 2014-08-15 20:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-09-11 11:19 - 2014-08-15 20:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-09-11 11:19 - 2014-08-15 20:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-09-11 11:19 - 2014-08-15 20:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2014-09-11 11:19 - 2014-08-15 20:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-09-11 11:19 - 2014-08-15 20:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-09-11 11:19 - 2014-08-15 20:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-09-11 11:19 - 2014-08-15 20:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-09-11 11:19 - 2014-08-15 20:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-09-11 11:19 - 2014-08-15 20:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-09-11 11:19 - 2014-08-15 20:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-09-11 11:19 - 2014-08-15 20:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-09-11 11:19 - 2014-08-15 20:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-09-11 11:19 - 2014-08-15 20:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-09-11 11:19 - 2014-08-15 20:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-09-11 11:19 - 2014-08-15 19:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 11:19 - 2014-08-15 19:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-09-11 11:19 - 2014-08-15 19:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-09-11 11:19 - 2014-08-15 19:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-09-11 11:19 - 2014-08-15 19:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-09-11 11:19 - 2014-08-15 19:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-09-11 11:19 - 2014-08-15 19:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-09-11 11:19 - 2014-08-15 19:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-09-11 11:19 - 2014-08-15 19:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-09-11 11:19 - 2014-08-15 19:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-09-11 11:19 - 2014-08-15 19:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-09-11 11:19 - 2014-08-15 19:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-09-11 11:19 - 2014-08-15 19:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-09-11 11:19 - 2014-08-15 19:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-09-11 11:15 - 2014-07-24 10:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-09-11 11:15 - 2014-07-24 10:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2014-09-11 11:15 - 2014-07-24 10:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2014-09-11 11:15 - 2014-07-24 10:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2014-09-11 11:15 - 2014-07-24 10:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2014-09-11 11:15 - 2014-07-24 10:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-09-11 11:15 - 2014-07-24 10:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2014-09-11 11:15 - 2014-07-24 10:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll 2014-09-11 11:15 - 2014-07-24 10:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-09-11 11:15 - 2014-07-24 10:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2014-09-11 11:15 - 2014-07-24 10:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2014-09-11 11:15 - 2014-07-24 10:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL 2014-09-11 11:15 - 2014-07-24 10:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe 2014-09-11 11:15 - 2014-07-24 10:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-09-11 11:15 - 2014-07-24 10:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2014-09-11 11:15 - 2014-07-24 10:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2014-09-11 11:15 - 2014-07-24 10:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2014-09-11 11:15 - 2014-07-24 10:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2014-09-11 11:15 - 2014-07-24 10:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2014-09-11 11:15 - 2014-07-24 10:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-09-11 11:15 - 2014-07-24 10:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2014-09-11 11:15 - 2014-07-24 10:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2014-09-11 11:15 - 2014-07-24 10:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2014-09-11 11:15 - 2014-07-24 10:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2014-09-11 11:15 - 2014-07-24 10:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll 2014-09-11 11:15 - 2014-07-24 09:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-09-11 11:15 - 2014-07-24 09:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2014-09-11 11:15 - 2014-07-24 08:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll 2014-09-11 11:15 - 2014-07-24 08:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL 2014-09-11 11:15 - 2014-07-24 08:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe 2014-09-11 11:15 - 2014-07-24 08:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-09-11 11:15 - 2014-07-24 08:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2014-09-11 11:15 - 2014-07-24 08:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-09-11 11:15 - 2014-07-24 08:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2014-09-11 11:15 - 2014-07-24 08:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2014-09-11 11:15 - 2014-07-24 08:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2014-09-11 11:15 - 2014-07-24 08:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll 2014-09-11 11:15 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL 2014-09-11 11:15 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL 2014-09-11 11:15 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL 2014-09-11 11:15 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL 2014-09-11 11:15 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL 2014-09-11 11:15 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL 2014-09-11 11:15 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL 2014-09-11 11:15 - 2014-07-24 06:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2014-09-11 11:15 - 2014-07-24 06:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys 2014-09-11 11:15 - 2014-07-24 06:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2014-09-11 11:15 - 2014-07-24 06:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-09-11 11:15 - 2014-07-24 06:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2014-09-11 11:15 - 2014-07-24 06:42 - 01200640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2014-09-11 11:15 - 2014-07-24 06:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2014-09-11 11:15 - 2014-07-24 06:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys 2014-09-11 11:15 - 2014-07-24 06:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2014-09-11 11:15 - 2014-07-24 06:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys 2014-09-11 11:15 - 2014-07-24 06:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-09-11 11:15 - 2014-07-24 06:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2014-09-11 11:15 - 2014-07-24 06:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2014-09-11 11:15 - 2014-07-24 06:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll 2014-09-11 11:15 - 2014-07-24 06:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll 2014-09-11 11:15 - 2014-07-24 06:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll 2014-09-11 11:15 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL 2014-09-11 11:15 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL 2014-09-11 11:15 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL 2014-09-11 11:15 - 2014-07-24 05:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL 2014-09-11 11:15 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL 2014-09-11 11:15 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL 2014-09-11 11:15 - 2014-07-24 05:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL 2014-09-11 11:15 - 2014-07-24 05:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll 2014-09-11 11:15 - 2014-07-24 05:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-09-11 11:15 - 2014-07-24 05:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl 2014-09-11 11:15 - 2014-07-24 05:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2014-09-11 11:15 - 2014-07-24 05:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll 2014-09-11 11:15 - 2014-07-24 05:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll 2014-09-11 11:15 - 2014-07-24 05:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2014-09-11 11:15 - 2014-07-24 05:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-09-11 11:15 - 2014-07-24 05:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll 2014-09-11 11:15 - 2014-07-24 05:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll 2014-09-11 11:15 - 2014-07-24 05:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-09-11 11:15 - 2014-07-24 05:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2014-09-11 11:15 - 2014-07-24 05:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll 2014-09-11 11:15 - 2014-07-24 04:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll 2014-09-11 11:15 - 2014-07-24 04:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2014-09-11 11:15 - 2014-07-24 04:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-09-11 11:15 - 2014-07-24 04:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl 2014-09-11 11:15 - 2014-07-24 04:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll 2014-09-11 11:15 - 2014-07-24 04:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll 2014-09-11 11:15 - 2014-07-24 04:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2014-09-11 11:15 - 2014-07-24 04:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll 2014-09-11 11:15 - 2014-07-24 04:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-09-11 11:15 - 2014-07-24 04:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-09-11 11:15 - 2014-07-24 04:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll 2014-09-11 11:15 - 2014-07-24 04:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2014-09-11 11:15 - 2014-07-24 04:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2014-09-11 11:15 - 2014-07-24 04:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll 2014-09-11 11:15 - 2014-07-24 04:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2014-09-11 11:15 - 2014-07-24 04:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-09-11 11:15 - 2014-07-24 04:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2014-09-11 11:15 - 2014-07-24 04:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll 2014-09-11 11:15 - 2014-07-24 04:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll 2014-09-11 11:15 - 2014-07-24 04:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe 2014-09-11 11:15 - 2014-07-24 04:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2014-09-11 11:15 - 2014-07-24 04:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2014-09-11 11:15 - 2014-07-24 04:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2014-09-11 11:15 - 2014-07-24 04:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll 2014-09-11 11:15 - 2014-07-24 04:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe 2014-09-11 11:15 - 2014-07-24 04:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2014-09-11 11:15 - 2014-07-24 04:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2014-09-11 11:15 - 2014-07-24 03:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2014-09-11 11:15 - 2014-07-24 03:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2014-09-11 11:15 - 2014-07-24 03:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll 2014-09-11 11:15 - 2014-07-24 03:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2014-09-11 11:15 - 2014-07-24 03:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2014-09-11 11:15 - 2014-07-24 03:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2014-09-11 11:15 - 2014-07-24 03:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2014-09-11 11:15 - 2014-07-24 03:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2014-09-11 11:15 - 2014-07-24 03:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2014-09-11 11:15 - 2014-07-24 03:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2014-09-11 11:15 - 2014-07-24 03:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2014-09-11 11:15 - 2014-07-24 03:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2014-09-11 11:15 - 2014-07-24 03:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2014-09-11 11:15 - 2014-07-24 03:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-09-11 11:15 - 2014-07-24 03:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2014-09-11 11:15 - 2014-07-24 03:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2014-09-11 11:15 - 2014-07-24 03:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2014-09-11 11:15 - 2014-07-24 03:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2014-09-11 11:15 - 2014-07-24 03:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-09-11 11:15 - 2014-07-24 03:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2014-09-11 11:15 - 2014-07-24 03:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2014-09-11 11:15 - 2014-07-24 03:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2014-09-11 11:15 - 2014-07-24 03:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2014-09-11 11:15 - 2014-07-24 03:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2014-09-11 11:15 - 2014-07-24 03:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-09-11 11:15 - 2014-07-24 03:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2014-09-11 11:15 - 2014-07-24 03:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2014-09-11 11:15 - 2014-07-24 03:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-09-11 11:15 - 2014-07-24 03:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll 2014-09-11 11:15 - 2014-07-24 03:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2014-09-11 11:15 - 2014-07-24 03:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-09-11 11:15 - 2014-07-24 03:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2014-09-11 11:15 - 2014-07-24 03:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2014-09-11 11:15 - 2014-07-24 03:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll 2014-09-11 11:15 - 2014-07-24 03:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-09-11 11:15 - 2014-07-24 03:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-09-11 11:15 - 2014-07-24 03:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2014-09-11 11:15 - 2014-07-24 03:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2014-09-11 11:15 - 2014-07-24 03:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2014-09-11 11:15 - 2014-07-24 03:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2014-09-11 11:15 - 2014-07-24 03:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2014-09-11 11:15 - 2014-07-24 03:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-09-11 11:15 - 2014-07-24 03:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-09-11 11:15 - 2014-07-24 03:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll 2014-09-11 11:15 - 2014-07-24 03:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-09-11 11:15 - 2014-07-24 03:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-09-11 11:15 - 2014-07-24 03:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-09-11 11:15 - 2014-07-24 03:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll 2014-09-11 11:15 - 2014-07-24 03:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-09-11 11:15 - 2014-07-24 03:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2014-09-11 11:15 - 2014-07-24 02:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2014-09-11 11:15 - 2014-07-24 02:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2014-09-11 11:15 - 2014-07-24 02:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll 2014-09-11 11:15 - 2014-07-24 02:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll 2014-09-11 11:15 - 2014-07-24 02:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-09-11 11:15 - 2014-07-24 02:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2014-09-11 11:15 - 2014-07-24 02:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2014-09-11 11:15 - 2014-07-24 02:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-09-11 11:15 - 2014-07-24 02:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll 2014-09-11 11:15 - 2014-07-24 02:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-09-11 11:15 - 2014-07-24 02:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-09-11 11:15 - 2014-07-24 02:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2014-09-11 11:15 - 2014-07-24 02:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2014-09-11 11:15 - 2014-07-24 02:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-09-11 11:15 - 2014-07-24 02:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-09-11 11:15 - 2014-07-24 02:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-09-11 11:15 - 2014-07-24 02:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-09-11 11:15 - 2014-07-24 02:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-09-11 11:15 - 2014-07-24 02:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2014-09-11 11:15 - 2014-07-23 23:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls 2014-09-11 11:15 - 2014-07-23 23:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls 2014-09-11 11:15 - 2014-07-12 00:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll 2014-09-11 11:15 - 2014-07-12 00:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-09-11 11:15 - 2014-07-11 23:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll 2014-09-11 11:15 - 2014-07-11 23:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-09-11 11:15 - 2014-07-11 23:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-09-11 11:15 - 2014-07-09 18:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-09-11 11:15 - 2014-07-04 07:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2014-09-11 11:15 - 2014-07-04 05:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll 2014-09-11 11:15 - 2014-07-04 05:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2014-09-11 11:15 - 2014-07-04 05:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll 2014-09-11 11:15 - 2014-07-04 05:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2014-09-11 11:15 - 2014-07-04 04:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2014-09-11 11:15 - 2014-07-04 04:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2014-09-11 11:15 - 2014-06-27 01:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2014-09-11 11:15 - 2014-06-25 19:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2014-09-11 11:15 - 2014-06-25 19:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2014-09-11 11:15 - 2014-06-19 18:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2014-09-11 11:15 - 2014-06-18 21:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2014-09-11 11:15 - 2014-06-14 01:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2014-09-11 11:15 - 2014-06-14 00:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2014-09-11 11:15 - 2014-06-07 07:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2014-09-11 11:15 - 2014-06-07 05:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2014-09-11 11:15 - 2014-06-05 09:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2014-09-11 11:15 - 2014-06-05 05:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2014-09-11 11:15 - 2014-06-05 04:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2014-09-11 11:15 - 2014-05-31 00:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2014-09-11 11:15 - 2014-05-30 23:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll 2014-09-11 11:15 - 2014-05-29 01:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2014-09-11 11:15 - 2014-05-29 00:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2014-09-11 11:15 - 2014-05-29 00:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2014-09-11 11:15 - 2014-05-28 23:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2014-09-11 11:15 - 2014-05-26 02:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2014-09-11 11:15 - 2014-05-10 05:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2014-09-11 11:15 - 2014-05-10 03:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2014-09-11 11:15 - 2014-05-05 23:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll 2014-09-11 11:15 - 2014-05-05 19:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll 2014-09-11 11:15 - 2014-03-24 21:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll 2014-09-11 11:15 - 2014-03-24 21:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll 2014-09-11 11:15 - 2014-03-24 20:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll 2014-09-11 11:15 - 2014-03-24 20:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll 2014-09-11 11:12 - 2014-08-23 02:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2014-09-11 11:12 - 2014-08-23 02:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2014-09-11 11:12 - 2014-08-23 01:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-09-11 11:12 - 2014-08-23 00:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-09-11 11:12 - 2014-08-22 23:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-09-11 11:12 - 2014-08-22 23:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-09-11 11:12 - 2014-08-22 23:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-09-11 11:12 - 2014-08-22 23:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-09-11 11:12 - 2014-08-22 23:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-09-11 11:12 - 2014-07-29 20:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2014-09-11 11:12 - 2014-07-29 00:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll 2014-09-11 11:10 - 2014-08-14 19:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys 2014-09-11 06:48 - 2014-09-04 21:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-09-11 06:48 - 2014-09-04 21:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-09-11 06:48 - 2014-09-04 19:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-09-11 06:46 - 2014-08-01 19:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2014-09-11 06:44 - 2014-07-23 22:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2014-09-11 06:44 - 2014-07-23 22:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2014-09-10 12:52 - 2014-09-10 12:52 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-09-10 12:48 - 2014-09-10 12:48 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList 2014-09-10 12:48 - 2014-09-10 12:48 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList 2014-09-10 12:48 - 2014-09-10 12:48 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia 2014-09-10 07:59 - 2014-09-12 13:37 - 00000000 ____D () C:\Users\Tower\Desktop\New folder 2014-09-05 10:12 - 2014-09-05 10:13 - 00000000 ____D () C:\Users\Tower\Documents\Vendor Misc W9 Credit Aps 2014-09-05 09:51 - 2014-02-04 09:17 - 00022401 _____ () C:\Users\Tower\Desktop\CC Detail.xlsx 2014-09-05 07:42 - 2014-09-05 09:27 - 00000000 ____D () C:\Users\Tower\Desktop\WPVS TV 29 bid pics 2014-09-05 07:31 - 2014-09-05 07:31 - 00895120 _____ (Google Inc.) C:\Users\Tower\Downloads\ChromeSetup.exe 2014-09-04 13:02 - 2014-09-04 13:04 - 00000000 ___RD () C:\Users\Tower\Desktop\Security 2014-09-04 07:36 - 2014-09-04 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-09-04 07:35 - 2014-09-15 08:32 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-09-04 07:35 - 2014-09-04 07:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-08-28 06:45 - 2014-08-22 19:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-08-21 15:05 - 2014-08-21 15:05 - 00000045 _____ () C:\Users\Tower\AppData\Roaming\WB.CFG 2014-08-21 14:04 - 2014-08-21 14:04 - 00000000 _____ () C:\nsq783B.tmp 2014-08-21 14:04 - 2014-08-21 14:04 - 00000000 _____ () C:\nsl781B.tmp 2014-08-21 13:32 - 2014-08-21 13:32 - 00000000 ____D () C:\Users\Tower\Documents\Credit Aps 2014-08-20 12:56 - 2014-08-20 12:56 - 00000000 _____ () C:\Users\Tower\Downloads\Java.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 08:37 - 2014-09-13 22:13 - 00000000 ____D () C:\FRST 2014-09-15 08:37 - 2014-09-13 17:45 - 00000000 ____D () C:\Users\Tower\Downloads\PastaLeads 2014-09-15 08:37 - 2013-03-13 09:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3272826584-1123945588-1435745448-1001 2014-09-15 08:36 - 2013-03-15 13:10 - 00000000 ____D () C:\Users\Tower\AppData\Local\CrashDumps 2014-09-15 08:34 - 2013-11-14 02:28 - 00885800 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-09-15 08:33 - 2014-07-07 13:23 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-15 08:33 - 2014-02-11 16:23 - 00004990 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ACCOUNTINGPC-Tower AccountingPC 2014-09-15 08:32 - 2014-09-15 08:32 - 00000000 ___RD () C:\Users\Tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-09-15 08:32 - 2014-09-13 18:18 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-09-15 08:32 - 2014-09-11 11:43 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-15 08:32 - 2014-09-04 07:35 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-09-15 08:32 - 2013-12-03 12:14 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-15 08:31 - 2014-01-14 09:48 - 00000000 __RDO () C:\Users\Tower\SkyDrive 2014-09-15 08:30 - 2013-02-23 16:07 - 00000000 ____D () C:\Temp 2014-09-15 08:29 - 2013-11-14 02:20 - 00165100 _____ () C:\WINDOWS\PFRO.log 2014-09-15 08:29 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-15 08:28 - 2014-01-14 09:26 - 00000000 ____D () C:\Users\Tower 2014-09-15 08:28 - 2013-12-02 16:55 - 00000000 ____D () C:\Users\Tower\Documents\Outlook Files 2014-09-15 08:28 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-09-15 08:15 - 2014-01-14 09:40 - 01752243 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-15 08:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-09-15 07:46 - 2013-12-03 12:14 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-15 07:33 - 2014-09-15 07:33 - 00000000 ____D () C:\Users\Tower\Desktop\KW TT CH12HO884 09 09 14 2014-09-15 07:06 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-09-15 06:57 - 2014-01-14 09:26 - 00000000 ____D () C:\Users\QBDataServiceUser23 2014-09-15 06:53 - 2013-08-22 09:44 - 00399040 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-09-15 04:52 - 2014-01-14 09:49 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7FCFE2D9-BC8A-4C4A-9799-E757BC4F880E} 2014-09-13 23:19 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-09-13 23:09 - 2013-04-07 12:13 - 00718848 ___SH () C:\Users\Tower\Desktop\Thumbs.db 2014-09-13 23:08 - 2012-07-26 00:26 - 00000160 _____ () C:\WINDOWS\win.ini 2014-09-13 23:00 - 2013-02-23 16:18 - 00885800 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2014-09-13 22:48 - 2014-09-13 22:48 - 00002181 _____ () C:\Users\Tower\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2014-09-13 22:48 - 2014-09-13 22:48 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-ACCOUNTINGPC-Microsoft-Windows-8.1-(64-bit).dat 2014-09-13 22:48 - 2014-09-13 22:48 - 00000000 ____D () C:\RegBackup 2014-09-13 22:47 - 2014-09-13 22:47 - 00000000 ____D () C:\Users\Tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2014-09-13 22:47 - 2014-09-13 22:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2014-09-13 21:51 - 2014-09-13 17:45 - 00002702 _____ () C:\Users\Tower\Desktop\Rkill.txt 2014-09-13 21:31 - 2014-09-13 21:31 - 00036456 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-09-13 21:31 - 2014-09-13 21:31 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-09-13 19:45 - 2014-09-13 19:45 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-13 18:18 - 2014-09-13 18:18 - 00001109 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-09-13 18:18 - 2014-09-13 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-09-13 18:11 - 2014-09-13 18:10 - 00000000 ____D () C:\Program Files\HijackThis 2014-09-13 18:11 - 2013-03-13 09:30 - 00000000 ____D () C:\Users\Tower\AppData\Local\VirtualStore 2014-09-13 16:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-09-13 15:51 - 2013-05-22 13:26 - 00003996 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask 2014-09-13 15:51 - 2013-05-22 13:26 - 00003442 _____ () C:\WINDOWS\System32\Tasks\PCDEventLauncherTask 2014-09-13 15:50 - 2014-06-16 08:03 - 00003484 _____ () C:\WINDOWS\System32\Tasks\PCSpeedCleanPRO_Popup 2014-09-13 15:50 - 2014-06-16 08:03 - 00003218 _____ () C:\WINDOWS\System32\Tasks\PCSpeedCleanPRO_Start 2014-09-13 15:50 - 2013-05-22 13:26 - 00003206 _____ () C:\WINDOWS\System32\Tasks\SystemToolsDailyTest 2014-09-13 10:35 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-09-12 14:34 - 2014-06-26 07:30 - 01073288 _____ () C:\Users\Tower\Desktop\Daily Sheets Time.xlsx 2014-09-12 13:37 - 2014-09-10 07:59 - 00000000 ____D () C:\Users\Tower\Desktop\New folder 2014-09-12 13:36 - 2014-07-01 08:44 - 00000000 ____D () C:\Users\Tower\Desktop\Motorola Solutions PO NP5702770 2014-09-12 12:40 - 2013-03-13 09:30 - 00000000 ____D () C:\Users\Tower\AppData\Local\Packages 2014-09-12 08:06 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-09-11 14:04 - 2014-09-11 14:01 - 00336927 _____ () C:\spyhunter.fix 2014-09-11 12:02 - 2014-09-11 12:02 - 00000000 _____ () C:\autoexec.bat 2014-09-11 12:01 - 2014-09-11 12:01 - 00002276 _____ () C:\Users\Tower\Desktop\SpyHunter.lnk 2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\Users\Tower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\sh4ldr 2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-09-11 12:01 - 2014-09-11 12:00 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-09-11 11:43 - 2014-09-11 11:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-09-11 11:43 - 2013-12-03 12:14 - 00000000 ____D () C:\Users\Tower\AppData\Local\Google 2014-09-11 11:43 - 2013-12-03 12:14 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-11 11:31 - 2013-08-22 09:46 - 00350310 _____ () C:\WINDOWS\setupact.log 2014-09-11 11:25 - 2014-07-09 07:17 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-09-11 11:25 - 2013-11-14 02:17 - 00000000 ____D () C:\Program Files\Windows Journal 2014-09-11 11:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-09-11 11:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-09-11 11:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-09-11 11:25 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-09-11 11:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-09-11 11:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup 2014-09-11 11:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod 2014-09-11 11:25 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup 2014-09-11 11:25 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2014-09-11 11:19 - 2014-06-12 07:15 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-09-11 11:19 - 2014-06-12 07:15 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-09-11 11:19 - 2014-06-12 07:08 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-09-11 11:19 - 2014-06-12 07:08 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-09-11 11:19 - 2014-06-12 07:08 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-09-11 11:19 - 2014-06-12 07:08 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-09-11 11:19 - 2014-06-12 07:08 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-09-11 11:19 - 2014-06-12 07:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-09-11 11:19 - 2014-06-12 07:08 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-09-11 11:19 - 2014-06-12 07:08 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-09-11 11:19 - 2014-06-12 07:08 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-09-11 11:19 - 2014-06-12 07:08 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-09-11 11:19 - 2014-06-12 07:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-09-11 11:19 - 2014-06-12 07:08 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-09-11 11:19 - 2014-05-05 06:55 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-09-11 11:19 - 2014-05-05 06:55 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-09-11 11:19 - 2013-08-14 07:21 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-09-11 11:17 - 2013-03-15 07:36 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-09-11 07:05 - 2014-07-07 13:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-10 12:52 - 2014-09-10 12:52 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-09-10 12:48 - 2014-09-10 12:48 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList 2014-09-10 12:48 - 2014-09-10 12:48 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList 2014-09-10 12:48 - 2014-09-10 12:48 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia 2014-09-09 13:47 - 2013-05-21 12:34 - 00000000 ____D () C:\Users\Tower\Documents\Forms TWI 2014-09-05 13:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Web 2014-09-05 11:37 - 2014-07-22 14:31 - 00000000 ____D () C:\Users\Tower\Desktop\CDS 2014-09-05 10:13 - 2014-09-05 10:12 - 00000000 ____D () C:\Users\Tower\Documents\Vendor Misc W9 Credit Aps 2014-09-05 10:12 - 2013-05-28 08:29 - 00000000 ____D () C:\Users\Tower\Documents\Customer Files and pics 2014-09-05 10:10 - 2013-11-20 13:12 - 00000000 ____D () C:\Users\Tower\Documents\Insurance 2014-09-05 10:10 - 2013-05-28 09:51 - 00000000 ____D () C:\Users\Tower\Documents\Employees 2014-09-05 10:02 - 2013-06-24 09:59 - 00000000 ____D () C:\Users\Tower\Documents\Inspection Reports 2014-09-05 09:27 - 2014-09-05 07:42 - 00000000 ____D () C:\Users\Tower\Desktop\WPVS TV 29 bid pics 2014-09-05 07:31 - 2014-09-05 07:31 - 00895120 _____ (Google Inc.) C:\Users\Tower\Downloads\ChromeSetup.exe 2014-09-04 21:36 - 2014-09-11 06:48 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-09-04 21:31 - 2014-09-11 06:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-09-04 19:48 - 2014-09-11 06:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-09-04 13:04 - 2014-09-04 13:02 - 00000000 ___RD () C:\Users\Tower\Desktop\Security 2014-09-04 07:51 - 2014-08-05 09:24 - 00000000 _RSHD () C:\Users\Tower\b29cx7a722 2014-09-04 07:36 - 2014-09-04 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-09-04 07:36 - 2014-09-04 07:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-09-04 07:29 - 2014-07-07 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-03 14:55 - 2013-06-11 10:02 - 00000000 ____D () C:\Users\Tower\Documents\Amerisafe WC 2014-09-02 15:06 - 2014-09-11 11:29 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-09-02 15:06 - 2014-09-11 11:29 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-29 08:10 - 2013-06-24 10:00 - 00000000 ____D () C:\Users\Tower\Documents\Vehicle and Equip 2014-08-29 06:47 - 2013-03-16 14:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-08-23 02:48 - 2014-09-11 11:12 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2014-08-23 02:13 - 2014-09-11 11:12 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2014-08-23 01:10 - 2014-09-11 11:12 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-08-23 00:32 - 2014-09-11 11:12 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-08-22 23:44 - 2014-09-11 11:12 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-08-22 23:34 - 2014-09-11 11:12 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-08-22 23:33 - 2014-09-11 11:12 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-08-22 23:31 - 2014-09-11 11:12 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-08-22 23:20 - 2014-09-11 11:12 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-08-22 19:42 - 2014-08-28 06:45 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-08-21 15:05 - 2014-08-21 15:05 - 00000045 _____ () C:\Users\Tower\AppData\Roaming\WB.CFG 2014-08-21 14:04 - 2014-08-21 14:04 - 00000000 _____ () C:\nsq783B.tmp 2014-08-21 14:04 - 2014-08-21 14:04 - 00000000 _____ () C:\nsl781B.tmp 2014-08-21 13:32 - 2014-08-21 13:32 - 00000000 ____D () C:\Users\Tower\Documents\Credit Aps 2014-08-21 13:32 - 2013-07-23 13:24 - 00000000 ____D () C:\Users\Tower\Documents\Certified Payroll 2014-08-20 12:56 - 2014-08-20 12:56 - 00000000 _____ () C:\Users\Tower\Downloads\Java.exe Some content of TEMP: ==================== C:\Users\Tower\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-15 07:04 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014 Ran by Tower at 2014-09-15 08:38:02 Running from C:\Users\Tower\Downloads\PastaLeads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Brother MFL-Pro Suite MFC-6490CW (HKLM-x32\...\{20E970DF-A7B2-4345-9DEB-72213A29645E}) (Version: 2.0.0.0 - Brother Industries, Ltd.) CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell KM713 Wireless Keyboard software (HKLM-x32\...\{AF6CD1CF-11E8-4C9F-9644-1A469A499E50}) (Version: 1.0.3.120608 - Dell) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) DELLOSD (HKLM-x32\...\{C36F2D21-38ED-49DB-8923-9A60EDDEF011}) (Version: 1.0.0.15 - DELL) Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation) Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.17.2200 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.5.0.19 - Symantec Corporation) Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.6.15 - Symantec Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version: 2.5.11 - Wyse Technology) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden QuickBooks File Doctor (HKLM-x32\...\{DE7AA711-E66A-4BB9-B5DE-55A0729AE38A}) (Version: 3.5.3 - Intuit) QuickBooks Premier: Contractor Edition 2013 (HKLM-x32\...\{3EE2547F-BFE0-497A-B935-A63BBB07CBD6}) (Version: 23.0.4005.2305 - Intuit Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6673 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC) Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.9 - Tweaking.com) Verizon Mobile Broadband Drivers (HKLM-x32\...\{8BF85767-903F-4E68-86F3-ECF71DF27AA9}) (Version: 3.24.018.001.14 - Novatel Wireless) Verizon Wireless USB551L Firmware Updates (HKLM-x32\...\{9BD53EBD-C5C1-45F3-BF4C-84D8A62A8393}) (Version: 1.0.5 - Smith Micro Software, Inc.) VNC Printer Driver 1.8.0 (HKLM\...\VNCPrinter_is1) (Version: 1.8.0 - RealVNC Ltd.) VNC Server 5.0.4 (HKLM\...\RealVNC_is1) (Version: 5.0.4 - RealVNC Ltd) VZAccess Manager (HKLM-x32\...\{FF35BA14-9CF3-41DD-9BC3-7C2A0763B4F3}) (Version: 7.9.1.0 - Smith Micro Software Inc.) Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3272826584-1123945588-1435745448-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tower\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 26-08-2014 12:54:24 Scheduled Checkpoint 02-09-2014 18:42:38 Scheduled Checkpoint 05-09-2014 18:24:21 Restore Operation 11-09-2014 16:15:49 Windows Update 15-09-2014 12:05:16 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2014-09-13 23:09 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00D624E2-3CBF-48B7-B273-98BA6058F9A4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {03E4FCCA-FC01-49F6-8244-6C01DFACF618} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {049D8197-D5E3-487F-92C9-6EE1D5114CC7} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1485A7D5-1BD6-4793-889B-6B36DB5978A8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {28A23731-871D-4BE0-9554-62013A4203CB} - \PastaQuotes No Task File <==== ATTENTION Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2DA50A5D-C494-4E80-8F08-BF5B1F8C2401} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3272826584-1123945588-1435745448-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {405E21F1-CB31-4783-8CB4-F1DF36434B2E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4E999FEE-54D3-47E2-809C-ABB6A26C7CAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.) Task: {50D1CA41-19DD-48D3-9810-7F100829E8BF} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {52D4643B-63D4-43D3-9D3D-EDBB4BDA10DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.) Task: {61BF1F00-583E-48BE-9A72-DAFA402F4EA3} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {74D9710C-4A61-48E4-8A7A-D739F1AC185C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ACCOUNTINGPC-Tower AccountingPC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-28] (Microsoft Corporation) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {8032A21C-254D-4208-AD05-7ED737358D53} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-11] (Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9DC912E6-23B5-4CC4-8183-FE34DF4F4F18} - \{CABC4209-643E-49C2-A023-622ADAD7262C} No Task File <==== ATTENTION Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A2938E34-331D-4AD6-B0A9-3EDED7EF35AF} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {C1CB7A06-7493-4F3B-8850-0BF23CAFC3B8} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Norton Identity Safe\Engine\2014.7.6.15\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D1ED990C-7C19-46E1-B8E2-9DC85DEA02B5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation) Task: {D612ABF6-65F0-4E46-8E70-5C46E932BECC} - System32\Tasks\PCSpeedCleanPRO_Start => C:\Program Files (x86)\PC Speed Clean PRO\PCSpeedCleanPRO.exe Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DBD3C874-6715-469E-8046-79D2C271D902} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation) Task: {E1D0B630-7074-455C-96C2-EE11413A5A2C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {E636D6F4-A1D0-4772-85D7-C551B7173F56} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F0C4DCBA-3487-4361-B669-457EE670116C} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {F16EE167-450A-444C-A498-2959F24E6511} - \pcreg No Task File <==== ATTENTION Task: {F2A74CA1-5DA4-4159-9315-EF129CDECE27} - System32\Tasks\PCSpeedCleanPRO_Popup => C:\Program Files (x86)\PC Speed Clean PRO\Splash.exe Task: {FFFCAF96-69DE-41A9-AFCF-511EFD326656} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-25 06:53 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-02-23 16:02 - 2012-07-12 18:50 - 00122880 ____R () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe 2013-02-23 16:05 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2013-04-07 12:01 - 2005-04-22 14:36 - 00143360 ____N () C:\WINDOWS\system32\BrSNMP64.dll 2014-07-13 10:50 - 2013-01-22 17:35 - 00107816 _____ () C:\Program Files\RealVNC\VNC Server\desktop_dupl.dll 2014-08-28 07:05 - 2014-08-28 07:05 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-08-08 17:11 - 2012-08-08 17:11 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll 2012-10-24 11:21 - 2012-10-24 11:21 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll 2012-10-24 11:21 - 2012-10-24 11:21 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL 2013-02-23 16:02 - 2011-08-26 05:37 - 00049152 ____R () C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe 2013-02-23 16:02 - 2012-07-04 17:10 - 00233472 ____R () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe 2013-02-23 16:02 - 2011-10-07 12:57 - 00412672 _____ () C:\Program Files (x86)\DELL\Dell KM713 Wireless Keyboard software\CDCtr.exe 2014-01-15 09:01 - 2012-09-25 12:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe 2012-10-24 11:18 - 2012-10-24 11:18 - 00188928 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe 2012-10-24 11:21 - 2012-10-24 11:21 - 02216448 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\AetherCommLib.dll 2014-09-13 18:18 - 2014-09-13 18:41 - 00751680 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll 2013-02-23 16:02 - 2011-08-22 13:15 - 00028672 _____ () C:\Program Files (x86)\DELL\Dell KM713 Wireless Keyboard software\CDCTR.DLL 2014-01-16 13:04 - 2014-01-16 13:04 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll 2014-01-16 13:04 - 2014-01-16 13:04 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll 2014-01-16 13:04 - 2014-01-16 13:04 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll 2014-01-16 13:04 - 2014-01-16 13:04 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll 2014-01-16 11:04 - 2014-01-16 11:04 - 00128840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll 2014-01-16 13:04 - 2014-01-16 13:04 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll 2012-12-22 23:53 - 2012-12-22 23:53 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll 2014-01-16 13:04 - 2014-01-16 13:04 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll 2014-01-16 13:04 - 2014-01-16 13:04 - 00570696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll 2014-01-16 13:04 - 2014-01-16 13:04 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll 2014-06-19 06:52 - 2014-06-19 06:52 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2013-02-23 16:04 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-01-15 09:01 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-09-12 08:44 - 2014-09-12 08:44 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\544b34ebc440f32749933c327353aa78\PSIClient.ni.dll 2013-02-23 15:58 - 2012-06-26 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-06-19 06:52 - 2014-06-19 06:52 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Syst52F42C8A:$WIMMOUNTDATA AlternateDataStreams: C:\Users\Tower\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "ShopAtHomeUpdater" HKLM\...\StartupApproved\Run32: => "ShopAtHomeWatcher" ==================== Faulty Device Manager Devices ============= Name: Bluetooth Audio Device Description: Bluetooth Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Service: BTATH_A2DP Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Virtual Bluetooth Support (Include Audio) Description: Virtual Bluetooth Support (Include Audio) Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: AthBTPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Bluetooth LWFLT Device Description: Bluetooth LWFLT Device Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: BTATH_LWFLT Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-Msg: DD error(DD creation failed: access denied) Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-Msg: DD error(DD updater thread cannot be initialised error) Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-Msg: DD error(DD creation failed: access denied) Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-Msg: DD error(DD updater thread cannot be initialised error) Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-Msg: DD error(DD reconfiguration detected) Error: (09/15/2014 08:35:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FRST64.exe, version: 12.9.2014.0, time stamp: 0x541330eb Faulting module name: FRST64.exe, version: 12.9.2014.0, time stamp: 0x541330eb Exception code: 0xc0000005 Fault offset: 0x00000000000247c9 Faulting process id: 0x1398 Faulting application start time: 0xFRST64.exe0 Faulting application path: FRST64.exe1 Faulting module path: FRST64.exe2 Report Id: FRST64.exe3 Faulting package full name: FRST64.exe4 Faulting package-relative application ID: FRST64.exe5 Error: (09/15/2014 08:35:09 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-Msg: DD error(DD creation failed: access denied) Error: (09/15/2014 08:35:09 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-Msg: DD error(DD updater thread cannot be initialised error) Error: (09/15/2014 08:35:08 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-Msg: DD error(DD creation failed: access denied) Error: (09/15/2014 08:35:08 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-Msg: DD error(DD updater thread cannot be initialised error) System errors: ============= Error: (09/15/2014 08:30:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Defender Service service failed to start due to the following error: %%577 Error: (09/15/2014 08:29:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Novatel Wireless Verizon Device Helper service failed to start due to the following error: %%1053 Error: (09/15/2014 08:29:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Novatel Wireless Verizon Device Helper service to connect. Error: (09/15/2014 06:56:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Defender Service service failed to start due to the following error: %%577 Error: (09/15/2014 06:54:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Novatel Wireless Verizon Device Helper service failed to start due to the following error: %%1053 Error: (09/15/2014 06:54:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Novatel Wireless Verizon Device Helper service to connect. Error: (09/15/2014 06:53:59 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:49:10 AM on ‎9/‎15/‎2014 was unexpected. Error: (09/15/2014 06:51:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (09/15/2014 06:50:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (09/15/2014 06:50:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Microsoft Office Sessions: ========================= Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-MsgDD error(DD creation failed: access denied) Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-MsgDD error(DD updater thread cannot be initialised error) Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-MsgDD error(DD creation failed: access denied) Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-MsgDD error(DD updater thread cannot be initialised error) Error: (09/15/2014 08:36:57 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-MsgDD error(DD reconfiguration detected) Error: (09/15/2014 08:35:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: FRST64.exe12.9.2014.0541330ebFRST64.exe12.9.2014.0541330ebc000000500000000000247c9139801cfd0e9e0e46589C:\Users\Tower\Downloads\PastaLeads\FRST64.exeC:\Users\Tower\Downloads\PastaLeads\FRST64.exe2e617ed1-3cdd-11e4-bed7-f4b7e2a01ec8 Error: (09/15/2014 08:35:09 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-MsgDD error(DD creation failed: access denied) Error: (09/15/2014 08:35:09 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-MsgDD error(DD updater thread cannot be initialised error) Error: (09/15/2014 08:35:08 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-MsgDD error(DD creation failed: access denied) Error: (09/15/2014 08:35:08 AM) (Source: VNC Server) (EventID: 256) (User: ) Description: SDisplayCoreDd-MsgDD error(DD updater thread cannot be initialised error) CodeIntegrity Errors: =================================== Date: 2014-09-15 08:30:41.550 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-15 06:56:58.855 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core™ i5-3330S CPU @ 2.70GHz Percentage of memory in use: 35% Total physical RAM: 6030.86 MB Available physical RAM: 3919.46 MB Total Pagefile: 6990.86 MB Available Pagefile: 3934 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:916.43 GB) (Free:804.17 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 440D3E61) Partition: GPT Partition Type. ==================== End Of Log ============================

#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 15 September 2014 - 08:51 AM

The logs are very painful to read because the line breaks have been lost.
Can you please attach these two logs to the thread instead?

#5 slucente

slucente
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 15 September 2014 - 09:23 AM

Lets try attaching them. -Sam

Attached Files



#6 slucente

slucente
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 15 September 2014 - 09:24 AM

And here's the other.
-Sam

#7 slucente

slucente
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 15 September 2014 - 09:25 AM

One more time.

Attached Files

  • Attached File  FRST.txt   75.77KB   9 downloads


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 15 September 2014 - 09:54 AM

So right now there is still this proxy enabled in the settings that cannot be disabled?

#9 slucente

slucente
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 15 September 2014 - 10:12 AM

That's correct.  Using Internet Properties from the Control Panel, allows me to disable the proxy settings.  But once I do so, save them and exit, the settings get automatically reverted back.  Even if I try to change the values used for the Proxy Settings, they will also be reverted back automatically if changed and saved.  Its most likely a trojan or another application that is looking for these registry values and auto-correcting them if changed.

 

Others have had similar issues like this, especially after removing the PastaLeads adware, but nothing I have found thus far has fixed the Proxy settings issue.

 

-Sam



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 15 September 2014 - 10:20 AM

Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif

#11 slucente

slucente
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 15 September 2014 - 02:10 PM

Attached is the Hitman pro 64bit Log you requested.
-Sam

Attached Files



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 15 September 2014 - 02:31 PM

Ok, now please run HitmanPro again. But this time don't close the program when the scan has finished but click on "Next" to do the repairs. Afterwards reboot the computer. Is the problem still present after the reboot?

#13 slucente

slucente
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 15 September 2014 - 02:54 PM

Unfortunately, the problem still exists.  The Proxy Server setting cannot be removed.

-Sam



#14 slucente

slucente
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:01 PM

Posted 17 September 2014 - 09:42 AM

Can I expect a next step or should I just proceed to rebuilding the PC?

-Sam



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 PM

Posted 17 September 2014 - 10:00 AM

Sorry I somehow missed your reply.

Let's read out some data first:


Please download this attached Attached File  fixlist.txt   84bytes   53 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users