Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wajam/BlockNSurf/BlockAndSurf/ZombieAlert Adware Infection - Need Help Removing!


  • This topic is locked This topic is locked
11 replies to this topic

#1 DeLoreanDude

DeLoreanDude

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:04:46 AM

Posted 03 October 2014 - 07:59 PM

Came home from work to have my mother tell me she thinks she put something on the PC, so I head into add/remove programs and see BlockNSurf in there. I uninstall it, but notice lag while surfing and a blank pop up page anytime I click a link in Bing/Google, that is if the link will load at all.

 

I immediately head here and found a topic still in progress about ZombieAlert so took the steps outlined there.

 

Here is the Security Check log:

 

 Results of screen317's Security Check version 0.99.88 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Adobe Reader XI 
 Google Chrome 37.0.2062.120 
 Google Chrome 37.0.2062.124 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Windows Defender MpCmdRun.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

MiniToolBar logs:

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by HHGREGG (administrator) on 03-10-2014 at 19:06:58
Running from "C:\Users\HHGREGG\Desktop\Adware Removal"
Microsoft Windows 8.1 Pro with Media Center  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/03/2014 07:04:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/03/2014 06:00:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: msfeedssync.exe, version: 11.0.9600.16384, time stamp: 0x5215f4d2
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x0000000000036c20
Faulting process id: 0x20c4
Faulting application start time: 0xmsfeedssync.exe0
Faulting application path: msfeedssync.exe1
Faulting module path: msfeedssync.exe2
Report Id: msfeedssync.exe3
Faulting package full name: msfeedssync.exe4
Faulting package-relative application ID: msfeedssync.exe5

Error: (10/03/2014 05:45:35 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (10/03/2014 08:21:29 AM) (Source: Application Error) (User: )
Description: Faulting application name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939
Faulting module name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939
Exception code: 0xc0000005
Fault offset: 0x00021a20
Faulting process id: 0x4634
Faulting application start time: 0xWajamInternetEnhancerService.exe0
Faulting application path: WajamInternetEnhancerService.exe1
Faulting module path: WajamInternetEnhancerService.exe2
Report Id: WajamInternetEnhancerService.exe3
Faulting package full name: WajamInternetEnhancerService.exe4
Faulting package-relative application ID: WajamInternetEnhancerService.exe5

Error: (10/03/2014 08:21:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939
Faulting module name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939
Exception code: 0xc0000005
Fault offset: 0x00021a20
Faulting process id: 0x53f4
Faulting application start time: 0xWajamInternetEnhancerService.exe0
Faulting application path: WajamInternetEnhancerService.exe1
Faulting module path: WajamInternetEnhancerService.exe2
Report Id: WajamInternetEnhancerService.exe3
Faulting package full name: WajamInternetEnhancerService.exe4
Faulting package-relative application ID: WajamInternetEnhancerService.exe5

Error: (10/02/2014 08:28:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: msfeedssync.exe, version: 11.0.9600.16384, time stamp: 0x5215f4d2
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x0000000000036c20
Faulting process id: 0x7a0
Faulting application start time: 0xmsfeedssync.exe0
Faulting application path: msfeedssync.exe1
Faulting module path: msfeedssync.exe2
Report Id: msfeedssync.exe3
Faulting package full name: msfeedssync.exe4
Faulting package-relative application ID: msfeedssync.exe5

Error: (10/02/2014 05:26:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: msfeedssync.exe, version: 11.0.9600.16384, time stamp: 0x5215f4d2
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x0000000000036c20
Faulting process id: 0x78f0
Faulting application start time: 0xmsfeedssync.exe0
Faulting application path: msfeedssync.exe1
Faulting module path: msfeedssync.exe2
Report Id: msfeedssync.exe3
Faulting package full name: msfeedssync.exe4
Faulting package-relative application ID: msfeedssync.exe5

Error: (10/02/2014 02:28:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: msfeedssync.exe, version: 11.0.9600.16384, time stamp: 0x5215f4d2
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x0000000000036c20
Faulting process id: 0x6854
Faulting application start time: 0xmsfeedssync.exe0
Faulting application path: msfeedssync.exe1
Faulting module path: msfeedssync.exe2
Report Id: msfeedssync.exe3
Faulting package full name: msfeedssync.exe4
Faulting package-relative application ID: msfeedssync.exe5

Error: (10/02/2014 11:08:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: msfeedssync.exe, version: 11.0.9600.16384, time stamp: 0x5215f4d2
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x0000000000036c20
Faulting process id: 0x5e80
Faulting application start time: 0xmsfeedssync.exe0
Faulting application path: msfeedssync.exe1
Faulting module path: msfeedssync.exe2
Report Id: msfeedssync.exe3
Faulting package full name: msfeedssync.exe4
Faulting package-relative application ID: msfeedssync.exe5

Error: (10/01/2014 08:22:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: msfeedssync.exe, version: 11.0.9600.16384, time stamp: 0x5215f4d2
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x0000000000036c20
Faulting process id: 0x2dec
Faulting application start time: 0xmsfeedssync.exe0
Faulting application path: msfeedssync.exe1
Faulting module path: msfeedssync.exe2
Report Id: msfeedssync.exe3
Faulting package full name: msfeedssync.exe4
Faulting package-relative application ID: msfeedssync.exe5

System errors:
=============
Error: (10/03/2014 08:21:29 AM) (Source: Service Control Manager) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (10/03/2014 08:21:10 AM) (Source: Service Control Manager) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (09/28/2014 05:54:07 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (09/28/2014 05:54:07 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (09/27/2014 06:15:53 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (09/24/2014 07:54:38 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (09/14/2014 05:57:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240055: Update for Windows 8.1 for x64-based Systems (KB2975719).

Error: (09/12/2014 04:41:54 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (09/11/2014 06:55:53 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (08/30/2014 07:12:01 AM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Microsoft Office Sessions:
=========================
Error: (10/03/2014 07:04:26 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\HHGREGG\Downloads\esetsmartinstaller_enu.exe

Error: (10/03/2014 06:00:45 PM) (Source: Application Error)(User: )
Description: msfeedssync.exe11.0.9600.163845215f4d2ntdll.dll6.3.9600.1711453649e73c00000050000000000036c2020c401cfdf5ddb3a4c17C:\WINDOWS\system32\msfeedssync.exeC:\WINDOWS\SYSTEM32\ntdll.dll1b117892-4b51-11e4-bec5-e840f24a5630

Error: (10/03/2014 05:45:35 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (10/03/2014 08:21:29 AM) (Source: Application Error)(User: )
Description: WajamInternetEnhancerService.exe2.15.2.554240939WajamInternetEnhancerService.exe2.15.2.554240939c000000500021a20463401cfdf0cf0e63c23C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exeC:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe2e94d334-4b00-11e4-bec5-e840f24a5630

Error: (10/03/2014 08:21:25 AM) (Source: Application Error)(User: )
Description: WajamInternetEnhancerService.exe2.15.2.554240939WajamInternetEnhancerService.exe2.15.2.554240939c000000500021a2053f401cfdf0ce5f5c189C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exeC:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe2c9046c4-4b00-11e4-bec5-e840f24a5630

Error: (10/02/2014 08:28:13 PM) (Source: Application Error)(User: )
Description: msfeedssync.exe11.0.9600.163845215f4d2ntdll.dll6.3.9600.1711453649e73c00000050000000000036c207a001cfdea94544e41fC:\WINDOWS\system32\msfeedssync.exeC:\WINDOWS\SYSTEM32\ntdll.dll8a8e9402-4a9c-11e4-bec5-e840f24a5630

Error: (10/02/2014 05:26:42 PM) (Source: Application Error)(User: )
Description: msfeedssync.exe11.0.9600.163845215f4d2ntdll.dll6.3.9600.1711453649e73c00000050000000000036c2078f001cfde8feb83f75bC:\WINDOWS\system32\msfeedssync.exeC:\WINDOWS\SYSTEM32\ntdll.dll2eee838c-4a83-11e4-bec5-e840f24a5630

Error: (10/02/2014 02:28:55 PM) (Source: Application Error)(User: )
Description: msfeedssync.exe11.0.9600.163845215f4d2ntdll.dll6.3.9600.1711453649e73c00000050000000000036c20685401cfde7716ae0f4fC:\WINDOWS\system32\msfeedssync.exeC:\WINDOWS\SYSTEM32\ntdll.dll58dc14dd-4a6a-11e4-bec5-e840f24a5630

Error: (10/02/2014 11:08:03 AM) (Source: Application Error)(User: )
Description: msfeedssync.exe11.0.9600.163845215f4d2ntdll.dll6.3.9600.1711453649e73c00000050000000000036c205e8001cfde5b0b4ce6ecC:\WINDOWS\system32\msfeedssync.exeC:\WINDOWS\SYSTEM32\ntdll.dll4976682e-4a4e-11e4-bec5-e840f24a5630

Error: (10/01/2014 08:22:01 PM) (Source: Application Error)(User: )
Description: msfeedssync.exe11.0.9600.163845215f4d2ntdll.dll6.3.9600.1711453649e73c00000050000000000036c202dec01cfdddf35f95213C:\WINDOWS\system32\msfeedssync.exeC:\WINDOWS\SYSTEM32\ntdll.dll821d9030-49d2-11e4-bec5-e840f24a5630

CodeIntegrity Errors:
===================================
  Date: 2014-10-03 12:50:12.257
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 12:50:12.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 12:50:12.005
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 12:50:11.930
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 12:50:10.366
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 12:50:10.294
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 12:50:10.218
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 12:50:10.143
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 12:13:06.447
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 12:13:06.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
1 Moment of Time - Silentville (HKLM-x32\...\1 Moment of Time - SilentvilleFINAL) (Version: FINAL - AllSmartGames)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Gypsy's Tale - The Tower Of Secrets . (HKLM-x32\...\A Gypsy's Tale - The Tower Of Secrets .) (Version:  - )
A Wizards Curse 1.00 (HKLM-x32\...\A Wizards Curse 1.00) (Version: 1.00 - Games)
Abyss - The Wraiths of Eden (HKLM-x32\...\Abyss - The Wraiths of EdenFinal) (Version: Final - AllSmartGames)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Awakening Kingdoms 1.0.4 (HKLM-x32\...\Awakening Kingdoms 1.0.4) (Version: 1.0.4 - Cat-A-Cat)
Azada Elementa Collectors Edition 1.00 (HKLM-x32\...\Azada Elementa Collectors Edition 1.00) (Version: 1.00 - Games)
Barn Yarn Collectors 1.00 (HKLM-x32\...\Barn Yarn Collectors 1.00) (Version: 1.00 - Games)
Big City Adventure 6 - Paris (HKLM-x32\...\Big City Adventure 6 - Paris1.0) (Version: 1.0 - Foxy Games)
Big City Adventure 8 - Rio de Janeiro Classic Edition (HKLM-x32\...\Big City Adventure 8 - Rio de Janeiro Classic EditionFinal) (Version: Final - Game-Owl.com)
Big City Adventure 8 - Tokyo (HKLM-x32\...\Big City Adventure 8 - TokyoFinal) (Version: Final - AllSmartGames)
Big City Adventure London Classic 1.00 (HKLM-x32\...\Big City Adventure London Classic 1.00) (Version:  - )
Big City Adventure London Story 1.00 (HKLM-x32\...\Big City Adventure London Story 1.00) (Version:  - )
Big City Adventure Vancouver CE 1.00 (HKLM-x32\...\Big City Adventure Vancouver CE 1.00) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.7 - )
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDisplayEx 1.9.3 (HKLM\...\CDisplayEx_is1) (Version:  - Henri Gourvest.)
Chimeras - Tune of Revenge Collector's Edition (HKLM-x32\...\Chimeras - Tune of Revenge Collector's EditionFinal) (Version: Final - AllSmartGames)
Christmas Tales - Fellinas Journey (HKLM-x32\...\Christmas Tales - Fellinas Journey1.0) (Version: 1.0 - AllSmartGames)
Christmas Wonderland 1.00 (HKLM-x32\...\Christmas Wonderland 1.00) (Version:  - )
Christmas Wonderland 2 (HKLM-x32\...\Christmas Wonderland 21.0) (Version: 1.0 - Foxy Games)
Christmas Wonderland 3 (HKLM-x32\...\Christmas Wonderland 31.0) (Version: 1.0 - Foxy Games)
Christmas Wonderland 4 (HKLM-x32\...\Christmas Wonderland 4Final) (Version: Final - AllSmartGames)
Christmasville (HKLM-x32\...\Christmasville1.0) (Version: 1.0 - Bigfish Games)
Chronicles of Albian The Magic Convention 1.00 (HKLM-x32\...\Chronicles of Albian The Magic Convention 1.00) (Version:  - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Clockwork Tales - Of Glass and Ink - Collectors Edition (HKLM-x32\...\Clockwork Tales - Of Glass and Ink - Collectors EditionFinal) (Version: Final - AllSmartGames)
Cruel Games Red Riding Hood (HKLM-x32\...\Cruel Games Red Riding HoodFinal) (Version: Final - AllSmartGames)
Crystals of Time 1.00 (HKLM-x32\...\Crystals of Time 1.00) (Version: 1.00 - Games)
Dark Lore Mysteries.The Hunt for Truth 1.0 (HKLM-x32\...\Dark Lore Mysteries.The Hunt for Truth 1.0) (Version: 1.0 - Cat-A-Cat)
Dark Parables The Final Cinderella Collectors 1.00 (HKLM-x32\...\Dark Parables The Final Cinderella Collectors 1.00) (Version: 1.00 - Games)
Delicious Emilys Honeymoon Cruise 1.00 (HKLM-x32\...\Delicious Emilys Honeymoon Cruise 1.00) (Version: 1.00 - Games)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dream Chronicles - The Book of Air Collector's Edition . (HKLM-x32\...\Dream Chronicles - The Book of Air Collector's Edition .) (Version:  - )
Easter Eggztravaganza 2 (HKLM-x32\...\Easter Eggztravaganza 21.0) (Version: 1.0 - Foxy Games)
Echoes of the Past The Kingdom of Despair CE (HKLM-x32\...\Echoes of the Past The Kingdom of Despair CEFinal) (Version: Final - AllSmartGames)
Empress of the Deep (HKLM-x32\...\Empress of the Deep_is1) (Version:  - )
Empress of the Deep 2 Song of the Blue Whale CE 1.00 (HKLM-x32\...\Empress of the Deep 2 Song of the Blue Whale CE 1.00) (Version:  - )
Empress of the Deep III Legacy of the Phoenix CE (HKLM-x32\...\Empress of the Deep III Legacy of the Phoenix CEFINAL) (Version: FINAL - AllSmartGames)
Enchantia-Wrath of the Phoenix Queen CE (HKLM-x32\...\Enchantia-Wrath of the Phoenix Queen CEFINAL) (Version: FINAL - AllSmartGames)
Fairy Tale Mysteries - The Puppet Thief CE (HKLM-x32\...\Fairy Tale Mysteries - The Puppet Thief CEFinal) (Version: Final - AllSmartGames)
Farm Mystery - Happy Orchard Nightmare (HKLM-x32\...\Farm Mystery - Happy Orchard Nightmare1.0) (Version: 1.0 - Foxy Games)
Farmington Tales (HKLM-x32\...\Farmington Tales1.0) (Version: 1.0 - Foxy Games)
Farmington Tales 2 - Winter Crop (HKLM-x32\...\Farmington Tales 2 - Winter Crop1.1) (Version: 1.1 - Foxy Games)
Farmscapes Collector's Edition Just For Fun Games (HKLM-x32\...\Farmscapes Collector's Edition Just For Fun Games) (Version:  - )
Forbidden Secrets Alien Town Collectors Edition (HKLM-x32\...\Forbidden Secrets Alien Town Collectors EditionFinal) (Version: Final - AllSmartGames)
Forest Legends - The Call of Love Collector's Edition (HKLM-x32\...\Forest Legends - The Call of Love Collector's EditionFinal) (Version: Final - AllSmartGames)
Gardenscapes - Mansion Makeover Collectors Edition (HKLM-x32\...\Gardenscapes - Mansion Makeover Collectors Edition1.0) (Version: 1.0 - Foxy Games)
Gardenscapes 1.00 (HKLM-x32\...\Gardenscapes 1.00) (Version:  - )
Gardenscapes 2 Collector's Edition (HKLM-x32\...\Gardenscapes 2 Collector's EditionFINAL) (Version: FINAL - AllSmartGames)
Ghost - Elisa Cameron (HKLM-x32\...\Ghost - Elisa CameronFINAL) (Version: FINAL - AllSmartGames)
Golden Trails - The New Western Rush (HKLM-x32\...\Golden Trails - The New Western Rush1.0) (Version: 1.0 - AllSmartGames)
Golden Trails 3 - The Guardian's Creed (HKLM-x32\...\Golden Trails 3 - The Guardian's CreedFinal) (Version: Final - AllSmartGames)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grim Tales 4- The Stone Queen Collector's Edition (HKLM-x32\...\Grim Tales 4- The Stone Queen Collector's EditionFINAL) (Version: FINAL - AllSmartGames)
Grim Tales 5 -  Bloody Mary Collectors Edition (HKLM-x32\...\Grim Tales 5 -  Bloody Mary Collectors EditionFinal) (Version: Final - AllSmartGames)
Halloween 2 The Pirate's Curse (HKLM-x32\...\Halloween 2 The Pirate's CurseFinal) (Version: Final - AllSmartGames)
Haunted Hotel 2 - Believe the Lies 1.00 (HKLM-x32\...\Haunted Hotel 2 - Believe the Lies 1.00) (Version:  - )
Haunted Legends 3- The Undertaker Collector's Edition (HKLM-x32\...\Haunted Legends 3- The Undertaker Collector's EditionFinal) (Version: Final - AllSmartGames)
Haunted Legends The Bronze Horseman Collectors Edition 1.00 (HKLM-x32\...\Haunted Legends The Bronze Horseman Collectors Edition 1.00) (Version:  - )
Haunted Legends The Curse of Vox Collectors 1.00 (HKLM-x32\...\Haunted Legends The Curse of Vox Collectors 1.00) (Version: 1.00 - Games)
Haunted Legends The Queen of Spades CE NEW 1.00 (HKLM-x32\...\Haunted Legends The Queen of Spades CE NEW 1.00) (Version:  - )
Hidden in Time - Mirror Mirror 1.00 (HKLM-x32\...\Hidden in Time - Mirror Mirror 1.00) (Version:  - )
Hidden Memories of a Bright Summer (HKLM-x32\...\Hidden Memories of a Bright SummerFinal) (Version: Final - AllSmartGames)
Hidden Mysteries Return to Titanic 1.00 (HKLM-x32\...\Hidden Mysteries Return to Titanic 1.00) (Version:  - )
Hidden Mysteries World (HKLM-x32\...\Hidden Mysteries WorldFINAL) (Version: FINAL - AllSmartGames)
Hidden Object Home Makeover 2 (HKLM-x32\...\Hidden Object Home Makeover 21.1) (Version: 1.1 - Foxy Games)
Hidden Wonders of the Depths 3 - Atlantis Adventures (HKLM-x32\...\Hidden Wonders of the Depths 3 - Atlantis Adventures1.0) (Version: 1.0 - AllSmartGames)
Holly A Christmas Tale Deluxe FINAL 1.6.6 (HKLM-x32\...\Holly A Christmas Tale Deluxe FINAL 1.6.6) (Version:  - )
Home Makeover (HKLM-x32\...\Home Makeover1.1) (Version: 1.1 - Foxy Games)
House of 1000 Doors Serpent Flame Collectors 1.00 (HKLM-x32\...\House of 1000 Doors Serpent Flame Collectors 1.00) (Version: 1.00 - Games)
Into the Haze 1.0 (HKLM-x32\...\Into the Haze 1.0) (Version: 1.0 - Cat-A-Cat)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.1 - IObit)
Island Tribe 2 (HKLM-x32\...\Island Tribe 21.0) (Version: 1.0 - FishBone Games)
Island Tribe 3 . (HKLM-x32\...\Island Tribe 3 .) (Version:  - )
Island Tribe 4 (HKLM-x32\...\Island Tribe 41.0) (Version: 1.0 - Foxy Games)
Island Tribe 5 (HKLM-x32\...\Island Tribe 51.1) (Version: 1.1 - Foxy Games)
Jane Austens Estate of Affairs 1.00 (HKLM-x32\...\Jane Austens Estate of Affairs 1.00) (Version: 1.00 - Games)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kate Arrow Deserted Wood 1.00 (HKLM-x32\...\Kate Arrow Deserted Wood 1.00) (Version:  - )
Kingdom Chronicles Collectors Edition 1.00 (HKLM-x32\...\Kingdom Chronicles Collectors Edition 1.00) (Version:  - )
Laruaville (HKLM-x32\...\LaruavilleFinal) (Version: Final - AllSmartGames)
Legend of Egypt 3 - Jewels of the Gods (HKLM-x32\...\Legend of Egypt 3 - Jewels of the GodsFinal) (Version: Final - Game-Owl.com)
Living Legends - Ice Rose CE (HKLM-x32\...\Living Legends - Ice Rose CE1.0) (Version: 1.0 - Foxy Games)
Living Legends Frozen Beauty Collectors 1.00 (HKLM-x32\...\Living Legends Frozen Beauty Collectors 1.00) (Version: 1.00 - Games)
Lost In Night (HKLM-x32\...\Lost In Night1.0) (Version: 1.0 - Foxy Games)
magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Manor Memoirs Collector's Edition version 1.0 (HKLM-x32\...\{36D69A13-5EA4-44BC-98E5-7126927491B5}_is1) (Version: 1.0 - )
MatchMaker 2-Curse of Deserted Bride (HKLM-x32\...\MatchMaker 2-Curse of Deserted BrideFinal) (Version: Final - AllSmartGames)
Mayan Prophecies Cursed Island Collectors 1.00 (HKLM-x32\...\Mayan Prophecies Cursed Island Collectors 1.00) (Version: 1.00 - Games)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mortimer Beckett and the Secrets of Spooky Manor 1.1.0 (HKLM-x32\...\Mortimer Beckett and the Secrets of Spooky Manor 1.1.0) (Version:  - )
Mortimer Beckett And The Time Paradox FINAL 1.00 (HKLM-x32\...\Mortimer Beckett And The Time Paradox FINAL 1.00) (Version:  - )
Mosaic: Tomb of Mystery (HKLM-x32\...\{B669BFE0-5352-4DDB-92DB-C1FBB3B2ADD8}_is1) (Version:  - )
Mountain Trap - The Manor of Memories (HKLM-x32\...\Mountain Trap - The Manor of MemoriesFINAL) (Version: FINAL - AllSmartGames)
Mystery Case Files Fates Carnival Collectors 1.00 (HKLM-x32\...\Mystery Case Files Fates Carnival Collectors 1.00) (Version: 1.00 - Games)
Mystery Legends - Sleepy Hollow 1.00 (HKLM-x32\...\Mystery Legends - Sleepy Hollow 1.00) (Version:  - )
Mystery P.I. - The Curious Case of Counterfeit Cove (HKLM-x32\...\Mystery P.I. - The Curious Case of Counterfeit Cove) (Version:  - )
Mystery P.I. - The New York Fortune FINAL 1.00 (HKLM-x32\...\Mystery P.I. - The New York Fortune FINAL 1.00) (Version:  - )
Mystery Trackers 5. Silent Hollow CE 1.0 (HKLM-x32\...\Mystery Trackers 5. Silent Hollow CE 1.0) (Version: 1.0 - Cat-A-Cat)
Mystery Trackers The Void Collectors Edition 1.00 (HKLM-x32\...\Mystery Trackers The Void Collectors Edition 1.00) (Version:  - )
Natural Threat 2 1.0 (HKLM-x32\...\Natural Threat 2 1.0) (Version: 1.0 - Cat-A-Cat)
Nearwood Collector's Edition (HKLM-x32\...\Nearwood Collector's EditionFinal) (Version: Final - AllSmartGames)
Nightmare Realm 2- In the End Collector's Edition (HKLM-x32\...\Nightmare Realm 2- In the End Collector's EditionFINAL) (Version: FINAL - AllSmartGames)
Nightmares from the Deep 2- The Sirens Call - CE (HKLM-x32\...\Nightmares from the Deep 2- The Sirens Call - CEFinal) (Version: Final - AllSmartGames)
Northern Tale (HKLM-x32\...\Northern Tale1.0) (Version: 1.0 - Foxy Games)
Northern Tale 2 1.0 (HKLM-x32\...\Northern Tale 2 1.0) (Version: 1.0 - Cat-A-Cat)
Northern Tale 4 (HKLM-x32\...\Northern Tale 41.1) (Version: 1.1 - Foxy Games)
NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Otherworld - Spring of Shadows CE (HKLM-x32\...\Otherworld - Spring of Shadows CE1.0) (Version: 1.0 - AllSmartGames)
Otherworld 2- Omens of Summer Collector's Edition (HKLM-x32\...\Otherworld 2- Omens of Summer Collector's EditionFINAL) (Version: FINAL - AllSmartGames)
Otherworld Shades of Fall Collectors 1.00 (HKLM-x32\...\Otherworld Shades of Fall Collectors 1.00) (Version: 1.00 - Games)
Phenomenon 2 - Meteorite Collector's Edition (HKLM-x32\...\Phenomenon 2 - Meteorite Collector's EditionFINAL) (Version: FINAL - AllSmartGames)
Plex Media Server (HKLM-x32\...\{bcb7db0e-500f-445b-8200-bdde7f3c7f08}) (Version: 0.9.910 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.910 - Plex, Inc.) Hidden
Portal of Evil Stolen Runes Collectors 1.00 (HKLM-x32\...\Portal of Evil Stolen Runes Collectors 1.00) (Version: 1.00 - Games)
PuppetShow Destiny Undone Collectors 1.00 (HKLM-x32\...\PuppetShow Destiny Undone Collectors 1.00) (Version: 1.00 - Games)
Queens Tales - The Beast and the Nightingale (HKLM-x32\...\Queens Tales - The Beast and the Nightingale1.1) (Version: 1.1 - Foxy Games)
Rainbow Web 3 1.00 (HKLM-x32\...\Rainbow Web 3 1.00) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Redemption Cemetery 4 - Salvation of the Lost CE (HKLM-x32\...\Redemption Cemetery 4 - Salvation of the Lost CEFINAL) (Version: FINAL - AllSmartGames)
Redemption Cemetery Curse of the Raven Collectors Edition 1.00 (HKLM-x32\...\Redemption Cemetery Curse of the Raven Collectors Edition 1.00) (Version:  - )
Rite of Passage Child of the Forest Collectors 1.00 (HKLM-x32\...\Rite of Passage Child of the Forest Collectors 1.00) (Version: 1.00 - Games)
Secret Trails Frozen Heart Collectors 1.00 (HKLM-x32\...\Secret Trails Frozen Heart Collectors 1.00) (Version: 1.00 - Games)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Shiver Moonlit Grove Collectors 1.00 (HKLM-x32\...\Shiver Moonlit Grove Collectors 1.00) (Version: 1.00 - Games)
Shiver Vanishing Hitchhiker Collectors Edition 1.00 (HKLM-x32\...\Shiver Vanishing Hitchhiker Collectors Edition 1.00) (Version:  - )
Sister's Secrecy - Arcanum Bloodlines CE (HKLM-x32\...\Sister's Secrecy - Arcanum Bloodlines CEFinal) (Version: Final - AllSmartGames)
Small Town Terrors 2 - Pilgrim's Hook Collector's Edition (HKLM-x32\...\Small Town Terrors 2 - Pilgrim's Hook Collector's EditionFinal) (Version: Final - AllSmartGames)
Snark Busters - High Society . (HKLM-x32\...\Snark Busters - High Society .) (Version:  - )
Snark Busters Welcome to the Club 1.00 (HKLM-x32\...\Snark Busters Welcome to the Club 1.00) (Version:  - )
Solitaire Mystery - Stolen Power (HKLM-x32\...\Solitaire Mystery - Stolen Power1.0) (Version: 1.0 - Foxy Games)
Solitaire Mystery 2 - Four Seasons (HKLM-x32\...\Solitaire Mystery 2 - Four SeasonsFinal) (Version: Final - AllSmartGames)
Spooky Bonus (HKLM-x32\...\Spooky Bonus1.1) (Version: 1.1 - Foxy Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales of Lagoona 2 - Peril at Poseidon Park 1.0 (HKLM-x32\...\Tales of Lagoona 2 - Peril at Poseidon Park 1.0) (Version: 1.0 - Cat-A-Cat)
Tales of Lagoona Orphans of the Ocean 1.00 (HKLM-x32\...\Tales of Lagoona Orphans of the Ocean 1.00) (Version:  - )
The Chronicles of Shakespeare 2 - A Midsummer Night's Dream (HKLM-x32\...\The Chronicles of Shakespeare 2 - A Midsummer Night's DreamFinal) (Version: Final - AllSmartGames)
The Island - Castaway (HKLM-x32\...\The Island - Castaway_is1) (Version: 1.0 - MyPlayCity, Inc.)
The Island - Castaway 2 (HKLM-x32\...\The Island - Castaway 21.0) (Version: 1.0 - Foxy Games)
The Lake House - Children of Silence CE (HKLM-x32\...\The Lake House - Children of Silence CE1.0) (Version: 1.0 - Foxy Games)
The Mirror Mysteries 2 - Forgotten Kingdoms (HKLM-x32\...\The Mirror Mysteries 2 - Forgotten KingdomsFINAL) (Version: FINAL - AllSmartGames)
The Mystery of the Crystal Portal - Beyond the Horizon (HKLM-x32\...\The Mystery of the Crystal Portal - Beyond the Horizon) (Version:  - )
The Saint Abyss Of Despair 1.00 (HKLM-x32\...\The Saint Abyss Of Despair 1.00) (Version: 1.00 - Games)
Tiger Eye Part I Curse of the Riddle Box 1.00 (HKLM-x32\...\Tiger Eye Part I Curse of the Riddle Box 1.00) (Version:  - )
Time Mysteries 3- The Final Enigma CE (HKLM-x32\...\Time Mysteries 3- The Final Enigma CEFINAL) (Version: FINAL - AllSmartGames)
TinEye Internet Explorer plugin 1.2 (HKLM-x32\...\{AD1C7ACE-30DC-4107-B6A7-9495D12DC846}) (Version: 1.2.0 - Idée Inc.)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Twisted Lands 3 - Origin (HKLM-x32\...\Twisted Lands 3 - OriginFinal) (Version: Final - AllSmartGames)
Twisted Lands Shadow Town Collectors Edition 1.00 (HKLM-x32\...\Twisted Lands Shadow Town Collectors Edition 1.00) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Untold History - Descendant of the Sun Collector's Edition (HKLM-x32\...\Untold History - Descendant of the Sun Collector's EditionFinal) (Version: Final - AllSmartGames)
Update for Microsoft en-us Dictionary (Version: 16.1.827.1 - Microsoft Corporation) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Adventures - Park Ranger (HKLM-x32\...\Vacation Adventures - Park RangerFinal) (Version: Final - AllSmartGames)
Vacation Adventures - Park Ranger 2 (HKLM-x32\...\Vacation Adventures - Park Ranger 2Final) (Version: Final - AllSmartGames)
Vampire Saga Pandoras Box 1.00 (HKLM-x32\...\Vampire Saga Pandoras Box 1.00) (Version:  - )
Viking Saga (HKLM-x32\...\Viking Saga1.0) (Version: 1.0 - Foxy Games)
Viking Saga 2- New World (HKLM-x32\...\Viking Saga 2- New WorldFinal) (Version: Final - AllSmartGames)
Weather Lord 3 - In Pursuit of the Shaman (HKLM-x32\...\Weather Lord 3 - In Pursuit of the Shaman1.1) (Version: 1.1 - Foxy Games)
Weather Lord 3 - In Pursuit of the Shaman (HKLM-x32\...\Weather Lord 3 - In Pursuit of the ShamanFinal) (Version: Final - Game-Owl.com)
Weather Lord Hidden Realm 1.00 (HKLM-x32\...\Weather Lord Hidden Realm 1.00) (Version: 1.00 - Games)
Weird Park Scary Tales 1.00 (HKLM-x32\...\Weird Park Scary Tales 1.00) (Version: 1.00 - Games)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Zulu's Zoo 1.00 (HKLM-x32\...\Zulu's Zoo 1.00) (Version:  - )

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 8174.52 MB
Available physical RAM: 4752.09 MB
Total Pagefile: 9454.52 MB
Available Pagefile: 5124.4 MB
Total Virtual: 4095.88 MB
Available Virtual: 3984.05 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1380.18 GB) (Free:1071.24 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:16.98 GB) (Free:2.07 GB) NTFS
4 Drive f: (Memoirs) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\HHGREGG-HP

Administrator            Guest                    HHGREGG                 
Mcx1-HHGREGG-HP          NeroMediaHomeUser.4      rober_000               

**** End of log ****

FSS logs:

 

 

Farbar Service Scanner Version: 21-07-2014
Ran by HHGREGG (administrator) on 03-10-2014 at 19:08:59
Running from "C:\Users\HHGREGG\Desktop\Adware Removal"
Microsoft Windows 8.1 Pro with Media Center  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

The RKill log:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/03/2014 07:11:14 PM in x64 mode.
Windows Version: Windows 8.1 Pro with Media Center

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * E1G60 [Missing Service]
 * HdAudAddService [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/03/2014 07:11:56 PM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)

 

and the DSS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by HHGREGG at 19:18:01 on 2014-10-03
Microsoft Windows 8.1 Pro with Media Center  6.3.9600.0.1252.1.1033.18.8175.5050 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Windows\System32\skydrive.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
C:\Windows\System32\SettingSyncHost.exe
C:\WINDOWS\system32\taskhost.exe
C:\games\Awakening Kingdoms\Awakening_Kingdoms.exe
C:\games\Awakening Kingdoms\Awakening_Kingdoms.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\explorer.exe
C:\WINDOWS\syswow64\wwahost.exe
C:\Users\HHGREGG\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
C:\WINDOWS\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\vssvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Groove GFS Browser Helper: {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\api-ms-win-rtcore-ntuser-wmpointer-ll1-1-0.dll
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: YrJie New Games: {A86EFAD9-8377-476D-9192-CF440B6F88EC} - C:\Program Files (x86)\IeAdsBlocker.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [cdloader] "C:\Users\HHGREGG\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [uTorrent] "C:\Users\HHGREGG\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
Trusted Zone: hmaservice.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1FDFCFC3-B893-43E1-9138-4A2D2452A551} - hxxps://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.17.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0FD26D3F-8DDE-485E-B9C7-7AA2A30DDB51} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A3CF15B6-949F-426F-BB1F-B5963B3DB570} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2013-12-14 39768]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2014-4-8 157016]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2013-8-22 76800]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2014-6-3 173792]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 255040]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-20 1148744]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-15 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-15 19439944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-9-20 411968]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\WINDOWS\System32\drivers\netr28x.sys [2013-9-26 2588848]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-9-20 19272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2014-9-20 38048]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2013-8-22 591360]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2014-5-14 123224]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-5-14 347880]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-16 2281248]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2014-4-8 111616]
S3 kbldfltr;kbldfltr;C:\WINDOWS\System32\drivers\kbldfltr.sys [2013-9-29 22272]
S3 lfsvc;Windows Location Framework Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\WINDOWS\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2014-4-8 924504]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2013-12-14 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2013-11-16 57176]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\drivers\vmbusr.sys [2013-9-29 129536]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2013-8-22 37768]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2014-8-14 227840]
S4 MsKeyboardFilter;Microsoft Keyboard Filter;C:\WINDOWS\System32\svchost.exe -k netsvcs [2013-8-22 37768]
.
=============== Created Last 30 ================
.
2014-10-03 23:46:42 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\VampireSaga
2014-10-03 17:22:17 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{400098C2-EF4E-4BE6-B150-EC217BBF479A}\mpengine.dll
2014-10-03 13:21:38 -------- d-----w- C:\ProgramData\e5ad8cddeb1f60a6
2014-10-03 13:21:37 -------- d-----w- C:\ProgramData\TinyaWallLet
2014-10-03 13:21:32 -------- d-----w- C:\Users\HHGREGG\AppData\Local\Torch
2014-10-03 13:21:32 -------- d-----w- C:\Users\HHGREGG\AppData\Local\Chromatic Browser
2014-10-03 13:21:32 -------- d-----w- C:\Program Files (x86)\TinyaWallLet
2014-10-03 13:21:31 -------- d-----w- C:\Users\HHGREGG\AppData\Local\Comodo
2014-10-03 13:20:36 -------- d-----w- C:\Program Files (x86)\GetPrivate
2014-10-03 13:20:35 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\GetPrivate
2014-10-03 11:23:39 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-10-03 10:49:19 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\VampireSagaHL
2014-10-02 18:26:57 -------- d-----w- C:\ProgramData\PuzzlesByJoe
2014-10-01 22:34:48 1188440 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{99ACC7CF-44F8-4BDA-B39B-833368635500}\gapaengine.dll
2014-09-27 10:50:37 -------- d-----w- C:\Program Files (x86)\Manor Memoirs CE
2014-09-27 05:02:17 1188440 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF6C0AAC-D7DC-4219-A7F8-2671B6931584}\gapaengine.dll
2014-09-26 13:44:07 262824 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10247.bin
2014-09-26 01:46:51 -------- d-----w- C:\Program Files\Classic Shell
2014-09-25 13:12:45 1188440 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E4E70A73-0BFC-4510-BFEB-C6F037AF4D30}\gapaengine.dll
2014-09-25 11:53:53 -------- d-----w- C:\Users\HHGREGG\AppData\Local\fd
2014-09-25 08:28:18 -------- d-----w- C:\Users\HHGREGG\AppData\Local\Astar Games
2014-09-24 19:32:03 1188440 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2AB06897-B4B2-4CF4-95FC-1FD74907A3B0}\gapaengine.dll
2014-09-24 19:31:51 11578928 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CBD5AA3-ED9D-4FED-9095-5A7EC4D4AD29}\mpengine.dll
2014-09-24 01:36:18 1188440 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E59A67C3-9C22-464E-9EE9-F6EAF53CF090}\gapaengine.dll
2014-09-22 20:14:39 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\Lazy Turtle Games
2014-09-22 18:38:02 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\Little Games Company
2014-09-22 18:38:02 -------- d-----w- C:\ProgramData\Little Games Company
2014-09-21 17:07:50 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\Hidden Objects Alice2
2014-09-21 01:59:05 613696 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2014-09-21 01:55:02 1715224 ----a-w- C:\WINDOWS\System32\nvspbridge64.dll
2014-09-21 01:55:02 1291280 ----a-w- C:\WINDOWS\SysWow64\nvspbridge.dll
2014-09-21 01:54:47 38048 ----a-w- C:\WINDOWS\System32\drivers\nvvad64v.sys
2014-09-21 01:54:47 32416 ----a-w- C:\WINDOWS\SysWow64\nvaudcap32v.dll
2014-09-18 06:32:13 11578928 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4C19DCC-DD56-49B2-8ABC-1125F1105724}\mpengine.dll
2014-09-18 00:15:51 -------- d-----w- C:\WINDOWS\Weather Lord 3 - In Pursuit of the Shaman
2014-09-18 00:15:51 -------- d-----w- C:\Program Files (x86)\Weather Lord 3 - In Pursuit of the Shaman
2014-09-16 16:17:22 1188440 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2447714C-1D3E-466A-BE0D-2817E150CFC5}\gapaengine.dll
2014-09-15 11:05:25 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\northerntale4
2014-09-15 11:05:25 -------- d-----w- C:\Users\HHGREGG\AppData\Local\northerntale4
2014-09-14 08:13:52 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\The Drama Queen Murder
2014-09-13 14:13:49 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\Hidden Objects StatueOfLiberty
2014-09-12 13:28:19 11319192 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C60C0527-7770-4CE9-A1CE-A12DE467473F}\mpengine.dll
2014-09-11 07:06:33 875688 ----a-w- C:\WINDOWS\SysWow64\msvcr120_clr0400.dll
2014-09-11 07:06:33 869544 ----a-w- C:\WINDOWS\System32\msvcr120_clr0400.dll
2014-09-10 09:50:29 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\Brave Giant
2014-09-08 15:00:54 11319192 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9AE56AF-8928-4D55-978C-F6A3BDBB176B}\mpengine.dll
2014-09-07 17:32:52 11319192 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E14FB2FB-440E-44B4-B3EC-11F7B5715902}\mpengine.dll
2014-09-07 14:59:29 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\PlayzzyGames
2014-09-07 14:59:29 -------- d-----w- C:\ProgramData\PlayzzyGames
2014-09-04 11:45:47 -------- d-----w- C:\Users\HHGREGG\AppData\Roaming\HomeMakeover2
.
==================== Find3M  ====================
.
2014-09-22 06:42:39 278152 ------w- C:\WINDOWS\System32\MpSigStub.exe
2014-09-17 04:51:20 31520 ----a-w- C:\WINDOWS\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\WINDOWS\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\WINDOWS\System32\nvhdagenco6420103.dll
2014-09-17 02:13:36 2193560 ----a-w- C:\WINDOWS\SysWow64\nvspcap.dll
2014-09-17 02:12:40 2799784 ----a-w- C:\WINDOWS\System32\nvspcap64.dll
2014-09-13 21:53:36 6890696 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2014-09-13 21:53:36 3529872 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2014-09-13 21:53:34 934216 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2014-09-13 21:53:34 62608 ----a-w- C:\WINDOWS\System32\nvshext.dll
2014-09-13 21:53:34 385168 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2014-09-11 15:37:55 3961833 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2014-09-04 19:14:38 34976 ----a-w- C:\WINDOWS\System32\nvaudcap64v.dll
2014-08-23 00:42:19 4148224 ----a-w- C:\WINDOWS\System32\win32k.sys
2014-08-14 08:08:45 2724864 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2014-08-14 08:08:36 48640 ----a-w- C:\WINDOWS\System32\ieetwproxystub.dll
2014-08-14 08:08:36 4096 ----a-w- C:\WINDOWS\System32\ieetwcollectorres.dll
2014-08-14 08:08:36 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
2014-08-14 08:08:34 51200 ----a-w- C:\WINDOWS\SysWow64\ieetwproxystub.dll
2014-08-14 08:08:33 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
2014-08-14 08:08:32 61952 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll
2014-08-14 08:08:32 112128 ----a-w- C:\WINDOWS\SysWow64\ieUnatt.exe
2014-08-14 08:08:27 66048 ----a-w- C:\WINDOWS\System32\iesetup.dll
2014-08-14 08:07:38 233912 ----a-w- C:\WINDOWS\System32\mfps.dll
2014-08-14 08:06:48 428888 ----a-w- C:\WINDOWS\System32\drivers\FWPKCLNT.SYS
2014-08-11 21:37:16 98216 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2014-08-07 02:12:27 1336624 ----a-w- C:\WINDOWS\System32\gdi32.dll
2014-08-06 22:38:18 697856 ----a-w- C:\WINDOWS\System32\aepdu.dll
2014-08-02 05:44:01 527360 ----a-w- C:\WINDOWS\System32\aeinv.dll
2014-08-02 03:56:08 1064448 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2014-08-02 03:11:49 918528 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll
2014-08-02 00:17:43 704480 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-08-02 00:17:43 105440 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-07-25 13:28:27 548352 ----a-w- C:\WINDOWS\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\WINDOWS\System32\MshtmlDac.dll
2014-07-25 12:59:28 758272 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
2014-07-25 12:34:03 455168 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2014-07-25 12:30:32 61952 ----a-w- C:\WINDOWS\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\WINDOWS\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\WINDOWS\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:08:47 597504 ----a-w- C:\WINDOWS\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2014-07-25 11:07:49 2001920 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2014-07-25 10:52:06 2266624 ----a-w- C:\WINDOWS\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2014-07-15 18:16:27 3048880 ----a-w- C:\WINDOWS\System32\WpcMon.exe
2014-07-15 08:29:16 3118080 ----a-w- C:\WINDOWS\System32\Wpc.dll
2014-07-15 08:22:59 2861056 ----a-w- C:\WINDOWS\System32\WpcWebSync.dll
2014-07-15 08:03:50 2344448 ----a-w- C:\WINDOWS\SysWow64\Wpc.dll
2014-07-12 04:17:55 623616 ----a-w- C:\WINDOWS\System32\MDMAgent.exe
2014-07-12 02:45:06 161792 ----a-w- C:\WINDOWS\System32\wbem\MDMAppProv.dll
2014-07-12 02:35:08 418816 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2014-07-10 08:23:13 79872 ----a-w- C:\WINDOWS\System32\WSReset.exe
2014-07-10 04:16:37 716800 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2014-07-10 04:03:58 4756992 ----a-w- C:\WINDOWS\System32\SyncEngine.dll
2014-07-10 03:33:41 1120256 ----a-w- C:\WINDOWS\System32\SkyDrive.exe
2013-06-28 13:06:23 468 ----a-w- C:\Program Files (x86)\062820138062365.bat
2013-04-10 11:55:38 470 ----a-w- C:\Program Files (x86)\041020136553863.bat
2013-02-08 12:22:30 471 ----a-w- C:\Program Files (x86)\020820136223024.bat
2012-11-28 13:15:58 85504 ---ha-w- C:\Program Files (x86)\IeAdsBlocker.dll
.
============= FINISH: 19:18:14.95 ===============
 

Thanks for the help in removing this annoying pest of adware!!

Attached Files



BC AdBot (Login to Remove)

 


#2 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:46 AM

Posted 07 October 2014 - 11:32 AM

Hello, I will be helping you.

 

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.

IMPORTANT

  • If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

___

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

___

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions. 


Edited by thisisu, 07 October 2014 - 11:35 AM.


#3 DeLoreanDude

DeLoreanDude
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:04:46 AM

Posted 07 October 2014 - 12:40 PM

Hi, thanks for the help!

 

I wanted to share that I re-enabled Windows Defender after completing the final 2 scans, and did not choose the "fix" option after completing the FRST scan.

 

Also, the PC has been working fine. As I was posting my original topic post, I had WinDef performing a full scan, and the next morning when I got up it had quarantined 5 malicious files, which I had it remove.

 

Still, I would much rather be thorough, and with that said, on to the logs!

 

 

# AdwCleaner v3.311 - Report created 07/10/2014 at 12:14:37
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 Pro with Media Center  (64 bits)
# Username : HHGREGG - HHGREGG-HP
# Running from : C:\Users\HHGREGG\Desktop\Adware Removal\adwcleaner_3.311.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17278

-\\ Google Chrome v37.0.2062.124
[ File : C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\rober_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [2658 octets] - [16/01/2014 23:24:27]
AdwCleaner[R1].txt - [3229 octets] - [04/10/2014 18:27:46]
AdwCleaner[R2].txt - [1158 octets] - [07/10/2014 12:10:17]
AdwCleaner[S0].txt - [2694 octets] - [16/01/2014 23:29:38]
AdwCleaner[S1].txt - [3302 octets] - [04/10/2014 18:30:15]
AdwCleaner[S2].txt - [1080 octets] - [07/10/2014 12:14:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1140 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by HHGREGG on Tue 10/07/2014 at 12:21:29.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

~~~ Services
 
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2487455964-828317743-2989858292-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}
 
~~~ Files
Successfully deleted: [File] "C:\Program Files (x86)\ieadsblocker.dll"
 
~~~ Folders
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/07/2014 at 12:23:27.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by HHGREGG (administrator) on HHGREGG-HP on 07-10-2014 12:26:46
Running from C:\Users\HHGREGG\Downloads
Loaded Profile: HHGREGG (Available profiles: HHGREGG & Mcx1-HHGREGG-HP & NeroMediaHomeUser.4 & rober_000)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(BitTorrent Inc.) C:\Users\HHGREGG\AppData\Roaming\uTorrent\uTorrent.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2487455964-828317743-2989858292-1000\...\Run: [cdloader] => C:\Users\HHGREGG\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-2487455964-828317743-2989858292-1000\...\Run: [uTorrent] => C:\Users\HHGREGG\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-09-26] (BitTorrent Inc.)
HKU\S-1-5-21-2487455964-828317743-2989858292-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4419720 2014-04-09] (Plex, Inc.)
HKU\S-1-5-21-2487455964-828317743-2989858292-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2487455964-828317743-2989858292-1000\...\MountPoints2: {36da8b3a-2d5c-11e2-be65-d8d99026ba53} - "F:\autorun.exe"
HKU\S-1-5-21-2487455964-828317743-2989858292-1000\...\MountPoints2: {e7460c07-d45d-11e1-8a8f-e840f24a5630} - "F:\autorun.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x382965C35EDFCF01
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: No Name -> {6C8DB2EC-499B-4897-A784-0E3186C97E9D} ->  No File
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {390C7E87-153C-12DB-2EA6-0BB301EB26E9} -> C:\WINDOWS\SysWOW64\api-ms-win-rtcore-ntuser-wmpointer-ll1-1-0.dll ()
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} https://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
DPF: HKLM-x32 {21BB8360-F943-447E-98F3-3C22345375A7} http://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.17.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HHGREGG\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> 94D27D2226CBD26B53D6B91188C57B94308711FB5CF9029792C92C7CDE7B1996
CHR DefaultSearchProvider: Default -> 3F2B779D54BCEF4643D7FDB161060EA325A373C92EB39A4D3CA07C468BBEEAB3
CHR DefaultSearchURL: Default -> BC51D04E1B77E75033E0EB5170308BF19106603AB5142203494656A57E27D167
CHR Profile: C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-29]
CHR Extension: (Google Drive) - C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (HootSuite Hootlet) - C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn [2014-01-29]
CHR Extension: (YouTube) - C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-29]
CHR Extension: (Google Search) - C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-29]
CHR Extension: (MailChimp) - C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\Extensions\einnfnfpkbbebamphappjlmbedgjbnoe [2014-02-03]
CHR Extension: (Google Wallet) - C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]
CHR Extension: (Gmail) - C:\Users\HHGREGG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-29]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-28] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2281248 2014-10-03] (IObit)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-07 12:26 - 2014-10-07 12:27 - 00015410 _____ () C:\Users\HHGREGG\Downloads\FRST.txt
2014-10-07 12:25 - 2014-10-07 12:26 - 00000000 ____D () C:\FRST
2014-10-07 12:24 - 2014-10-07 12:25 - 02109952 _____ (Farbar) C:\Users\HHGREGG\Downloads\FRST64.exe
2014-10-07 12:21 - 2014-10-07 12:21 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-07 09:21 - 2014-10-07 09:21 - 00000271 _____ () C:\Users\HHGREGG\Desktop\PS160 12V Charger (Defective Batteries Will Ruin This Charger) [418352-01] for Power Tool  eReplacement Parts.url
2014-10-05 02:49 - 2014-10-05 02:49 - 00000364 _____ () C:\Users\HHGREGG\Desktop\10 Foods for Stronger Nails and Thicker Hair.url
2014-10-05 00:03 - 2014-10-07 10:45 - 00000000 ____D () C:\Users\HHGREGG\AppData\Local\CrashDumps
2014-10-04 20:39 - 2014-10-04 20:39 - 00000000 ___HD () C:\OneDriveTemp
2014-10-04 18:44 - 2014-10-04 18:44 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-10-04 18:44 - 2014-10-04 18:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-04 18:41 - 2014-10-04 18:41 - 05472344 _____ () C:\Users\HHGREGG\Downloads\RogueKillerX64.exe.64mttbx.partial
2014-10-04 18:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-10-04 17:52 - 2014-10-04 17:52 - 00001270 _____ () C:\Users\HHGREGG\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-10-04 17:52 - 2014-10-04 17:52 - 00001246 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-10-04 17:44 - 2014-10-04 17:44 - 00001093 _____ () C:\Users\HHGREGG\Desktop\cruiseDirectorLauncher - Shortcut.lnk
2014-10-04 17:23 - 2014-10-04 17:23 - 188587861 _____ () C:\Users\HHGREGG\Downloads\VACruiseDTE.rar
2014-10-04 17:23 - 2014-10-04 17:23 - 00000000 ____D () C:\Users\HHGREGG\Downloads\VACruiseDTE
2014-10-04 10:03 - 2014-10-04 10:03 - 00000370 _____ () C:\Users\HHGREGG\Desktop\Seven secrets to making a perfect bed.url
2014-10-04 08:20 - 2014-10-04 08:20 - 00073728 _____ () C:\WINDOWS\SysWOW64\tasks.dll
2014-10-03 19:42 - 2014-10-07 12:15 - 00020306 _____ () C:\WINDOWS\PFRO.log
2014-10-03 19:01 - 2014-10-07 12:23 - 00000000 ____D () C:\Users\HHGREGG\Desktop\Adware Removal
2014-10-03 18:46 - 2014-10-03 18:54 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\VampireSaga
2014-10-03 18:45 - 2014-10-03 18:45 - 00000192 _____ () C:\Users\HHGREGG\Desktop\Wendy's Home - Index.url
2014-10-03 18:34 - 2014-10-03 18:36 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Alawar - Vampire Saga Pandoras Box - New HOG Puzzle - Wendy99
2014-10-03 17:49 - 2014-10-03 17:49 - 00002408 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_HHGREGG
2014-10-03 17:49 - 2014-10-03 17:49 - 00000304 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_HHGREGG.job
2014-10-03 08:21 - 2014-10-03 19:43 - 00000000 ____D () C:\ProgramData\TinyaWallLet
2014-10-03 08:21 - 2014-10-03 17:50 - 00000000 ____D () C:\ProgramData\e5ad8cddeb1f60a6
2014-10-03 08:21 - 2014-10-03 17:50 - 00000000 ____D () C:\Program Files (x86)\TinyaWallLet
2014-10-03 08:21 - 2014-10-03 17:45 - 00000989 _____ () C:\WINDOWS\setupact.log
2014-10-03 08:21 - 2014-10-03 08:21 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\rober_000\AppData\Local\Comodo
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\Google
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\NeroMediaHomeUser.4\AppData\Local\Comodo
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\Mcx1-HHGREGG-HP\AppData\Local\Google
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\Mcx1-HHGREGG-HP\AppData\Local\Comodo
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\HHGREGG\AppData\Local\Comodo
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\Guest
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 ____D () C:\Users\Administrator
2014-10-03 08:21 - 2014-10-03 08:21 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-03 08:20 - 2014-10-03 08:20 - 00003264 _____ () C:\WINDOWS\System32\Tasks\GPUP
2014-10-03 05:49 - 2014-10-03 05:49 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\VampireSagaHL
2014-10-02 14:27 - 2014-10-02 14:27 - 00000352 _____ () C:\Users\HHGREGG\Desktop\3 Moves For Flat Abs by Halloween.url
2014-10-02 13:26 - 2014-10-02 13:26 - 00000000 ____D () C:\ProgramData\PuzzlesByJoe
2014-10-02 12:32 - 2014-10-02 12:32 - 00000223 _____ () C:\Users\HHGREGG\Desktop\Squash Casserole Recipe  MyRecipes.com.url
2014-10-02 12:28 - 2014-10-02 12:28 - 00000287 _____ () C:\Users\HHGREGG\Desktop\Yellow Squash Casserole Recipe - Allrecipes.com.url
2014-10-01 12:23 - 2014-10-01 12:23 - 00002041 _____ () C:\Users\HHGREGG\Desktop\Zulu's Zoo.lnk
2014-10-01 12:18 - 2014-10-01 12:21 - 00000000 ____D () C:\Users\HHGREGG\Downloads\BigFish - Zulu's Zoo - New Hidden Object - Wendy99
2014-09-30 03:28 - 2014-09-30 03:28 - 00000366 _____ () C:\Users\HHGREGG\Desktop\The Age-Old Old Age Problem Faced By Baby Boomers.url
2014-09-29 12:45 - 2014-09-29 12:45 - 00000230 _____ () C:\Users\HHGREGG\Desktop\5 ways to make your lousy 401k stellar- MSN Money.url
2014-09-28 19:08 - 2014-09-28 19:09 - 05227019 _____ () C:\Users\HHGREGG\Downloads\namebench-1.3.1-Windows.exe
2014-09-27 06:01 - 2014-09-27 06:01 - 00000271 _____ () C:\Users\HHGREGG\Desktop\The nutrient you may not even know you're missing - Nutrition - MSN Healthy Living.url
2014-09-27 05:51 - 2014-09-27 05:51 - 00001102 _____ () C:\Users\Public\Desktop\Manor Memoirs Collector's Edition.lnk
2014-09-27 05:51 - 2014-09-27 05:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manor Memoirs Collector's Edition
2014-09-27 05:50 - 2014-09-27 05:51 - 00000000 ____D () C:\Program Files (x86)\Manor Memoirs CE
2014-09-27 05:48 - 2014-09-27 05:48 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Manor.Memoirs.CE-Tenguken
2014-09-27 04:24 - 2014-09-27 04:25 - 00017789 _____ () C:\WINDOWS\DirectX.log
2014-09-27 01:16 - 2014-09-27 01:16 - 00000206 _____ () C:\Users\HHGREGG\Desktop\Zucchini Corn Bread - Recipe - Cooks.com.url
2014-09-27 01:13 - 2014-09-27 01:13 - 00000224 _____ () C:\Users\HHGREGG\Desktop\Zucchini and Corn Casserole Recipe - Bing.url
2014-09-26 02:50 - 2014-10-07 12:16 - 01281516 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-25 20:46 - 2014-09-25 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-09-25 20:46 - 2014-09-25 20:46 - 00000000 ____D () C:\Program Files\Classic Shell
2014-09-25 20:45 - 2014-09-25 20:45 - 06791360 _____ (IvoSoft) C:\Users\HHGREGG\Downloads\ClassicShellSetup_4_1_0.exe
2014-09-25 06:53 - 2014-09-25 06:54 - 00000000 ____D () C:\Users\HHGREGG\AppData\Local\fd
2014-09-25 03:28 - 2014-09-25 03:28 - 00000000 ____D () C:\Users\HHGREGG\AppData\Local\Astar Games
2014-09-24 09:13 - 2014-09-24 09:13 - 00000287 _____ () C:\Users\HHGREGG\Desktop\Flower Bulbs, Shrubs, Ornamental Grasses, Groundcover, Plants Discount, Plant Garden and Perennials - MI Bulb, MichiganBulb.com.url
2014-09-24 08:55 - 2014-09-24 08:55 - 00000314 _____ () C:\Users\HHGREGG\Desktop\How to Tell if a Car Repair Has Been Made - The Allstate Blog.url
2014-09-24 08:36 - 2014-09-24 08:36 - 00000292 _____ () C:\Users\HHGREGG\Desktop\Zucchini Cornbread Casserole Recipe - Allrecipes.com (2).url
2014-09-24 07:59 - 2014-09-27 01:05 - 00000000 ____D () C:\Users\HHGREGG\Desktop\games i like to play over and over
2014-09-24 07:58 - 2014-09-24 07:58 - 00000192 _____ () C:\Users\HHGREGG\Desktop\Register Now For the You Wealth Revolution Network.url
2014-09-24 04:42 - 2014-09-24 04:42 - 00000292 _____ () C:\Users\HHGREGG\Desktop\http--www.fool.com-ecap-the_motley_fool-lebron-james-the-next-warren-buffett-paid=8522&psource=esadsq7410860003&waid=7387&wsource=esadsqwdg0860007.url
2014-09-23 17:32 - 2014-09-23 17:32 - 00000253 _____ () C:\Users\HHGREGG\Desktop\10 Heart-Healthy Dishes Slideshow  Slideshow  The Daily Meal.url
2014-09-23 17:28 - 2014-09-23 17:28 - 00000312 _____ () C:\Users\HHGREGG\Desktop\Squash Casserole Recipes - Allrecipes.com.url
2014-09-23 17:27 - 2014-09-23 17:27 - 00000311 _____ () C:\Users\HHGREGG\Desktop\Zucchini Cornbread Casserole Recipe - Allrecipes.com.url
2014-09-23 17:26 - 2014-09-23 17:26 - 00000219 _____ () C:\Users\HHGREGG\Desktop\Granny's Squash Casserole Recipe - Allrecipes.com.url
2014-09-23 17:24 - 2014-09-23 17:24 - 00000359 _____ () C:\Users\HHGREGG\Desktop\Zucchini Pepperjack Casserole Recipe - Allrecipes.com.url
2014-09-22 15:14 - 2014-09-22 15:14 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\Lazy Turtle Games
2014-09-22 13:38 - 2014-10-01 12:23 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\Little Games Company
2014-09-22 13:38 - 2014-10-01 12:23 - 00000000 ____D () C:\ProgramData\Little Games Company
2014-09-21 12:07 - 2014-09-21 14:58 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\Hidden Objects Alice2
2014-09-20 20:59 - 2014-09-20 20:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-20 20:59 - 2014-09-13 15:13 - 00613696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-09-20 20:57 - 2014-09-16 23:51 - 00197408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2014-09-20 20:57 - 2014-09-16 23:51 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 31887680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 24552592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 20922512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 19954520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 17259664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 14026304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 13939272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 13157696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-09-20 20:57 - 2014-09-13 18:48 - 11392576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 11330776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 04287296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 04008592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 01876296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434411.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 01539272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434411.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 00957584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 00925896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 00919240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 00894096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 00867528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 00352016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 00303600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 00174856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-09-20 20:57 - 2014-09-13 18:48 - 00156840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-09-20 20:55 - 2014-09-16 21:13 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-09-20 20:55 - 2014-09-16 21:12 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-09-20 20:54 - 2014-09-04 14:14 - 00038048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-09-20 20:54 - 2014-09-04 14:14 - 00032416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-09-18 11:48 - 2014-09-18 11:48 - 00000228 _____ () C:\Users\HHGREGG\Desktop\Why Roasting Broccoli Is Better Than Steaming It.url
2014-09-18 06:19 - 2014-09-18 06:26 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Weather Lord
2014-09-17 19:15 - 2014-09-17 19:16 - 00000000 ____D () C:\Program Files (x86)\Weather Lord 3 - In Pursuit of the Shaman
2014-09-17 19:15 - 2014-09-17 19:15 - 00000000 ____D () C:\WINDOWS\Weather Lord 3 - In Pursuit of the Shaman
2014-09-17 19:12 - 2014-09-17 19:14 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Weather Lord 3 - In Pursuit of the Shaman  [ASG]
2014-09-17 19:07 - 2014-09-17 19:08 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Kingdom Tales 2 HD [FINAL] 2014 (Time Management) Foxy Games
2014-09-17 19:06 - 2014-09-17 19:13 - 446915232 ____R (Games ) C:\Users\HHGREGG\Downloads\KingdomTales.exe
2014-09-17 18:52 - 2014-09-17 19:04 - 339591638 ____R (Games ) C:\Users\HHGREGG\Downloads\WeatherLordHiddenRealm.exe
2014-09-17 18:51 - 2014-09-17 18:51 - 00013545 _____ () C:\Users\HHGREGG\Downloads\[kickass.to]weather.lord.hidden.realm.strategy.tmg.wendy99.torrent
2014-09-17 18:11 - 2014-09-17 18:11 - 00000239 _____ () C:\Users\HHGREGG\Desktop\The Meds Pharmacists Take When They Get Sick.url
2014-09-15 06:05 - 2014-09-16 00:04 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\northerntale4
2014-09-15 06:05 - 2014-09-15 06:05 - 00000000 ____D () C:\Users\HHGREGG\AppData\Local\northerntale4
2014-09-15 06:04 - 2014-09-17 19:16 - 00002371 _____ () C:\Users\HHGREGG\Desktop\Weather Lord 3 - In Pursuit of the Shaman.lnk
2014-09-15 06:04 - 2014-09-17 19:16 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Lord 3 - In Pursuit of the Shaman
2014-09-15 06:02 - 2014-09-15 06:03 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Northern Tale 4
2014-09-15 06:02 - 2014-09-15 06:02 - 00002168 _____ () C:\Users\HHGREGG\Desktop\Northern Tale 4.lnk
2014-09-15 05:59 - 2014-09-15 06:01 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Weather Lord 3 - In Pursuit of the Shaman [FINAL] 2014 (PC) Foyx Games
2014-09-15 05:55 - 2014-09-15 05:56 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Northern Tale 4 [FINAL] 2014 (PC) Foxy Games
2014-09-14 12:02 - 2014-09-14 12:02 - 00000294 _____ () C:\Users\HHGREGG\Desktop\Harvard Medical School Guide to Overcoming Thyroid Problems (Harvard Medical School Guides) Jeffrey Garber, Sandra White 9780071444712 Amazon.com Books.url
2014-09-14 11:50 - 2014-09-14 11:50 - 00000247 _____ () C:\Users\HHGREGG\Desktop\Gained a Few How to Know If Your Thyroid is to Blame.url
2014-09-14 03:13 - 2014-09-14 03:13 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\The Drama Queen Murder
2014-09-14 01:03 - 2014-08-23 02:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 01:03 - 2014-08-23 02:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 01:03 - 2014-08-23 01:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 01:03 - 2014-08-23 00:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 01:03 - 2014-08-22 23:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 01:03 - 2014-08-22 23:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 01:03 - 2014-08-22 23:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 01:03 - 2014-08-22 23:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 01:03 - 2014-08-22 23:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 01:03 - 2014-07-29 20:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 01:03 - 2014-07-29 00:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-14 01:03 - 2014-07-24 10:28 - 00468288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 01:03 - 2014-07-24 10:28 - 00412992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 01:03 - 2014-07-24 10:28 - 00143680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 01:03 - 2014-07-24 10:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 01:03 - 2014-07-24 10:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-14 01:03 - 2014-07-24 10:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 01:03 - 2014-07-24 10:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 01:03 - 2014-07-24 10:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 01:03 - 2014-07-24 10:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 01:03 - 2014-07-24 10:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 01:03 - 2014-07-24 10:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 01:03 - 2014-07-24 10:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 01:03 - 2014-07-24 10:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 01:03 - 2014-07-24 10:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 01:03 - 2014-07-24 10:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 01:03 - 2014-07-24 10:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 01:03 - 2014-07-24 10:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 01:03 - 2014-07-24 10:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 01:03 - 2014-07-24 09:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-14 01:03 - 2014-07-24 09:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 01:03 - 2014-07-24 08:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 01:03 - 2014-07-24 08:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-14 01:03 - 2014-07-24 08:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 01:03 - 2014-07-24 08:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 01:03 - 2014-07-24 08:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 01:03 - 2014-07-24 08:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 01:03 - 2014-07-24 08:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 01:03 - 2014-07-24 08:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 01:03 - 2014-07-24 06:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 01:03 - 2014-07-24 06:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 01:03 - 2014-07-24 06:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 01:03 - 2014-07-24 06:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 01:03 - 2014-07-24 06:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 01:03 - 2014-07-24 05:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 01:03 - 2014-07-24 05:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 01:03 - 2014-07-24 05:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 01:03 - 2014-07-24 04:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 01:03 - 2014-07-24 04:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 01:03 - 2014-07-24 04:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 01:03 - 2014-07-24 04:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 01:03 - 2014-07-24 04:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 01:03 - 2014-07-24 04:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 01:03 - 2014-07-24 04:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 01:03 - 2014-07-24 04:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 01:03 - 2014-07-24 03:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 01:03 - 2014-07-24 03:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 01:03 - 2014-07-24 03:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 01:03 - 2014-07-24 03:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 01:03 - 2014-07-24 03:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 01:03 - 2014-07-24 03:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 01:03 - 2014-07-24 03:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 01:03 - 2014-07-24 03:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-14 01:03 - 2014-07-24 03:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 01:03 - 2014-07-24 03:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 01:03 - 2014-07-24 03:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 01:03 - 2014-07-24 03:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 01:03 - 2014-07-24 03:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 01:03 - 2014-07-24 03:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 01:03 - 2014-07-24 03:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 01:03 - 2014-07-24 03:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 01:03 - 2014-07-24 03:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 01:03 - 2014-07-24 03:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-14 01:03 - 2014-07-24 03:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 01:03 - 2014-07-24 02:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 01:03 - 2014-07-24 02:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-14 01:03 - 2014-07-24 02:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 01:03 - 2014-07-24 02:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 01:03 - 2014-07-24 02:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 01:03 - 2014-07-24 02:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-14 01:03 - 2014-07-24 02:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-14 01:03 - 2014-07-24 02:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 01:03 - 2014-07-24 02:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 01:03 - 2014-07-23 23:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 01:03 - 2014-07-23 23:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 01:03 - 2014-07-12 00:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 01:03 - 2014-07-11 23:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 01:03 - 2014-07-04 04:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 01:03 - 2014-07-04 04:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 01:03 - 2014-06-27 01:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 01:03 - 2014-06-25 19:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 01:03 - 2014-06-18 21:13 - 00310080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 01:03 - 2014-06-14 01:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 01:03 - 2014-06-14 00:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 01:03 - 2014-06-05 05:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 01:03 - 2014-06-05 04:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 01:03 - 2014-05-31 00:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 01:03 - 2014-05-05 23:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 01:03 - 2014-05-05 19:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 01:02 - 2014-07-24 10:28 - 00419648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 01:02 - 2014-07-24 10:28 - 00280384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 01:02 - 2014-07-24 10:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 01:02 - 2014-07-24 10:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 01:02 - 2014-07-24 10:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 01:02 - 2014-07-24 10:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 01:02 - 2014-07-24 10:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 01:02 - 2014-07-24 08:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 01:02 - 2014-07-24 08:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 01:02 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 01:02 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 01:02 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 01:02 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 01:02 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 01:02 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 01:02 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 01:02 - 2014-07-24 06:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 01:02 - 2014-07-24 06:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 01:02 - 2014-07-24 06:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 01:02 - 2014-07-24 06:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 01:02 - 2014-07-24 06:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 01:02 - 2014-07-24 06:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 01:02 - 2014-07-24 06:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 01:02 - 2014-07-24 06:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 01:02 - 2014-07-24 06:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 01:02 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 01:02 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 01:02 - 2014-07-24 05:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 01:02 - 2014-07-24 05:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 01:02 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 01:02 - 2014-07-24 05:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 01:02 - 2014-07-24 05:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 01:02 - 2014-07-24 05:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 01:02 - 2014-07-24 05:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 01:02 - 2014-07-24 05:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 01:02 - 2014-07-24 05:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 01:02 - 2014-07-24 05:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 01:02 - 2014-07-24 05:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 01:02 - 2014-07-24 05:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 01:02 - 2014-07-24 05:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 01:02 - 2014-07-24 05:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 01:02 - 2014-07-24 05:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 01:02 - 2014-07-24 04:58 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2014-09-14 01:02 - 2014-07-24 04:54 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2014-09-14 01:02 - 2014-07-24 04:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 01:02 - 2014-07-24 04:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 01:02 - 2014-07-24 04:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 01:02 - 2014-07-24 04:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 01:02 - 2014-07-24 04:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 01:02 - 2014-07-24 04:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 01:02 - 2014-07-24 04:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 01:02 - 2014-07-24 04:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 01:02 - 2014-07-24 04:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 01:02 - 2014-07-24 04:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 01:02 - 2014-07-24 04:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 01:02 - 2014-07-24 04:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 01:02 - 2014-07-24 04:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 01:02 - 2014-07-24 04:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 01:02 - 2014-07-24 04:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 01:02 - 2014-07-24 04:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 01:02 - 2014-07-24 04:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-14 01:02 - 2014-07-24 04:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 01:02 - 2014-07-24 04:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 01:02 - 2014-07-24 03:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 01:02 - 2014-07-24 03:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 01:02 - 2014-07-24 03:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 01:02 - 2014-07-24 03:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-14 01:02 - 2014-07-24 03:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 01:02 - 2014-07-24 03:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 01:02 - 2014-07-24 03:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 01:02 - 2014-07-24 03:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 01:02 - 2014-07-24 03:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 01:02 - 2014-07-24 03:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 01:02 - 2014-07-24 03:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 01:02 - 2014-07-24 03:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 01:02 - 2014-07-24 03:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 01:02 - 2014-07-24 03:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 01:02 - 2014-07-24 03:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 01:02 - 2014-07-24 03:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 01:02 - 2014-07-24 03:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 01:02 - 2014-07-24 03:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 01:02 - 2014-07-24 03:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 01:02 - 2014-07-24 03:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 01:02 - 2014-07-24 03:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 01:02 - 2014-07-24 03:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 01:02 - 2014-07-24 03:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 01:02 - 2014-07-24 03:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 01:02 - 2014-07-24 03:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 01:02 - 2014-07-24 03:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 01:02 - 2014-07-24 03:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 01:02 - 2014-07-24 03:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 01:02 - 2014-07-24 03:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 01:02 - 2014-07-24 03:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-14 01:02 - 2014-07-24 03:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 01:02 - 2014-07-24 02:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 01:02 - 2014-07-24 02:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 01:02 - 2014-07-24 02:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 01:02 - 2014-07-24 02:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-14 01:02 - 2014-07-24 02:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 01:02 - 2014-07-24 02:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 01:02 - 2014-07-24 02:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-14 01:02 - 2014-07-24 02:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 01:02 - 2014-07-24 02:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 01:02 - 2014-07-24 02:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 01:02 - 2014-07-12 00:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 01:02 - 2014-07-11 23:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 01:02 - 2014-07-11 23:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 01:02 - 2014-07-09 18:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-14 01:02 - 2014-07-04 07:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 01:02 - 2014-07-04 05:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 01:02 - 2014-07-04 05:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 01:02 - 2014-07-04 05:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 01:02 - 2014-07-04 05:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 01:02 - 2014-06-25 19:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 01:02 - 2014-06-19 18:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 01:02 - 2014-06-07 07:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 01:02 - 2014-06-07 05:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 01:02 - 2014-06-05 09:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 01:02 - 2014-05-30 23:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 01:02 - 2014-05-29 01:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 01:02 - 2014-05-29 00:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 01:02 - 2014-05-29 00:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 01:02 - 2014-05-28 23:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 01:02 - 2014-05-26 02:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 01:02 - 2014-05-10 05:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 01:02 - 2014-05-10 03:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 01:02 - 2014-03-24 21:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 01:02 - 2014-03-24 21:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 01:02 - 2014-03-24 20:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 01:02 - 2014-03-24 20:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 00:57 - 2014-08-14 19:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-13 16:00 - 2014-09-13 16:00 - 00000273 _____ () C:\Users\HHGREGG\Desktop\Pineapple Cherry Dump Cake Recipe  Hillbilly Housewife.url
2014-09-13 09:13 - 2014-09-13 11:59 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\Hidden Objects StatueOfLiberty
2014-09-11 04:29 - 2014-08-15 21:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-11 04:29 - 2014-08-15 21:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-11 04:29 - 2014-08-15 21:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-11 04:29 - 2014-08-15 21:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-11 04:29 - 2014-08-15 20:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-11 04:29 - 2014-08-15 20:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-11 04:29 - 2014-08-15 20:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-11 04:29 - 2014-08-15 20:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-11 04:29 - 2014-08-15 20:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-11 04:29 - 2014-08-15 20:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-11 04:29 - 2014-08-15 20:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-11 04:29 - 2014-08-15 20:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-11 04:29 - 2014-08-15 20:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-11 04:29 - 2014-08-15 20:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-11 04:29 - 2014-08-15 20:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-11 04:29 - 2014-08-15 20:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-11 04:29 - 2014-08-15 20:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-11 04:29 - 2014-08-15 20:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-11 04:29 - 2014-08-15 20:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-11 04:29 - 2014-08-15 20:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-11 04:29 - 2014-08-15 20:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-11 04:29 - 2014-08-15 19:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 04:29 - 2014-08-15 19:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-11 04:29 - 2014-08-15 19:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-11 04:29 - 2014-08-15 19:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-11 04:29 - 2014-08-15 19:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-11 04:29 - 2014-08-15 19:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-11 04:29 - 2014-08-15 19:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-11 04:29 - 2014-08-15 19:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-11 04:29 - 2014-08-15 19:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-11 04:29 - 2014-08-15 19:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-11 04:29 - 2014-08-15 19:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-11 04:29 - 2014-08-15 19:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-11 04:29 - 2014-08-15 19:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-11 04:29 - 2014-08-15 19:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-11 02:06 - 2014-09-04 21:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-11 02:06 - 2014-09-04 21:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-11 02:06 - 2014-09-04 19:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-11 02:06 - 2014-08-01 19:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-11 02:06 - 2014-07-23 22:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-11 02:06 - 2014-07-23 22:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-10 04:50 - 2014-09-10 04:50 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\Brave Giant
2014-09-09 21:05 - 2014-09-09 21:05 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Serenity - Leaves on the Wind 1-6 (2014)
2014-09-07 09:59 - 2014-09-07 09:59 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\PlayzzyGames
2014-09-07 09:59 - 2014-09-07 09:59 - 00000000 ____D () C:\ProgramData\PlayzzyGames
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-07 12:27 - 2013-02-02 03:06 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\uTorrent
2014-10-07 12:23 - 2013-09-29 23:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-07 12:19 - 2013-10-25 22:33 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\ClassicShell
2014-10-07 12:19 - 2013-10-18 23:01 - 00000000 ___DO () C:\Users\HHGREGG\SkyDrive
2014-10-07 12:17 - 2014-04-02 22:49 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-10-07 12:17 - 2014-01-16 23:35 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-07 12:16 - 2013-10-18 22:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-07 12:16 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-07 12:16 - 2013-08-22 09:44 - 00339016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-07 12:16 - 2013-03-08 22:57 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 12:15 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-07 12:14 - 2014-01-16 23:24 - 00000000 ____D () C:\AdwCleaner
2014-10-07 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-07 11:47 - 2013-03-08 22:57 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 11:38 - 2013-02-02 13:56 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-07 10:25 - 2012-07-30 08:02 - 00000000 ____D () C:\Users\HHGREGG\Desktop\my games
2014-10-07 08:46 - 2013-10-18 23:08 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B3A75271-CA87-4295-AE44-300C1979CD9E}
2014-10-04 20:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-04 19:46 - 2013-02-02 02:42 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2487455964-828317743-2989858292-1000
2014-10-04 19:17 - 2014-02-27 00:05 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-04 19:17 - 2014-02-27 00:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 18:31 - 2013-09-29 22:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-04 18:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-04 18:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-10-04 18:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-04 18:31 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-04 18:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-04 18:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-10-04 18:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-10-04 18:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-10-04 18:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-10-04 18:31 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-10-04 17:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-04 17:56 - 2012-11-13 02:02 - 00000000 ____D () C:\Users\HHGREGG\AppData\Local\Packages
2014-10-04 17:33 - 2014-07-10 01:02 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Big City Adventure 8 – Rio de Janeiro Classic Edition
2014-10-04 08:36 - 2013-11-15 01:15 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSN Games
2014-10-04 07:30 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-04 02:14 - 2013-06-16 17:52 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Mosaic.Tomb.of.Mystery.v1.0.163.WinALL
2014-10-04 02:14 - 2013-03-17 20:46 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Island, Tribe
2014-10-04 02:14 - 2013-01-01 23:27 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Microsoft Office 2010 Pro Plus SP1 x86 (ALL updates) + Full ISO with Permenant Activator
2014-10-03 19:42 - 2014-07-12 17:05 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-03 19:41 - 2013-05-01 20:36 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Reflexive - Flower Paradise - New Match 3 - Wendy99
2014-10-03 18:37 - 2013-02-08 07:50 - 00000000 ____D () C:\Program Files (x86)\Games
2014-10-03 17:49 - 2014-01-16 23:35 - 00000304 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2014-10-03 08:21 - 2014-01-29 12:02 - 00000000 ____D () C:\Users\rober_000\AppData\Local\Google
2014-10-03 08:21 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-10-03 08:21 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-10-03 08:21 - 2013-03-08 22:57 - 00000000 ____D () C:\Users\HHGREGG\AppData\Local\Google
2014-10-03 08:21 - 2013-03-08 22:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-03 05:41 - 2013-02-02 03:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-03 04:26 - 2013-02-02 03:24 - 00002450 ____N () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - hp.lnk
2014-10-03 04:26 - 2013-02-02 03:24 - 00002434 ____N () C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2014-10-02 22:47 - 2014-03-09 10:48 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-02 11:09 - 2013-09-23 04:40 - 00000000 ____D () C:\Users\HHGREGG\Desktop\recipes
2014-09-27 06:06 - 2014-04-01 06:11 - 00000000 ____D () C:\Users\HHGREGG\Desktop\Healthy Recipes and Smoothies
2014-09-27 04:27 - 2013-03-02 21:26 - 00000000 ____D () C:\ProgramData\Playrix Entertainment
2014-09-27 01:07 - 2014-03-02 03:55 - 00000000 ____D () C:\Users\HHGREGG\Desktop\New folder
2014-09-25 20:41 - 2014-02-27 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-25 20:38 - 2013-05-02 23:41 - 00000000 ____D () C:\Users\HHGREGG\Downloads\Comics
2014-09-22 01:42 - 2013-02-03 08:09 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-20 20:59 - 2013-10-18 22:26 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-20 20:58 - 2013-10-18 22:26 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-20 20:55 - 2013-12-15 16:59 - 00000000 ____D () C:\Users\HHGREGG\AppData\Local\NVIDIA Corporation
2014-09-20 20:55 - 2013-10-18 22:26 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-17 19:57 - 2013-02-02 03:20 - 00000000 ____D () C:\Program Files (x86)\Foxy Games
2014-09-17 19:46 - 2014-03-25 06:30 - 00000000 ____D () C:\ProgramData\Cateia Games
2014-09-16 23:51 - 2014-01-08 22:58 - 01538880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2014-09-16 21:13 - 2013-12-15 16:59 - 02193560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-09-16 21:12 - 2013-12-15 16:59 - 02799784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-09-16 00:30 - 2013-02-10 11:19 - 00000000 ____D () C:\Users\HHGREGG\AppData\Roaming\AlawarEntertainment
2014-09-13 18:48 - 2013-09-05 02:47 - 20589536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-09-13 18:48 - 2013-09-05 02:47 - 18106152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-09-13 18:48 - 2013-09-05 02:47 - 00984424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-09-13 18:48 - 2013-09-05 02:46 - 16875856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-09-13 18:48 - 2013-09-05 02:46 - 03223120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-09-13 18:48 - 2013-09-05 02:46 - 02838424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-09-13 18:48 - 2013-09-05 02:46 - 00026956 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-09-13 18:48 - 2013-02-02 02:34 - 00073872 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2014-09-13 18:48 - 2013-02-02 02:34 - 00060560 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2014-09-13 16:53 - 2013-10-18 22:27 - 06890696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-09-13 16:53 - 2013-10-18 22:27 - 03529872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-09-13 16:53 - 2013-10-18 22:27 - 00934216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-09-13 16:53 - 2013-10-18 22:27 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-09-13 16:53 - 2013-10-18 22:27 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-09-11 10:37 - 2013-10-18 22:27 - 03961833 _____ () C:\WINDOWS\system32\nvcoproc.bin
2014-09-11 04:30 - 2014-06-11 06:24 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-11 04:30 - 2014-06-11 06:24 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-11 04:30 - 2014-06-11 06:24 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-11 04:30 - 2014-06-11 06:24 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-11 04:30 - 2014-06-11 06:24 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-11 04:30 - 2014-06-11 06:24 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-11 04:30 - 2014-06-11 06:24 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-11 04:30 - 2014-06-11 06:24 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-11 04:30 - 2014-06-11 06:24 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-11 04:30 - 2014-06-11 06:23 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-11 04:30 - 2014-06-11 06:23 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-11 04:30 - 2014-06-11 06:23 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-11 04:30 - 2014-06-11 06:23 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-11 04:30 - 2014-06-11 06:23 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-11 04:30 - 2014-05-02 15:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-11 04:30 - 2014-05-02 15:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-11 04:29 - 2013-07-13 21:55 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 04:26 - 2013-02-03 08:10 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\HHGREGG\AppData\Local\Temp\05eifrrm.puz.exe
C:\Users\HHGREGG\AppData\Local\Temp\294823_.exe
C:\Users\HHGREGG\AppData\Local\Temp\51a0nu3l.jvn.exe
C:\Users\HHGREGG\AppData\Local\Temp\EWnk6.exe
C:\Users\HHGREGG\AppData\Local\Temp\jdHg7.dll
C:\Users\HHGREGG\AppData\Local\Temp\jdHg7.exe
C:\Users\HHGREGG\AppData\Local\Temp\namebench.exe
C:\Users\HHGREGG\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\HHGREGG\AppData\Local\Temp\python27.dll
C:\Users\HHGREGG\AppData\Local\Temp\Quarantine.exe
C:\Users\HHGREGG\AppData\Local\Temp\tcl85.dll
C:\Users\HHGREGG\AppData\Local\Temp\tk85.dll
C:\Users\HHGREGG\AppData\Local\Temp\wlylbnje.acc.exe
C:\Users\rober_000\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\rober_000\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\rober_000\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-07 06:49
==================== End Of Log ============================

Attached Files


Edited by DeLoreanDude, 07 October 2014 - 12:47 PM.


#4 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:46 AM

Posted 07 October 2014 - 01:14 PM

Log looks OK for the most part, just want to verify nothing hiding in a couple of folders.

 

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    start
    BHO: No Name -> {6C8DB2EC-499B-4897-A784-0E3186C97E9D} ->  No File
    Folder: C:\ProgramData\e5ad8cddeb1f60a6
    Folder: C:\ProgramData\TinyaWallLet
    AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
    AlternateDataStreams: C:\ProgramData\TEMP:04FCF942
    AlternateDataStreams: C:\ProgramData\TEMP:0CF268DE
    AlternateDataStreams: C:\ProgramData\TEMP:0D90CD5E
    AlternateDataStreams: C:\ProgramData\TEMP:0DA6657A
    AlternateDataStreams: C:\ProgramData\TEMP:0F717A08
    AlternateDataStreams: C:\ProgramData\TEMP:164561C8
    AlternateDataStreams: C:\ProgramData\TEMP:1FE39C61
    AlternateDataStreams: C:\ProgramData\TEMP:261F64D1
    AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
    AlternateDataStreams: C:\ProgramData\TEMP:36D99364
    AlternateDataStreams: C:\ProgramData\TEMP:3887D756
    AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
    AlternateDataStreams: C:\ProgramData\TEMP:3B5038B1
    AlternateDataStreams: C:\ProgramData\TEMP:4AF7C959
    AlternateDataStreams: C:\ProgramData\TEMP:5279F7BF
    AlternateDataStreams: C:\ProgramData\TEMP:57A1F470
    AlternateDataStreams: C:\ProgramData\TEMP:5C6EBC69
    AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
    AlternateDataStreams: C:\ProgramData\TEMP:689AB7E9
    AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
    AlternateDataStreams: C:\ProgramData\TEMP:6FE17A89
    AlternateDataStreams: C:\ProgramData\TEMP:74DF0662
    AlternateDataStreams: C:\ProgramData\TEMP:774C075A
    AlternateDataStreams: C:\ProgramData\TEMP:85376176
    AlternateDataStreams: C:\ProgramData\TEMP:87A3A233
    AlternateDataStreams: C:\ProgramData\TEMP:8A737214
    AlternateDataStreams: C:\ProgramData\TEMP:8AED9359
    AlternateDataStreams: C:\ProgramData\TEMP:93E9FC33
    AlternateDataStreams: C:\ProgramData\TEMP:9603033A
    AlternateDataStreams: C:\ProgramData\TEMP:96A23658
    AlternateDataStreams: C:\ProgramData\TEMP:9811AB56
    AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4
    AlternateDataStreams: C:\ProgramData\TEMP:A3B03EE2
    AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67
    AlternateDataStreams: C:\ProgramData\TEMP:B36361EE
    AlternateDataStreams: C:\ProgramData\TEMP:B9B3B2FE
    AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B
    AlternateDataStreams: C:\ProgramData\TEMP:C826D367
    AlternateDataStreams: C:\ProgramData\TEMP:CE3AADB7
    AlternateDataStreams: C:\ProgramData\TEMP:D3401B14
    AlternateDataStreams: C:\ProgramData\TEMP:D4558A0B
    AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5
    AlternateDataStreams: C:\ProgramData\TEMP:E3D48D81
    AlternateDataStreams: C:\ProgramData\TEMP:E412AAF2
    AlternateDataStreams: C:\ProgramData\TEMP:E5BA9ADD
    AlternateDataStreams: C:\ProgramData\TEMP:E779F65A
    AlternateDataStreams: C:\ProgramData\TEMP:EC0BE05C
    AlternateDataStreams: C:\ProgramData\TEMP:F0532397
    AlternateDataStreams: C:\ProgramData\TEMP:F07EA4DB
    AlternateDataStreams: C:\ProgramData\TEMP:F5A78B16
    AlternateDataStreams: C:\Users\HHGREGG\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\rober_000\SkyDrive:ms-properties
    DeleteKey: HKEY_CLASSES_ROOT\CLSID\{A86EFAD9-8377-476D-9192-CF440B6F88EC}
    EmptyTemp:
    end
     
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply



#5 DeLoreanDude

DeLoreanDude
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:04:46 AM

Posted 07 October 2014 - 09:22 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by HHGREGG at 2014-10-07 21:16:30 Run:1
Running from C:\Users\HHGREGG\Desktop\Adware Removal
Loaded Profile: HHGREGG (Available profiles: HHGREGG & Mcx1-HHGREGG-HP & NeroMediaHomeUser.4 & rober_000)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
BHO: No Name -> {6C8DB2EC-499B-4897-A784-0E3186C97E9D} ->  No File
Folder: C:\ProgramData\e5ad8cddeb1f60a6
Folder: C:\ProgramData\TinyaWallLet
AlternateDataStreams: C:\ProgramData\TEMP:012BC84F
AlternateDataStreams: C:\ProgramData\TEMP:04FCF942
AlternateDataStreams: C:\ProgramData\TEMP:0CF268DE
AlternateDataStreams: C:\ProgramData\TEMP:0D90CD5E
AlternateDataStreams: C:\ProgramData\TEMP:0DA6657A
AlternateDataStreams: C:\ProgramData\TEMP:0F717A08
AlternateDataStreams: C:\ProgramData\TEMP:164561C8
AlternateDataStreams: C:\ProgramData\TEMP:1FE39C61
AlternateDataStreams: C:\ProgramData\TEMP:261F64D1
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:36D99364
AlternateDataStreams: C:\ProgramData\TEMP:3887D756
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:3B5038B1
AlternateDataStreams: C:\ProgramData\TEMP:4AF7C959
AlternateDataStreams: C:\ProgramData\TEMP:5279F7BF
AlternateDataStreams: C:\ProgramData\TEMP:57A1F470
AlternateDataStreams: C:\ProgramData\TEMP:5C6EBC69
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:689AB7E9
AlternateDataStreams: C:\ProgramData\TEMP:6EE8565A
AlternateDataStreams: C:\ProgramData\TEMP:6FE17A89
AlternateDataStreams: C:\ProgramData\TEMP:74DF0662
AlternateDataStreams: C:\ProgramData\TEMP:774C075A
AlternateDataStreams: C:\ProgramData\TEMP:85376176
AlternateDataStreams: C:\ProgramData\TEMP:87A3A233
AlternateDataStreams: C:\ProgramData\TEMP:8A737214
AlternateDataStreams: C:\ProgramData\TEMP:8AED9359
AlternateDataStreams: C:\ProgramData\TEMP:93E9FC33
AlternateDataStreams: C:\ProgramData\TEMP:9603033A
AlternateDataStreams: C:\ProgramData\TEMP:96A23658
AlternateDataStreams: C:\ProgramData\TEMP:9811AB56
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4
AlternateDataStreams: C:\ProgramData\TEMP:A3B03EE2
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67
AlternateDataStreams: C:\ProgramData\TEMP:B36361EE
AlternateDataStreams: C:\ProgramData\TEMP:B9B3B2FE
AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B
AlternateDataStreams: C:\ProgramData\TEMP:C826D367
AlternateDataStreams: C:\ProgramData\TEMP:CE3AADB7
AlternateDataStreams: C:\ProgramData\TEMP:D3401B14
AlternateDataStreams: C:\ProgramData\TEMP:D4558A0B
AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5
AlternateDataStreams: C:\ProgramData\TEMP:E3D48D81
AlternateDataStreams: C:\ProgramData\TEMP:E412AAF2
AlternateDataStreams: C:\ProgramData\TEMP:E5BA9ADD
AlternateDataStreams: C:\ProgramData\TEMP:E779F65A
AlternateDataStreams: C:\ProgramData\TEMP:EC0BE05C
AlternateDataStreams: C:\ProgramData\TEMP:F0532397
AlternateDataStreams: C:\ProgramData\TEMP:F07EA4DB
AlternateDataStreams: C:\ProgramData\TEMP:F5A78B16
AlternateDataStreams: C:\Users\HHGREGG\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\rober_000\SkyDrive:ms-properties
DeleteKey: HKEY_CLASSES_ROOT\CLSID\{A86EFAD9-8377-476D-9192-CF440B6F88EC}
EmptyTemp:
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}" => Key deleted successfully.
"HKCR\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}" => Key not found.

========================= Folder: C:\ProgramData\e5ad8cddeb1f60a6 ========================

2014-10-03 08:21 - 2014-10-03 08:21 - 0121542 _____ () C:\ProgramData\e5ad8cddeb1f60a6\{F04D4328-4631-1CBE-1907-201B33FAF2E8}.20141003082138
2014-10-03 17:50 - 2014-10-03 17:50 - 0002380 _____ () C:\ProgramData\e5ad8cddeb1f60a6\{F04D4328-4631-1CBE-1907-201B33FAF2E8}.20141003175025

====== End of Folder: ======

========================= Folder: C:\ProgramData\TinyaWallLet ========================

====== End of Folder: ======

C:\ProgramData\TEMP => ":012BC84F" ADS removed successfully.
C:\ProgramData\TEMP => ":04FCF942" ADS removed successfully.
C:\ProgramData\TEMP => ":0CF268DE" ADS removed successfully.
C:\ProgramData\TEMP => ":0D90CD5E" ADS removed successfully.
C:\ProgramData\TEMP => ":0DA6657A" ADS removed successfully.
C:\ProgramData\TEMP => ":0F717A08" ADS removed successfully.
C:\ProgramData\TEMP => ":164561C8" ADS removed successfully.
C:\ProgramData\TEMP => ":1FE39C61" ADS removed successfully.
C:\ProgramData\TEMP => ":261F64D1" ADS removed successfully.
C:\ProgramData\TEMP => ":2AE74FF9" ADS removed successfully.
C:\ProgramData\TEMP => ":36D99364" ADS removed successfully.
C:\ProgramData\TEMP => ":3887D756" ADS removed successfully.
C:\ProgramData\TEMP => ":38FF076E" ADS removed successfully.
C:\ProgramData\TEMP => ":3B5038B1" ADS removed successfully.
C:\ProgramData\TEMP => ":4AF7C959" ADS removed successfully.
C:\ProgramData\TEMP => ":5279F7BF" ADS removed successfully.
C:\ProgramData\TEMP => ":57A1F470" ADS removed successfully.
C:\ProgramData\TEMP => ":5C6EBC69" ADS removed successfully.
C:\ProgramData\TEMP => ":5D351BC6" ADS removed successfully.
C:\ProgramData\TEMP => ":689AB7E9" ADS removed successfully.
C:\ProgramData\TEMP => ":6EE8565A" ADS removed successfully.
C:\ProgramData\TEMP => ":6FE17A89" ADS removed successfully.
C:\ProgramData\TEMP => ":74DF0662" ADS removed successfully.
C:\ProgramData\TEMP => ":774C075A" ADS removed successfully.
C:\ProgramData\TEMP => ":85376176" ADS removed successfully.
C:\ProgramData\TEMP => ":87A3A233" ADS removed successfully.
C:\ProgramData\TEMP => ":8A737214" ADS removed successfully.
C:\ProgramData\TEMP => ":8AED9359" ADS removed successfully.
C:\ProgramData\TEMP => ":93E9FC33" ADS removed successfully.
C:\ProgramData\TEMP => ":9603033A" ADS removed successfully.
C:\ProgramData\TEMP => ":96A23658" ADS removed successfully.
C:\ProgramData\TEMP => ":9811AB56" ADS removed successfully.
C:\ProgramData\TEMP => ":9D0A16E4" ADS removed successfully.
C:\ProgramData\TEMP => ":A3B03EE2" ADS removed successfully.
C:\ProgramData\TEMP => ":A6E01F67" ADS removed successfully.
C:\ProgramData\TEMP => ":B36361EE" ADS removed successfully.
C:\ProgramData\TEMP => ":B9B3B2FE" ADS removed successfully.
C:\ProgramData\TEMP => ":C07A6A6B" ADS removed successfully.
C:\ProgramData\TEMP => ":C826D367" ADS removed successfully.
C:\ProgramData\TEMP => ":CE3AADB7" ADS removed successfully.
C:\ProgramData\TEMP => ":D3401B14" ADS removed successfully.
C:\ProgramData\TEMP => ":D4558A0B" ADS removed successfully.
C:\ProgramData\TEMP => ":D999FFD5" ADS removed successfully.
C:\ProgramData\TEMP => ":E3D48D81" ADS removed successfully.
C:\ProgramData\TEMP => ":E412AAF2" ADS removed successfully.
C:\ProgramData\TEMP => ":E5BA9ADD" ADS removed successfully.
C:\ProgramData\TEMP => ":E779F65A" ADS removed successfully.
C:\ProgramData\TEMP => ":EC0BE05C" ADS removed successfully.
C:\ProgramData\TEMP => ":F0532397" ADS removed successfully.
C:\ProgramData\TEMP => ":F07EA4DB" ADS removed successfully.
C:\ProgramData\TEMP => ":F5A78B16" ADS removed successfully.
C:\Users\HHGREGG\SkyDrive => ":ms-properties" ADS removed successfully.
"C:\Users\rober_000\SkyDrive" => ":ms-properties" ADS not found.
HKEY_CLASSES_ROOT\CLSID\{A86EFAD9-8377-476D-9192-CF440B6F88EC} => Key not found.
EmptyTemp: => Removed 836.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#6 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:46 AM

Posted 07 October 2014 - 09:32 PM

Step 1

 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download Malwarebytes Anti-Malware Free to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the program.
  • Launch the program and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply.

 

Manually delete these folders

C:\ProgramData\e5ad8cddeb1f60a6
C:\ProgramData\TinyaWallLet



#7 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:46 AM

Posted 08 October 2014 - 10:07 AM

Run this scan as well:

 

Please scan with TDSSKiller

Download it to your desktop

Open TDSSKiller

Accept both agreements

Click Change Parameters

Add a checkmark to "Detect TDLFS file system". Leave the other settings alone. Press OK when finished.

Click the Start Scan button.

Open Windows Explorer and find the report of the TDSSKiller scan at C:\TDSSKiller.version_month.day.year_XX.XX.XX_log.txt

Please attach this log to your next post



#8 DeLoreanDude

DeLoreanDude
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:04:46 AM

Posted 08 October 2014 - 10:37 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/8/2014
Scan Time: 10:07:23 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.08.04
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: HHGREGG

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 496185
Time Elapsed: 11 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.ArcadeFrontier.A, HKU\S-1-5-21-2487455964-828317743-2989858292-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [dda83eb17efd54e29346415426dc0ff1],
PUP.Optional.ArcadeFrontier.A, HKU\S-1-5-21-2487455964-828317743-2989858292-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [dda83eb17efd54e29346415426dc0ff1],
PUP.Optional.YrJieGames, HKU\S-1-5-21-2487455964-828317743-2989858292-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A86EFAD9-8377-476D-9192-CF440B6F88EC}, Quarantined, [ee97ba35cdae24121282f2e1ed15a759],
PUP.Optional.YrJieGames, HKU\S-1-5-21-2487455964-828317743-2989858292-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A86EFAD9-8377-476D-9192-CF440B6F88EC}, Quarantined, [ee97ba35cdae24121282f2e1ed15a759],
Adware.180Solutions, HKLM\SOFTWARE\CLASSES\APPID\activex.DLL, Quarantined, [8ff642ad047739fd99d54a6640c307f9],
Adware.180Solutions, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\activex.DLL, Quarantined, [dbaa47a8a9d22a0c78f6c9e734cff10f],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2487455964-828317743-2989858292-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\RecipeHub_2j, Quarantined, [5a2bb43b6c0f78bec1b931fb56ad0af6],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2487455964-828317743-2989858292-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\RecipeHub_2j, Quarantined, [5233cf203f3c60d6fc7ee14beb18c23e],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2487455964-828317743-2989858292-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\RecipeHub_2j, Quarantined, [aadbc32cde9df541c3b766c67093f010],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.Conduit.A, C:\Users\HHGREGG\AppData\Roaming\uTorrent\ism.exe, Quarantined, [8cf9e00f53286bcb34b67822827fda26],
Trojan.Agent, C:\Windows\SysWOW64\icaclls.exe, Quarantined, [a1e4a54ab5c6c47210416c618977c937],
Trojan.Agent, C:\Windows\SysWOW64\labeel.exe, Quarantined, [9bea7d72d9a277bf074aece1827ec23e],
PUP.Optional.ArcadeFrontier.A, C:\Users\HHGREGG\Downloads\ArcadeFrontierGames.exe, Quarantined, [9fe6836c78030f279dcabcb0748d07f9],
PUP.Optional.FunWebProducts.A, C:\Users\HHGREGG\Downloads\RecipeHub (1).exe, Quarantined, [f0951bd4f388bf77fbc4354fff05c23e],
PUP.Optional.GetPrivateVPN, C:\Windows\System32\Tasks\GPUP, Quarantined, [fd88e60997e4de585ac9719fca39fd03],

Physical Sectors: 0
(No malicious items detected)

(end)

 

At this point, I permanently deleted the 2 folders as you advised (Shift+delete). 

 

I must say, I'm glad to see Yrjie included in the scans and quarantined, it's been sitting in my IE add-ons for over a year and I've been unable to get it off as the disable button has always been greyed out, and the online guides (including the one here) wasn't much help. The one here didn't help as I'm running 8.1 and Combofix is currently incompatible with the OS, so if that bugger gets removed among the other dreck on my PC, I'll be a happy dude!

Attached Files


Edited by DeLoreanDude, 08 October 2014 - 10:41 AM.


#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:46 AM

Posted 08 October 2014 - 12:08 PM

Good deal, how is the PC running at this point? If you need some more time to evaluate its performance feel free. Let me know and we'll either run a few more scans or I can post final cleanup steps.



#10 DeLoreanDude

DeLoreanDude
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alabama
  • Local time:04:46 AM

Posted 09 October 2014 - 09:12 PM

Thus far it's been running good; I feel safe to say we can proceed with the clean up process, and if need be I'll ask for more assistance by PM to reopen the thread.

 

Many thanks for helping rid some unnecessary crap from my drives!



#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:46 AM

Posted 09 October 2014 - 09:17 PM

You're welcome.

 

1. Delete FRST

2. Delete the C:\FRST folder

3. Ensure you have the latest version the following applications if you use them. The outdated versions of these applications are commonly used to infect computers: 

  • Adobe Flash Player
  • Adobe Reader
  • Java
  • Microsoft Silverlight

4. No matter which browser you decide to use, I highly recommend this browser extension which effectively blocks annoying banners, pop-ups, and video ads - even on Facebook and YouTube: Adblock Plus

5. Another small yet very effective program I highly recommend is: SpywareBlaster

6. Finally, delete your old system restore points and create a new one. If you need help with this, click here

 

Be safe !



#12 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:46 AM

Posted 09 October 2014 - 09:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users