Jump to content

Can't get rid of malware

Kentigurn

By Kentigurn
in Resolved Malware Removal Logs

 Share

Recommended Posts

Kentigurn

Kentigurn

Posted
Posted

My computer will no longer pull up Malwarebytes. Everything I've run says there's no viruses on the computer but something is up. Here are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by NGFS-WKS02 (administrator) on NGFS-WKS02 on 15-09-2014 17:38:40
Running from C:\Users\NGFS-WKS02\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Spotify Ltd) C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Spotify Ltd) C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mortgage Contracting Services, Inc.) C:\Users\NGFS-WKS02\AppData\Local\Apps\2.0\QENZPZH0.0M5\RG3P34Y4.7VC\mcsn..tion_ad9c0fd8d87c11eb_0002.0000_2e5770c7b49f3324\mcsnowVendor.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1116852125-3953405846-3253600488-1001\...\Run: [spotify Web Helper] => C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-27] (Spotify Ltd)
HKU\S-1-5-21-1116852125-3953405846-3253600488-1001\...\Run: [spotify] => C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\spotify.exe [6621752 2014-08-27] (Spotify Ltd)
Startup: C:\Users\NGFS-WKS02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\NGFS-WKS02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fieldscape.lpsfs.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0051DCD63C13CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://qbo.intuit.com/qbo1/login?webredir
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\NGFS-WKS02\AppData\Roaming\Mozilla\Firefox\Profiles\rf0glkvt.default-1396137214589
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 4B210612C59B26A7B7B7B98731332EFC1739555EEEC15C05662158F0C2FBB964
CHR DefaultSearchKeyword: Default -> 23AC177405AA665484ED986DFD1F6BF0F1122B7ED63546C912038F0FB609D218
CHR DefaultSearchURL: Default -> 02A2AD4B476F3E6CEE0500279C903E1D2411E3F2820EC4C6945EC5182AB7C781
CHR Profile: C:\Users\NGFS-WKS02\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\NGFS-WKS02\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-17]
CHR Extension: (Google Drive) - C:\Users\NGFS-WKS02\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\NGFS-WKS02\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\NGFS-WKS02\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]
CHR Extension: (Google Search) - C:\Users\NGFS-WKS02\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\NGFS-WKS02\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR Extension: (Gmail) - C:\Users\NGFS-WKS02\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-29] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 17:38 - 2014-09-15 17:39 - 00014930 _____ () C:\Users\NGFS-WKS02\Downloads\FRST.txt
2014-09-15 17:38 - 2014-09-15 17:38 - 02105856 _____ (Farbar) C:\Users\NGFS-WKS02\Downloads\FRST64.exe
2014-09-15 17:38 - 2014-09-15 17:38 - 00000000 ____D () C:\FRST
2014-09-15 17:37 - 2014-09-15 17:37 - 01097728 _____ (Farbar) C:\Users\NGFS-WKS02\Downloads\FRST.exe
2014-09-15 17:24 - 2014-09-15 17:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NGFS-WKS02\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-09-15 17:23 - 2014-09-15 17:25 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NGFS-WKS02\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-15 17:21 - 2014-09-15 17:22 - 00002344 _____ () C:\Users\NGFS-WKS02\Desktop\Rkill.txt
2014-09-15 17:21 - 2014-09-15 17:21 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\NGFS-WKS02\Downloads\rkill.exe
2014-09-15 08:29 - 2014-09-15 17:11 - 00000000 ___RD () C:\Users\NGFS-WKS02\Dropbox
2014-09-15 08:27 - 2014-09-15 08:27 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 08:25 - 2014-09-15 17:08 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox
2014-09-15 08:25 - 2014-09-15 08:25 - 00323696 _____ (Dropbox, Inc.) C:\Users\NGFS-WKS02\Downloads\DropboxInstaller.exe
2014-09-14 19:16 - 2014-09-14 19:16 - 13087456 _____ (Microsoft Corporation) C:\Users\NGFS-WKS02\Downloads\Silverlight_x64.exe
2014-09-14 19:16 - 2014-09-14 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-14 19:16 - 2014-09-14 19:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-14 19:16 - 2014-09-14 19:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-12 13:38 - 2014-09-12 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 18:21 - 2014-09-10 18:21 - 00281784 _____ () C:\Windows\Minidump\091014-14040-01.dmp
2014-09-09 23:23 - 2014-09-09 23:23 - 00000000 ____D () C:\Users\NGFS-WKS02\Documents\OneNote Notebooks
2014-09-04 16:29 - 2014-09-04 16:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-04 16:29 - 2014-09-04 16:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-04 16:29 - 2014-09-04 16:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-04 16:29 - 2014-09-04 16:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-04 16:29 - 2014-09-04 16:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-04 16:28 - 2014-09-04 16:28 - 00918440 _____ (Oracle Corporation) C:\Users\NGFS-WKS02\Downloads\chromeinstall-7u67 (1).exe
2014-09-04 12:03 - 2014-09-04 12:03 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-04 12:03 - 2014-09-04 12:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-04 12:03 - 2014-09-04 12:03 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-04 12:03 - 2014-09-04 12:03 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-04 12:03 - 2014-09-04 12:03 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-09-04 12:03 - 2014-09-04 12:03 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-09-04 12:03 - 2014-09-04 12:03 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-04 12:03 - 2014-09-04 12:03 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-04 12:03 - 2014-09-04 12:03 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-09-04 12:03 - 2014-09-04 12:03 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-09-04 12:03 - 2014-09-04 12:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-04 12:01 - 2014-09-04 12:06 - 00006445 _____ () C:\Windows\IE10_main.log
2014-09-04 12:01 - 2014-09-04 12:01 - 44335120 _____ (Microsoft Corporation) C:\Users\NGFS-WKS02\Downloads\IE10-Windows6.1-x64-en-us.exe
2014-08-30 19:09 - 2014-08-30 19:09 - 00918440 _____ (Oracle Corporation) C:\Users\NGFS-WKS02\Downloads\chromeinstall-7u67.exe
2014-08-30 18:31 - 2014-09-15 17:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-30 18:31 - 2014-09-15 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-30 18:31 - 2014-09-15 17:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-30 18:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-30 18:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-30 18:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-30 18:30 - 2014-08-30 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NGFS-WKS02\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-30 18:29 - 2014-08-30 18:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NGFS-WKS02\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-30 18:07 - 2014-08-30 18:08 - 11239424 _____ () C:\Users\NGFS-WKS02\Downloads\EMET Setup.msi
2014-08-27 00:06 - 2014-08-27 00:07 - 10463158 _____ () C:\Users\NGFS-WKS02\Downloads\srwjeng.rar
2014-08-27 00:02 - 2014-08-27 00:02 - 05757970 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 0845 - Medabots - Metabee Version (E)(GBATemp).zip
2014-08-27 00:02 - 2014-08-27 00:02 - 03861286 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 1037 - Medabots AX Metabee Version (E)(Rising Sun).zip
2014-08-26 23:58 - 2014-08-26 23:59 - 04007030 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 0468 - MegaMan Battle Network 2 (U)(Mode 7).zip
2014-08-25 23:49 - 2014-08-25 23:49 - 00470144 _____ (Installer Technology Co) C:\Users\NGFS-WKS02\Downloads\Setup_ODM.exe
2014-08-25 23:48 - 2014-08-25 23:48 - 00757864 _____ ( ) C:\Users\NGFS-WKS02\Downloads\CR_Downloader_for_pokemon-flora-sky-(hack).exe
2014-08-25 23:43 - 2014-08-25 23:43 - 10365165 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 2166 - Megaman Zero 4 (U)(Trashman).zip
2014-08-25 23:43 - 2014-08-25 23:43 - 05205377 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 2457 - Summon Night (U)(iND).zip
2014-08-25 23:42 - 2014-08-25 23:43 - 07124471 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 1986 - Pokemon Emerald (U)(TrashMan).zip
2014-08-25 23:40 - 2014-08-25 23:40 - 00013249 _____ () C:\Users\NGFS-WKS02\Downloads\gbabios.rar
2014-08-25 23:39 - 2014-08-25 23:39 - 00661168 _____ ( ) C:\Users\NGFS-WKS02\Downloads\Unconfirmed 741643.crdownload
2014-08-25 23:35 - 2014-08-25 23:35 - 00873494 _____ () C:\Users\NGFS-WKS02\Downloads\27268_gpSP-1538.rar
2014-08-25 23:17 - 2014-09-15 10:49 - 00000000 ____D () C:\Users\NGFS-WKS02\Desktop\PSP
2014-08-25 23:03 - 2014-08-25 23:03 - 01052450 _____ () C:\Users\NGFS-WKS02\Downloads\660PRO-B9.rar
2014-08-25 23:03 - 2014-08-25 23:03 - 00860096 _____ ( ) C:\Users\NGFS-WKS02\Downloads\winzip18-home.exe
2014-08-24 20:42 - 2014-08-25 14:48 - 00000000 ____D () C:\Users\NGFS-WKS02\Desktop\Iphone pics
2014-08-24 20:34 - 2014-08-24 20:38 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Roaming\Apple Computer
2014-08-24 20:34 - 2014-08-24 20:34 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-24 20:34 - 2014-08-24 20:34 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Local\Apple Computer
2014-08-24 20:34 - 2014-08-24 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-24 20:34 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-24 20:33 - 2014-08-24 20:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-24 20:33 - 2014-08-24 20:34 - 00000000 ____D () C:\Program Files\iTunes
2014-08-24 20:33 - 2014-08-24 20:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-24 20:33 - 2014-08-24 20:33 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Local\Apple
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\Program Files\iPod
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-24 20:32 - 2014-08-24 20:33 - 00000000 ____D () C:\ProgramData\Apple
2014-08-24 20:32 - 2014-08-24 20:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-24 20:32 - 2014-08-24 20:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-24 20:32 - 2014-08-24 20:32 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-24 20:07 - 2014-08-24 20:09 - 113492816 _____ (Apple Inc.) C:\Users\NGFS-WKS02\Downloads\iTunes64Setup.exe
2014-08-16 22:07 - 2014-08-16 22:07 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Local\Adobe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 17:39 - 2014-09-15 17:38 - 00014930 _____ () C:\Users\NGFS-WKS02\Downloads\FRST.txt
2014-09-15 17:38 - 2014-09-15 17:38 - 02105856 _____ (Farbar) C:\Users\NGFS-WKS02\Downloads\FRST64.exe
2014-09-15 17:38 - 2014-09-15 17:38 - 00000000 ____D () C:\FRST
2014-09-15 17:37 - 2014-09-15 17:37 - 01097728 _____ (Farbar) C:\Users\NGFS-WKS02\Downloads\FRST.exe
2014-09-15 17:36 - 2014-01-14 23:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 17:35 - 2014-01-16 06:56 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Roaming\Spotify
2014-09-15 17:30 - 2014-01-16 10:37 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Local\Deployment
2014-09-15 17:27 - 2014-08-30 18:31 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 17:27 - 2014-08-30 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 17:27 - 2014-08-30 18:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 17:26 - 2014-09-15 17:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NGFS-WKS02\Downloads\mbam-setup-2.0.2.1012 (3).exe
2014-09-15 17:25 - 2014-09-15 17:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NGFS-WKS02\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-15 17:22 - 2014-09-15 17:21 - 00002344 _____ () C:\Users\NGFS-WKS02\Desktop\Rkill.txt
2014-09-15 17:21 - 2014-09-15 17:21 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\NGFS-WKS02\Downloads\rkill.exe
2014-09-15 17:19 - 2014-06-16 15:54 - 00005002 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NGFS-WKS02-NGFS-WKS02 NGFS-WKS02
2014-09-15 17:14 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 17:14 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 17:13 - 2009-07-14 01:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 17:11 - 2014-09-15 08:29 - 00000000 ___RD () C:\Users\NGFS-WKS02\Dropbox
2014-09-15 17:10 - 2014-01-14 20:01 - 01923326 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 17:08 - 2014-09-15 08:25 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox
2014-09-15 17:06 - 2014-01-14 23:20 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 17:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 17:06 - 2009-07-14 00:51 - 00099335 _____ () C:\Windows\setupact.log
2014-09-15 16:51 - 2014-01-14 23:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 15:03 - 2014-01-16 10:30 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F9C960D-43C1-4D4F-B448-531E5837FCE3}
2014-09-15 10:49 - 2014-08-25 23:17 - 00000000 ____D () C:\Users\NGFS-WKS02\Desktop\PSP
2014-09-15 08:29 - 2014-01-16 09:35 - 00000000 ____D () C:\Users\NGFS-WKS02
2014-09-15 08:27 - 2014-09-15 08:27 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 08:25 - 2014-09-15 08:25 - 00323696 _____ (Dropbox, Inc.) C:\Users\NGFS-WKS02\Downloads\DropboxInstaller.exe
2014-09-15 08:24 - 2014-01-16 06:56 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Local\Spotify
2014-09-14 19:16 - 2014-09-14 19:16 - 13087456 _____ (Microsoft Corporation) C:\Users\NGFS-WKS02\Downloads\Silverlight_x64.exe
2014-09-14 19:16 - 2014-09-14 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-14 19:16 - 2014-09-14 19:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-14 19:16 - 2014-09-14 19:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-13 20:33 - 2014-01-17 04:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-12 13:38 - 2014-09-12 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-10 18:21 - 2014-09-10 18:21 - 00281784 _____ () C:\Windows\Minidump\091014-14040-01.dmp
2014-09-10 18:21 - 2014-01-14 22:35 - 901391015 _____ () C:\Windows\MEMORY.DMP
2014-09-10 18:21 - 2014-01-14 22:35 - 00000000 ____D () C:\Windows\Minidump
2014-09-09 23:23 - 2014-09-09 23:23 - 00000000 ____D () C:\Users\NGFS-WKS02\Documents\OneNote Notebooks
2014-09-07 21:11 - 2014-05-18 18:18 - 00000000 ____D () C:\Users\NGFS-WKS02\Desktop\Cameron Esposito (cameronesposito) on Twitter_files
2014-09-05 00:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-04 16:29 - 2014-09-04 16:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-04 16:29 - 2014-09-04 16:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-04 16:29 - 2014-09-04 16:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-04 16:29 - 2014-09-04 16:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-04 16:29 - 2014-09-04 16:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-04 16:29 - 2014-02-22 19:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-04 16:28 - 2014-09-04 16:28 - 00918440 _____ (Oracle Corporation) C:\Users\NGFS-WKS02\Downloads\chromeinstall-7u67 (1).exe
2014-09-04 12:09 - 2014-01-16 09:36 - 00001417 _____ () C:\Users\NGFS-WKS02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-04 12:06 - 2014-09-04 12:01 - 00006445 _____ () C:\Windows\IE10_main.log
2014-09-04 12:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-04 12:03 - 2014-09-04 12:03 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-04 12:03 - 2014-09-04 12:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-04 12:03 - 2014-09-04 12:03 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-04 12:03 - 2014-09-04 12:03 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-04 12:03 - 2014-09-04 12:03 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-09-04 12:03 - 2014-09-04 12:03 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-09-04 12:03 - 2014-09-04 12:03 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-04 12:03 - 2014-09-04 12:03 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-04 12:03 - 2014-09-04 12:03 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-09-04 12:03 - 2014-09-04 12:03 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-09-04 12:03 - 2014-09-04 12:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-04 12:03 - 2014-09-04 12:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-04 12:03 - 2014-09-04 12:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-04 12:01 - 2014-09-04 12:01 - 44335120 _____ (Microsoft Corporation) C:\Users\NGFS-WKS02\Downloads\IE10-Windows6.1-x64-en-us.exe
2014-08-30 19:09 - 2014-08-30 19:09 - 00918440 _____ (Oracle Corporation) C:\Users\NGFS-WKS02\Downloads\chromeinstall-7u67.exe
2014-08-30 18:31 - 2014-08-30 18:30 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NGFS-WKS02\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-30 18:30 - 2014-08-30 18:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\NGFS-WKS02\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-30 18:25 - 2014-06-05 02:48 - 00000000 ____D () C:\ProgramData\Skype
2014-08-30 18:08 - 2014-08-30 18:07 - 11239424 _____ () C:\Users\NGFS-WKS02\Downloads\EMET Setup.msi
2014-08-27 00:07 - 2014-08-27 00:06 - 10463158 _____ () C:\Users\NGFS-WKS02\Downloads\srwjeng.rar
2014-08-27 00:02 - 2014-08-27 00:02 - 05757970 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 0845 - Medabots - Metabee Version (E)(GBATemp).zip
2014-08-27 00:02 - 2014-08-27 00:02 - 03861286 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 1037 - Medabots AX Metabee Version (E)(Rising Sun).zip
2014-08-26 23:59 - 2014-08-26 23:58 - 04007030 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 0468 - MegaMan Battle Network 2 (U)(Mode 7).zip
2014-08-26 14:25 - 2010-11-20 23:47 - 00194746 _____ () C:\Windows\PFRO.log
2014-08-26 14:25 - 2009-07-14 01:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 23:49 - 2014-08-25 23:49 - 00470144 _____ (Installer Technology Co) C:\Users\NGFS-WKS02\Downloads\Setup_ODM.exe
2014-08-25 23:48 - 2014-08-25 23:48 - 00757864 _____ ( ) C:\Users\NGFS-WKS02\Downloads\CR_Downloader_for_pokemon-flora-sky-(hack).exe
2014-08-25 23:43 - 2014-08-25 23:43 - 10365165 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 2166 - Megaman Zero 4 (U)(Trashman).zip
2014-08-25 23:43 - 2014-08-25 23:43 - 05205377 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 2457 - Summon Night (U)(iND).zip
2014-08-25 23:43 - 2014-08-25 23:42 - 07124471 _____ () C:\Users\NGFS-WKS02\Downloads\DGEmu - 1986 - Pokemon Emerald (U)(TrashMan).zip
2014-08-25 23:40 - 2014-08-25 23:40 - 00013249 _____ () C:\Users\NGFS-WKS02\Downloads\gbabios.rar
2014-08-25 23:39 - 2014-08-25 23:39 - 00661168 _____ ( ) C:\Users\NGFS-WKS02\Downloads\Unconfirmed 741643.crdownload
2014-08-25 23:35 - 2014-08-25 23:35 - 00873494 _____ () C:\Users\NGFS-WKS02\Downloads\27268_gpSP-1538.rar
2014-08-25 23:03 - 2014-08-25 23:03 - 01052450 _____ () C:\Users\NGFS-WKS02\Downloads\660PRO-B9.rar
2014-08-25 23:03 - 2014-08-25 23:03 - 00860096 _____ ( ) C:\Users\NGFS-WKS02\Downloads\winzip18-home.exe
2014-08-25 14:48 - 2014-08-24 20:42 - 00000000 ____D () C:\Users\NGFS-WKS02\Desktop\Iphone pics
2014-08-24 20:38 - 2014-08-24 20:34 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Roaming\Apple Computer
2014-08-24 20:34 - 2014-08-24 20:34 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-24 20:34 - 2014-08-24 20:34 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Local\Apple Computer
2014-08-24 20:34 - 2014-08-24 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-24 20:34 - 2014-08-24 20:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-24 20:34 - 2014-08-24 20:33 - 00000000 ____D () C:\Program Files\iTunes
2014-08-24 20:34 - 2014-08-24 20:33 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-24 20:33 - 2014-08-24 20:33 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Local\Apple
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\Program Files\iPod
2014-08-24 20:33 - 2014-08-24 20:33 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-24 20:33 - 2014-08-24 20:32 - 00000000 ____D () C:\ProgramData\Apple
2014-08-24 20:32 - 2014-08-24 20:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-24 20:32 - 2014-08-24 20:32 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-24 20:32 - 2014-08-24 20:32 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-24 20:09 - 2014-08-24 20:07 - 113492816 _____ (Apple Inc.) C:\Users\NGFS-WKS02\Downloads\iTunes64Setup.exe
2014-08-24 10:20 - 2014-01-16 05:03 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-18 18:48 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-16 22:07 - 2014-08-16 22:07 - 00000000 ____D () C:\Users\NGFS-WKS02\AppData\Local\Adobe
2014-08-16 15:30 - 2014-01-14 23:12 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-16 15:30 - 2014-01-14 23:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-16 15:30 - 2014-01-14 23:12 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
Some content of TEMP:
====================
C:\Users\NGFS-WKS02\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7kv4wl.dll
C:\Users\NGFS-WKS02\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\NGFS-WKS02\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-flora-sky-(hack).exe
C:\Users\NGFS-WKS02\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\NGFS-WKS02\AppData\Local\Temp\OfficeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-11 17:53
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by NGFS-WKS02 at 2014-09-15 17:42:05
Running from C:\Users\NGFS-WKS02\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.29 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Network Connections 18.5.54.0 (Version: 18.5.54.0 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
ON_OFF Charge 2 B13.0910.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0910.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{8674E662-F413-4A50-A256-ABE97FECE84D}) (Version: 13.0.5.891 - SAP)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Vendor 360 - Application (HKCU\...\01a40c241b12cfc3) (Version: 2.0.0.45 - Mortgage Contracting Services, LLC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1116852125-3953405846-3253600488-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
15-09-2014 12:35:47 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A493639-3798-495B-A2A5-3E4156B6FBDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: {0DE74C4A-026D-494E-9F5D-DFD8FDFB32B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-16] (Adobe Systems Incorporated)
Task: {6C042A70-A25F-4854-94FC-9066BAFF6BE9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-14] (Google Inc.)
Task: {71EFBC56-06B5-4531-A28C-A70D37BAA47C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {90486894-B729-486E-8FA5-747F8C4C7226} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {C8C3331F-40C8-47D7-B185-D150667FB2E1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-24] (Microsoft Corporation)
Task: {DCA2744A-F7D9-4B77-B7E5-828B2992909C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for NGFS-WKS02-NGFS-WKS02 NGFS-WKS02 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-24] (Microsoft Corporation)
Task: {E377602F-4298-4FAE-B11A-CFF9A719BE47} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 06:31 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-24 10:19 - 2014-08-24 10:19 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-16 06:56 - 2014-08-27 16:28 - 00610872 _____ () C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-08-27 20:16 - 2014-08-27 20:15 - 00012800 ____N () C:\Users\NGFS-WKS02\AppData\Local\Apps\2.0\QENZPZH0.0M5\RG3P34Y4.7VC\mcsn..tion_ad9c0fd8d87c11eb_0002.0000_2e5770c7b49f3324\ClientSoapExtension.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-16 06:56 - 2014-08-27 16:28 - 36966968 _____ () C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\libcef.dll
2014-09-15 17:07 - 2014-09-15 17:07 - 00043008 _____ () c:\Users\NGFS-WKS02\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7kv4wl.dll
2014-09-15 08:27 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\NGFS-WKS02\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-09 23:23 - 2014-06-10 15:44 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-07-17 17:54 - 2014-08-27 16:28 - 00867896 _____ () C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-01-16 06:56 - 2014-08-27 16:28 - 00886840 _____ () C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-01-16 06:56 - 2014-08-27 16:28 - 00108600 _____ () C:\Users\NGFS-WKS02\AppData\Roaming\Spotify\Data\libegl.dll
2014-01-14 20:12 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-10 16:53 - 2014-09-03 23:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-10 16:53 - 2014-09-03 23:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-10 16:53 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-10 16:53 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-10 16:53 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-10 16:53 - 2014-09-03 23:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2014 05:36:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xa8c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/15/2014 05:34:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x16a0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/15/2014 05:28:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xa74
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/15/2014 05:27:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xa38
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/15/2014 05:19:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x724
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/15/2014 05:17:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1364
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/15/2014 05:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x14c0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/15/2014 05:11:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x364
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/15/2014 05:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x7bc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/15/2014 05:08:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/15/2014 05:06:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (09/15/2014 02:38:51 PM) (Source: DCOM) (EventID: 10016) (User: NGFS-WKS02)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}NGFS-WKS02NGFS-WKS02S-1-5-21-1116852125-3953405846-3253600488-1001LocalHost (Using LRPC)
 
Error: (09/15/2014 02:38:51 PM) (Source: DCOM) (EventID: 10016) (User: NGFS-WKS02)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}NGFS-WKS02NGFS-WKS02S-1-5-21-1116852125-3953405846-3253600488-1001LocalHost (Using LRPC)
 
Error: (09/15/2014 02:12:12 PM) (Source: DCOM) (EventID: 10016) (User: NGFS-WKS02)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}NGFS-WKS02NGFS-WKS02S-1-5-21-1116852125-3953405846-3253600488-1001LocalHost (Using LRPC)
 
Error: (09/15/2014 02:12:12 PM) (Source: DCOM) (EventID: 10016) (User: NGFS-WKS02)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}NGFS-WKS02NGFS-WKS02S-1-5-21-1116852125-3953405846-3253600488-1001LocalHost (Using LRPC)
 
Error: (09/15/2014 01:36:23 PM) (Source: DCOM) (EventID: 10016) (User: NGFS-WKS02)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}NGFS-WKS02NGFS-WKS02S-1-5-21-1116852125-3953405846-3253600488-1001LocalHost (Using LRPC)
 
Error: (09/15/2014 01:36:23 PM) (Source: DCOM) (EventID: 10016) (User: NGFS-WKS02)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}NGFS-WKS02NGFS-WKS02S-1-5-21-1116852125-3953405846-3253600488-1001LocalHost (Using LRPC)
 
Error: (09/15/2014 01:13:04 PM) (Source: DCOM) (EventID: 10016) (User: NGFS-WKS02)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}NGFS-WKS02NGFS-WKS02S-1-5-21-1116852125-3953405846-3253600488-1001LocalHost (Using LRPC)
 
Error: (09/15/2014 01:13:04 PM) (Source: DCOM) (EventID: 10016) (User: NGFS-WKS02)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}NGFS-WKS02NGFS-WKS02S-1-5-21-1116852125-3953405846-3253600488-1001LocalHost (Using LRPC)
 
Error: (09/15/2014 00:44:36 PM) (Source: DCOM) (EventID: 10016) (User: NGFS-WKS02)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}NGFS-WKS02NGFS-WKS02S-1-5-21-1116852125-3953405846-3253600488-1001LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (09/15/2014 05:36:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fda8c01cfd12d0fc8003fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll4ee1015e-3d20-11e4-8316-74d435166c41
 
Error: (09/15/2014 05:34:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd16a001cfd12cc5f16668C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll04d944af-3d20-11e4-8316-74d435166c41
 
Error: (09/15/2014 05:28:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fda7401cfd12bf3814cd7C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll31f4e3ca-3d1f-11e4-8316-74d435166c41
 
Error: (09/15/2014 05:27:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fda3801cfd12bdcdaa0efC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll1b71c5f8-3d1f-11e4-8316-74d435166c41
 
Error: (09/15/2014 05:19:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd72401cfd12ac0647865C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllfe503fbb-3d1d-11e4-8316-74d435166c41
 
Error: (09/15/2014 05:17:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd136401cfd12a67b1c9cbC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlla7a5017c-3d1d-11e4-8316-74d435166c41
 
Error: (09/15/2014 05:14:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd14c001cfd12a0c382897C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll4b070040-3d1d-11e4-8316-74d435166c41
 
Error: (09/15/2014 05:11:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd36401cfd129916d1a3eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllcf3d90fe-3d1c-11e4-8316-74d435166c41
 
Error: (09/15/2014 05:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7bc01cfd1296f22d456C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllb02731e7-3d1c-11e4-8316-74d435166c41
 
Error: (09/15/2014 05:08:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8078.96 MB
Available physical RAM: 4923.65 MB
Total Pagefile: 16156.09 MB
Available Pagefile: 12941.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.29 GB) (Free:865.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites
  • 1 month later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Thank you
Link to post
Share on other sites
  • 4 weeks later...
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.