Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After power outage/reboot, all files gone


  • This topic is locked This topic is locked
58 replies to this topic

#1 nyseman

nyseman

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 17 March 2014 - 05:42 AM

I was working on my laptop and the battery died (it doesn't give me a warning anymore even though the settings still show that it should). After I plugged it in and turned on my power, the computer finally booted after a long time and it was like my hard drive was wiped clean. Like a new win 7 installation. I have a very old back up...like months old. Please help me. All of my work is on this.

BC AdBot (Login to Remove)

 


#2 nyseman

nyseman
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 17 March 2014 - 05:43 AM

I have an ASUS i7 machine running windows 7

#3 nyseman

nyseman
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 17 March 2014 - 08:08 PM

My data is still here.  It looks like after the reboot, the virus may have redirected my user profile to a temp user profile.  I'm not quite sure how to put everything back. My outlook data files are there as well, but outlook (and everything other program) is pointing at a blank user profile I think, so I can't access my data.  I try to make a back up copy of my user folder to my external HD, but it doesn't seem to want to copy everything.  Perhaps because of some security setting? Please help, I can't access my emails through outlook and my work depends on it.

 

Thank you,

 

Michael



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 21 March 2014 - 07:47 PM

Greetings Michael and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Before we do anything proactive I need to take a look at what is going on with your computer. Please do this for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 nyseman

nyseman
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 21 March 2014 - 08:29 PM

Hi Gary,

 

Thank you for you reply. I'm not sure if you've seen the other post in the Virus Removal forum.  It was somewhat updated and this post was supposed to be locked with a link to the other post.  In any event, please find the log files you've requested below:

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michael (administrator) on MICHAEL-PC on 21-03-2014 19:19:04
Running from C:\Users\TEMP.Michael-PC.001\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Starfield Technologies) C:\Users\TEMP.Michael-PC.001\AppData\Local\Workspace\WorkspaceUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-02] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [363752 2012-09-19] (BillP Studios)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [FLxHCIm] - C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [43008 2011-04-08] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [363752 2012-09-19] (BillP Studios)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2574172027-3284400276-4226840274-1001\...\Run: [Starfield Updater] - C:\Users\TEMP.Michael-PC.001\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2014-03-20] (Starfield Technologies)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE91969B42344CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-18] (Nitro PDF Software)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2012-11-17] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-21 19:19 - 2014-03-21 19:19 - 00014573 _____ () C:\Users\TEMP.Michael-PC.001\Desktop\FRST.txt
2014-03-21 19:16 - 2014-03-21 19:19 - 00000000 ____D () C:\FRST
2014-03-21 19:06 - 2014-03-21 19:06 - 02157056 _____ (Farbar) C:\Users\TEMP.Michael-PC.001\Desktop\FRST64.exe
2014-03-20 03:03 - 2014-03-20 03:04 - 00001153 _____ () C:\Users\TEMP.Michael-PC.001\Desktop\desktoptools.lnk
2014-03-20 03:03 - 2014-03-20 03:03 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
2014-03-20 03:02 - 2014-03-20 03:04 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\Workspace
2014-03-20 03:02 - 2014-03-20 03:02 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Mozilla
2014-03-20 02:20 - 2014-03-21 19:16 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\Documents\Outlook Files
2014-03-20 01:46 - 2014-03-20 01:46 - 00021304 _____ () C:\Users\TEMP.Michael-PC.001\Desktop\attach.txt
2014-03-20 01:46 - 2014-03-20 01:46 - 00020125 _____ () C:\Users\TEMP.Michael-PC.001\Desktop\dds.txt
2014-03-20 01:39 - 2014-03-20 01:39 - 00688992 ____R (Swearware) C:\Users\TEMP.Michael-PC.001\Desktop\dds.com
2014-03-20 01:38 - 2014-03-20 01:38 - 00688992 _____ (Swearware) C:\Users\Michael\Desktop\dds.com
2014-03-20 01:35 - 2014-03-20 01:35 - 00688992 _____ (Swearware) C:\Users\TEMP.Michael-PC.001\Downloads\dds.com
2014-03-18 13:50 - 2014-03-18 13:50 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\Adobe
2014-03-18 10:20 - 2014-03-18 10:20 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Macromedia
2014-03-18 09:44 - 2014-03-18 09:44 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\WinPatrol
2014-03-18 09:40 - 2014-03-18 13:50 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Adobe
2014-03-18 09:40 - 2014-03-18 09:40 - 00087336 _____ () C:\Users\TEMP.Michael-PC.001\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 09:40 - 2014-03-18 09:40 - 00001419 _____ () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 09:40 - 2014-03-18 09:40 - 00000000 ___RD () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 09:40 - 2014-03-18 09:40 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Intel Corporation
2014-03-18 09:39 - 2014-03-20 02:25 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001
2014-03-18 09:39 - 2014-03-18 09:41 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 09:39 - 2014-03-18 09:40 - 00000000 ___RD () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 09:39 - 2014-03-18 09:39 - 00000020 ___SH () C:\Users\TEMP.Michael-PC.001\ntuser.ini
2014-03-18 09:39 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Intel
2014-03-18 09:39 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\VirtualStore
2014-03-18 09:39 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\offsync
2014-03-18 09:39 - 2013-11-26 11:37 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\Power2Go
2014-03-18 09:39 - 2012-09-17 18:37 - 00000000 ___RD () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-18 09:39 - 2012-09-17 18:37 - 00000000 ___RD () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-18 09:39 - 2012-04-06 11:58 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\Microsoft Help
2014-03-18 06:42 - 2014-03-18 06:42 - 00003608 ____N () C:\bootsqm.dat
2014-03-18 03:23 - 2014-03-18 03:35 - 00000000 ____D () C:\Users\TEMP.Michael-PC.000
2014-03-18 03:09 - 2014-03-18 03:09 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\WinPatrol
2014-03-18 03:04 - 2014-03-18 03:04 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Macromedia
2014-03-18 03:03 - 2014-03-18 03:03 - 00087336 _____ () C:\Users\TEMP.Michael-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 03:03 - 2014-03-18 03:03 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Intel Corporation
2014-03-18 03:02 - 2014-03-18 03:03 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 03:02 - 2014-03-18 03:02 - 00001419 _____ () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 03:02 - 2014-03-18 03:02 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Adobe
2014-03-18 03:01 - 2014-03-18 03:03 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 03:01 - 2014-03-18 03:02 - 00000000 ____D () C:\Users\TEMP.Michael-PC
2014-03-18 03:01 - 2014-03-18 03:01 - 00000020 ___SH () C:\Users\TEMP.Michael-PC\ntuser.ini
2014-03-18 03:01 - 2014-03-18 03:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Intel
2014-03-18 03:01 - 2014-03-18 03:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\VirtualStore
2014-03-18 03:01 - 2014-03-18 03:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\offsync
2014-03-18 03:01 - 2013-11-26 11:37 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\Power2Go
2014-03-18 03:01 - 2012-09-17 18:37 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-18 03:01 - 2012-09-17 18:37 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-18 03:01 - 2012-04-06 11:58 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\Microsoft Help
2014-02-21 14:29 - 2014-02-21 14:29 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-02-20 23:55 - 2014-02-20 23:55 - 00001964 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-02-20 23:55 - 2014-02-20 23:55 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-20 23:55 - 2014-02-20 23:55 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-02-20 23:55 - 2014-02-18 20:54 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll
2014-02-20 23:55 - 2014-02-18 20:54 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll
2014-02-20 22:36 - 2014-02-20 22:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-21 19:19 - 2014-03-21 19:19 - 00014573 _____ () C:\Users\TEMP.Michael-PC.001\Desktop\FRST.txt
2014-03-21 19:19 - 2014-03-21 19:16 - 00000000 ____D () C:\FRST
2014-03-21 19:16 - 2014-03-20 02:20 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\Documents\Outlook Files
2014-03-21 19:06 - 2014-03-21 19:06 - 02157056 _____ (Farbar) C:\Users\TEMP.Michael-PC.001\Desktop\FRST64.exe
2014-03-21 18:58 - 2012-02-17 03:13 - 01902461 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 18:41 - 2013-04-01 02:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 22:02 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 22:02 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 03:04 - 2014-03-20 03:03 - 00001153 _____ () C:\Users\TEMP.Michael-PC.001\Desktop\desktoptools.lnk
2014-03-20 03:04 - 2014-03-20 03:02 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\Workspace
2014-03-20 03:03 - 2014-03-20 03:03 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Workspace
2014-03-20 03:02 - 2014-03-20 03:02 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Mozilla
2014-03-20 02:25 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001
2014-03-20 01:46 - 2014-03-20 01:46 - 00021304 _____ () C:\Users\TEMP.Michael-PC.001\Desktop\attach.txt
2014-03-20 01:46 - 2014-03-20 01:46 - 00020125 _____ () C:\Users\TEMP.Michael-PC.001\Desktop\dds.txt
2014-03-20 01:39 - 2014-03-20 01:39 - 00688992 ____R (Swearware) C:\Users\TEMP.Michael-PC.001\Desktop\dds.com
2014-03-20 01:38 - 2014-03-20 01:38 - 00688992 _____ (Swearware) C:\Users\Michael\Desktop\dds.com
2014-03-20 01:35 - 2014-03-20 01:35 - 00688992 _____ (Swearware) C:\Users\TEMP.Michael-PC.001\Downloads\dds.com
2014-03-18 13:50 - 2014-03-18 13:50 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\Adobe
2014-03-18 13:50 - 2014-03-18 09:40 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Adobe
2014-03-18 10:20 - 2014-03-18 10:20 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Macromedia
2014-03-18 09:44 - 2014-03-18 09:44 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\WinPatrol
2014-03-18 09:41 - 2014-03-18 09:39 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 09:41 - 2013-04-01 02:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-18 09:41 - 2012-11-13 20:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 09:41 - 2012-11-13 20:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 09:40 - 2014-03-18 09:40 - 00087336 _____ () C:\Users\TEMP.Michael-PC.001\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 09:40 - 2014-03-18 09:40 - 00001419 _____ () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 09:40 - 2014-03-18 09:40 - 00000000 ___RD () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 09:40 - 2014-03-18 09:40 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Intel Corporation
2014-03-18 09:40 - 2014-03-18 09:39 - 00000000 ___RD () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 09:40 - 2012-06-28 12:18 - 00003348 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2574172027-3284400276-4226840274-1001
2014-03-18 09:40 - 2012-06-28 12:18 - 00003218 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2574172027-3284400276-4226840274-1001
2014-03-18 09:39 - 2014-03-18 09:39 - 00000020 ___SH () C:\Users\TEMP.Michael-PC.001\ntuser.ini
2014-03-18 09:39 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Roaming\Intel
2014-03-18 09:39 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\VirtualStore
2014-03-18 09:39 - 2014-03-18 09:39 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001\AppData\Local\offsync
2014-03-18 09:39 - 2012-04-01 01:21 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-03-18 06:49 - 2009-07-13 22:13 - 00794418 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 06:43 - 2012-11-30 18:27 - 00064677 _____ () C:\Windows\setupact.log
2014-03-18 06:43 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 06:42 - 2014-03-18 06:42 - 00003608 ____N () C:\bootsqm.dat
2014-03-18 03:35 - 2014-03-18 03:23 - 00000000 ____D () C:\Users\TEMP.Michael-PC.000
2014-03-18 03:09 - 2014-03-18 03:09 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\WinPatrol
2014-03-18 03:04 - 2014-03-18 03:04 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Macromedia
2014-03-18 03:03 - 2014-03-18 03:03 - 00087336 _____ () C:\Users\TEMP.Michael-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 03:03 - 2014-03-18 03:03 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Intel Corporation
2014-03-18 03:03 - 2014-03-18 03:02 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 03:03 - 2014-03-18 03:01 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 03:03 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-18 03:02 - 2014-03-18 03:02 - 00001419 _____ () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 03:02 - 2014-03-18 03:02 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Adobe
2014-03-18 03:02 - 2014-03-18 03:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC
2014-03-18 03:01 - 2014-03-18 03:01 - 00000020 ___SH () C:\Users\TEMP.Michael-PC\ntuser.ini
2014-03-18 03:01 - 2014-03-18 03:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Intel
2014-03-18 03:01 - 2014-03-18 03:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\VirtualStore
2014-03-18 03:01 - 2014-03-18 03:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\offsync
2014-03-18 01:49 - 2013-12-20 04:07 - 00000000 ____D () C:\Users\Michael\Downloads\Tokyo.Story.1953.Criterion.Collection.720p.BluRay.x264-PublicHD
2014-03-18 01:49 - 2013-03-14 14:16 - 00000000 ____D () C:\Users\Michael\AppData\Local\Workspace
2014-03-18 01:49 - 2012-11-02 12:56 - 00000000 ____D () C:\Users\Michael\Desktop\FB
2014-03-18 01:49 - 2012-07-06 03:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Citrix
2014-03-18 01:49 - 2012-04-05 14:54 - 00000000 ____D () C:\Users\Michael\Desktop\Ricoh
2014-03-18 01:49 - 2012-04-05 14:54 - 00000000 ____D () C:\Users\Michael\Desktop\PNTTEMPL
2014-03-18 01:49 - 2012-04-05 14:54 - 00000000 ____D () C:\Users\Michael\Desktop\PNTDATA
2014-03-18 01:49 - 2012-04-03 22:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Help
2014-03-18 01:49 - 2012-04-01 01:20 - 00000000 ____D () C:\Users\Michael
2014-03-18 01:49 - 2012-02-17 03:30 - 00000000 ____D () C:\ProgramData\P4G
2014-03-18 01:49 - 2011-10-18 10:32 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-18 01:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing
2014-03-18 01:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-18 01:48 - 2012-04-25 15:27 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-18 01:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-03-18 01:47 - 2013-02-08 15:03 - 00000000 ____D () C:\Users\Michael\AppData\Local\Mozilla
2014-03-18 01:47 - 2012-11-17 00:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\SlimWare Utilities Inc
2014-03-18 01:44 - 2012-09-22 15:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Games
2014-03-18 01:44 - 2012-07-16 09:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-18 01:44 - 2012-06-28 12:11 - 00000000 ____D () C:\ProgramData\Real
2014-03-18 01:44 - 2012-04-04 16:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-03-18 01:44 - 2012-04-01 14:16 - 00000000 ____D () C:\Users\Michael\AppData\Local\ASUS
2014-03-18 01:44 - 2012-04-01 01:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\2.0
2014-03-17 02:10 - 2012-04-04 13:51 - 00000000 ____D () C:\Users\Michael\Documents\Outlook Files
2014-03-15 14:58 - 2012-12-09 00:29 - 00000000 ____D () C:\Users\Michael\Desktop\Bible study
2014-03-12 15:20 - 2013-06-04 16:31 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Nitro PDF
2014-03-05 00:19 - 2012-11-19 17:35 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-03-02 22:02 - 2012-11-19 17:38 - 00000000 ___RD () C:\Users\Michael\Dropbox
2014-02-23 12:48 - 2012-11-05 18:05 - 00002011 _____ () C:\Users\Michael\Desktop\scan foler.lnk
2014-02-23 12:08 - 2013-10-23 14:08 - 00000000 ____D () C:\Users\Michael\Desktop\malena
2014-02-23 12:04 - 2013-05-18 02:04 - 00000000 ____D () C:\Users\Michael\Desktop\MCA pics
2014-02-22 22:57 - 2013-02-08 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-22 22:57 - 2012-12-13 04:50 - 00023962 _____ () C:\Windows\PFRO.log
2014-02-21 14:29 - 2014-02-21 14:29 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-02-21 00:22 - 2011-10-18 10:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-20 23:55 - 2014-02-20 23:55 - 00001964 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-02-20 23:55 - 2014-02-20 23:55 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-20 23:55 - 2014-02-20 23:55 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-02-20 23:53 - 2012-04-09 11:26 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Downloaded Installations
2014-02-20 22:37 - 2014-02-20 22:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-19 19:55 - 2013-06-04 13:57 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PrimoPDF

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\temp\G2MInstallerExtractor.exe
C:\Users\Michael\AppData\Local\temp\install_flashplayer12x32_mssa_aaa_aih.exe
C:\Users\Michael\AppData\Local\temp\install_reader11_en_gtba_chra_dy_aaa_aih.exe
C:\Users\Michael\AppData\Local\temp\JREInstall??.exe
C:\Users\Michael\AppData\Local\temp\nitro_pro8_x64(1).exe
C:\Users\Michael\AppData\Local\temp\nitro_pro8_x64.exe
C:\Users\Michael\AppData\Local\temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-10 13:06

==================== End Of Log ============================

 

 

 

ADDITION log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Michael at 2014-03-21 19:19:34
Running from C:\Users\TEMP.Michael-PC.001\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS U Series ScreenSaver (HKLM-x32\...\ASUS U Series ScreenSaver) (Version: 1.0.0002 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Best Buy Connect (HKLM-x32\...\{B435FD87-CA14-45E3-9D0B-A30F1F9F3866}) (Version: 3.00.68 - Best Buy)
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E581F27C-B798-42D8-9BD1-0A469A2C97AE}) (Version:  - Microsoft)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}) (Version: 3.0.119.1 - Fresco Logic Inc.)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel® WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0219.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{BAC19554-0CF9-45B8-A920-88D0D680FDB2}) (Version: 9.0.6.20 - Nitro)
Point 7.2 (HKLM-x32\...\{DD68AE74-98BA-4ABE-B11E-30F39206ECE8}) (Version: 7.2.1146 - Calyx Software)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{DD350F3A-3620-4185-A5E2-88A6437C8415}) (Version: 2.2.24428 - SlimWare Utilities, Inc.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D7D96A96-F61F-48AD-B2DC-4F4B6938D2AB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2B7EA7DF-B822-4C58-B90A-961B6BAF454B}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinPatrol (HKLM\...\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}) (Version: 25.6.2012.1 - BillP Studios)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Workspace Desktop (HKCU\...\workspacedesktop) (Version:  - Starfield Technologies)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

15-02-2014 08:40:02 Windows Update
19-02-2014 05:59:21 Windows Update
21-02-2014 06:54:04 Installed Nitro Pro 9
21-02-2014 07:17:27 Removed Adobe Reader XI (11.0.05).
23-02-2014 04:44:30 Windows Update
26-02-2014 09:29:31 Windows Update
02-03-2014 01:43:05 Windows Update
05-03-2014 07:30:35 Windows Update
08-03-2014 22:49:54 Windows Update
12-03-2014 00:06:41 Windows Update
15-03-2014 04:21:34 Windows Update
18-03-2014 08:13:59 Restore Operation
18-03-2014 10:12:00 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2012-09-22 16:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1C2D54F7-F390-4802-9E53-D2864243F0AD} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-11] ()
Task: {210ECBB0-2E03-4087-823F-C2E1DDC0F3A3} - System32\Tasks\task21862432 => C:\Users\Michael\AppData\Local\Temp\0.5420292355127139.exe <==== ATTENTION
Task: {271F8BE6-03EE-4121-A54C-3C49E6BFC12B} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {85F9745F-738A-4382-A278-DB1539A9F1A0} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2574172027-3284400276-4226840274-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {A439CC3C-C30D-4C8C-9498-388CB213B805} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {ABA252D2-A59A-496A-B874-AC0DC7538BDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18] (Adobe Systems Incorporated)
Task: {AF702946-DEC1-49F4-879F-CF1E4B894C27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {C9B90F09-351C-40D6-B169-B14681E26F5C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {D481BCCB-709C-4ACF-8B3C-726CCFA601EE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2574172027-3284400276-4226840274-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {E7635C78-E89B-482A-AEB8-938F520CB327} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-06-04 13:56 - 2011-02-28 15:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-02 20:21 - 2008-10-01 00:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-05-11 18:35 - 2010-05-11 18:35 - 00489392 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2011-05-02 14:41 - 2011-05-02 14:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-15 01:14 - 2011-01-26 17:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-23 17:53 - 2010-09-23 17:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-08-11 20:52 - 2010-08-11 20:52 - 00060928 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
2012-11-17 02:16 - 1999-12-31 17:00 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-09-23 21:29 - 2012-06-20 14:23 - 00599419 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2010-08-20 10:57 - 2010-08-20 10:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 10:57 - 2010-08-20 10:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-12-20 23:04 - 2013-12-20 23:04 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2011-02-18 10:04 - 2011-02-18 10:04 - 00196448 _____ () C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-10-20 16:08 - 2010-10-20 16:08 - 00122720 _____ () C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============

Name: Fresco Logic xHCI (USB3) Controller FL1000 Series
Description: Fresco Logic xHCI (USB3) Controller FL1000 Series
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Fresco Logic
Service: FLxHCIc
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2014 09:39:43 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/18/2014 09:39:43 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/18/2014 03:35:57 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP.Michael-PC.000. This error may be caused by files in this directory being used by another program.

 DETAIL - The directory is not empty.

Error: (03/18/2014 03:23:44 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/18/2014 03:23:44 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/18/2014 03:12:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {00f45542-afec-4762-91ae-15d5f9545c8a}

Error: (03/18/2014 03:01:27 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/18/2014 03:01:27 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/18/2014 01:34:48 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/18/2014 01:34:48 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

System errors:
=============
Error: (03/18/2014 03:01:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (03/18/2014 01:59:35 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 01:58:22 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 01:56:32 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 01:55:19 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 01:53:19 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 01:34:34 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (03/18/2014 01:33:04 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 01:33:03 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 01:33:02 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Microsoft Office Sessions:
=========================
Error: (03/18/2014 09:39:43 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 09:39:43 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 03:35:57 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: C:\Users\TEMP.Michael-PC.000The directory is not empty.

Error: (03/18/2014 03:23:44 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 03:23:44 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 03:12:00 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {00f45542-afec-4762-91ae-15d5f9545c8a}

Error: (03/18/2014 03:01:27 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 03:01:27 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 01:34:48 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 01:34:48 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

CodeIntegrity Errors:
===================================
  Date: 2012-09-22 16:04:18.681
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-22 16:04:18.655
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-22 16:04:18.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-22 16:04:18.603
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-18 04:09:38.033
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-18 04:09:38.002
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8102.76 MB
Available physical RAM: 5123.8 MB
Total Pagefile: 16203.7 MB
Available Pagefile: 12494.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:673.62 GB) (Free:513.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E3102A4B)

Partition: GPT Partition Type.

==================== End Of Log ============================



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 21 March 2014 - 08:50 PM

Hi Michael,

Can you tell me if the User Profile that seems to be corrupted is C:\Users\Michael?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 nyseman

nyseman
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 21 March 2014 - 09:13 PM

I believe that is what the problem is. I have tried to restore back to a
previous restore point but it still keeps booting into a temporary
profile.  I can access all my data under users/Michael, but I can't get
that profile up and running. I copied over my outlook files to the temp
profile and that seems to work since I can access my data. But I would have to reset all of my emails, etc. Also, not sure how to fix the corruption, create new profile, etc.

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 21 March 2014 - 09:37 PM

Hi Michael,

Thanks for the information. Here is what we are going to do next.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Task: {210ECBB0-2E03-4087-823F-C2E1DDC0F3A3} - System32\Tasks\task21862432 => C:\Users\Michael\AppData\Local\Temp\0.5420292355127139.exe <==== ATTENTION
C:\Users\Michael\AppData\Local\Temp\0.5420292355127139.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

GrantPerms by Farbar

--------------------
  • Download Grantperms (32 bit systems) or Grantperms64 (64 bit systems) and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\users

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document.
  • A copy of Perms.txt will be saved in the same directory the tool is run.
===================================================

Creating a New User Profile Windows 7/Vista

--------------
  • Click Start, Control Panel, then User Accounts
  • Click Manage Another Account
  • Type a new account name you want to use then click Next
  • Select Computer administrator then click Create Account
  • Click Start, click the arrow to the right of Shut Down, and click Switch user
  • Click Start, Control Panel, then User Accounts
  • Click Manage Another Account
  • Type Temp then click Next
  • Select Computer administrator then click Create Account
  • Close the User Accounts window
  • Reboot your computer and log in as Temp
  • Click Start, Control Panel, then Folder Options
  • Click View, place a checkmark next to Show hidden files and folders, and uncheck Hide protected operating system files
  • Click OK
  • Using Windows Explorer navigate to C:\Users\Michael
  • Holding down the Ctrl key, left click each entry in the folder EXCEPT for the following, if they exist:

Ntuser.dat
Ntuser.dat.log
Ntuser.ini

  • Right click and select Copy
  • Left click on the new user account name you created (not Temp)
  • Right click on the screen to the right and select Paste
  • Close any open windows, reboot your computer, and log into the new user name
  • Check to see if your computer is working properly
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • GrantPerms log
  • Does your new User Profile work properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 nyseman

nyseman
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 22 March 2014 - 02:45 AM

Gary,

 

I seemed to have successfully transferred everything over to a new profile and my desktop icons are appearing as they used to.  However my outlook seems like it is starting anew.  I know the files are there and will load (I've done that part before), but I had several emails set up that probably won't be there.  Is there any way to salvage the old set up? If not I will have to recreate all the emails and custom signatures--not too bad, but time consuming. 

 

Regarding the logs, when I rebooted the machine after creating the new profile, everything on the desktop disappeared.  I tried going in the old user/temp folders, but there was nothing in them. Should I re-run the programs to generate the logs? Please advise.  Thanks.

 

Michael



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 22 March 2014 - 07:42 AM

Hi Michael,

We will address the Outlook issue but I prefer to make sure we are all set with everything else before manipulating that program and/or files. You can skip GrantPerms as it has obviously worked but please rerun Farbar Recovery Scan Tool, making sure to place a check mark in Addition.txt. Are you noticing any other issues besides Outlook?

Edited by Oh My, 22 March 2014 - 07:51 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 nyseman

nyseman
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 22 March 2014 - 09:30 AM

Hi Gary,

 

Thanks for your response. Some of my browsing seems a little slow-- logging into my T-mobile site seemed like it took a while to recognize my password and load (about 15 seconds).  Here are the scan logs:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by MWA (administrator) on MICHAEL-PC on 22-03-2014 06:23:32
Running from C:\Users\MWA\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-02] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel® Corporation)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [363752 2012-09-19] (BillP Studios)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [FLxHCIm] - C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [43008 2011-04-08] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [363752 2012-09-19] (BillP Studios)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MWA\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A71AC8DBA45CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2014-02-18] (Nitro PDF Software)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15712 2012-11-17] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-22 06:23 - 2014-03-22 06:23 - 00013583 _____ () C:\Users\MWA\Desktop\FRST.txt
2014-03-22 06:21 - 2014-03-22 06:21 - 02157056 _____ (Farbar) C:\Users\MWA\Desktop\FRST64.exe
2014-03-22 06:19 - 2014-03-22 06:19 - 00000212 _____ () C:\Users\MWA\Desktop\fixlist.txt
2014-03-22 02:31 - 2014-02-03 18:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-22 02:31 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-22 02:21 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-03-22 02:21 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-03-22 02:21 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-03-22 02:21 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-03-22 02:02 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-22 02:02 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-22 01:23 - 2014-02-03 18:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-22 01:23 - 2014-02-03 18:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-22 01:23 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-22 01:23 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-22 01:23 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-22 01:23 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-22 01:23 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-22 01:23 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-22 01:23 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-03-22 01:23 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-22 01:23 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-22 01:23 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-22 01:19 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-22 01:19 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-22 01:19 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-22 01:19 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-22 01:19 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-22 00:29 - 2014-03-22 02:41 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\WinPatrol
2014-03-22 00:26 - 2014-03-22 00:26 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\Macromedia
2014-03-22 00:08 - 2014-03-22 00:08 - 00000000 ____D () C:\Users\MWA\Downloads\Tokyo.Story.1953.Criterion.Collection.720p.BluRay.x264-PublicHD
2014-03-22 00:08 - 2014-03-22 00:08 - 00000000 ____D () C:\Users\MWA\Desktop\whatsapp video
2014-03-22 00:08 - 2014-03-22 00:08 - 00000000 ____D () C:\Users\MWA\Desktop\Toyota Rav4
2014-03-22 00:08 - 2013-12-02 22:21 - 33194163 _____ () C:\Users\MWA\Downloads\PJ-5.mp4
2014-03-22 00:08 - 2013-12-01 01:59 - 00411689 _____ () C:\Users\MWA\Downloads\contacts.csv
2014-03-22 00:08 - 2013-10-28 00:15 - 23478616 _____ (Hewlett-Packard Company ) C:\Users\MWA\Downloads\sp57538.exe
2014-03-22 00:08 - 2013-10-23 01:04 - 64055080 _____ (Nitro PDF Software) C:\Users\MWA\Downloads\nitro_pro9_x64.exe
2014-03-22 00:08 - 2012-11-13 19:06 - 00697272 _____ (Adobe Systems Incorporated) C:\Users\MWA\Downloads\uninstall_flash_player.exe
2014-03-22 00:08 - 2012-09-18 00:04 - 00139264 _____ () C:\Users\MWA\Downloads\SystemLook.exe
2014-03-22 00:08 - 2012-08-07 18:01 - 00000528 _____ () C:\Users\MWA\Downloads\facebook-php-sdk-v3.1.1-29-gd41049c.zip
2014-03-22 00:08 - 2012-08-07 17:53 - 00017982 _____ () C:\Users\MWA\Downloads\newfbapp.zip
2014-03-22 00:08 - 2012-07-16 08:22 - 00946352 _____ (Skype Technologies S.A.) C:\Users\MWA\Downloads\SkypeSetup.exe
2014-03-22 00:07 - 2014-03-22 00:08 - 00000000 ____D () C:\Users\MWA\Desktop\Todd
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\Thailand real estate
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\temp pdf conversion
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\TAXES
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\Short Sale marketing
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\Ricoh
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\PNTTEMPL
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\PNTDATA
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\OFF-MARKET
2014-03-22 00:06 - 2014-03-22 00:06 - 00000000 ____D () C:\Users\MWA\Desktop\Money Arbitrage Blueprint
2014-03-22 00:06 - 2014-03-22 00:06 - 00000000 ____D () C:\Users\MWA\Desktop\MCA pics
2014-03-22 00:06 - 2014-03-22 00:06 - 00000000 ____D () C:\Users\MWA\Desktop\Master Lease Option
2014-03-22 00:05 - 2014-03-22 02:35 - 00000000 ____D () C:\Users\MWA\Desktop\Bible study
2014-03-22 00:05 - 2014-03-22 00:06 - 00000000 ____D () C:\Users\MWA\Desktop\Management forms
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\malena
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\Great Wealth Transfer - Success Council
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\FB
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\Child support
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\CDPE
2014-03-22 00:05 - 2014-03-20 00:38 - 00688992 _____ (Swearware) C:\Users\MWA\Desktop\dds.com
2014-03-22 00:05 - 2014-02-23 11:48 - 00002011 _____ () C:\Users\MWA\Desktop\scan foler.lnk
2014-03-22 00:05 - 2014-01-10 17:17 - 00001029 _____ () C:\Users\MWA\Desktop\Dropbox.lnk
2014-03-22 00:05 - 2013-10-30 04:02 - 39942099 _____ () C:\Users\MWA\Desktop\PJ-2.mp4
2014-03-22 00:05 - 2013-10-14 02:46 - 00000267 _____ () C:\Users\MWA\Desktop\ncnd mfa for off-market international real estate - Google Search.url
2014-03-22 00:05 - 2013-05-23 10:12 - 00048720 _____ () C:\Users\MWA\Desktop\609 VDO Presentation.wlmp
2014-03-22 00:05 - 2013-04-23 11:49 - 00002629 _____ () C:\Users\MWA\Desktop\NCND MFA Master Global Assets Advisors 11 19 10 pdf free ebook download from globalassetsadvisors.com.url
2014-03-22 00:05 - 2013-02-24 00:23 - 00094318 _____ () C:\Users\MWA\Desktop\Point contacts.prv
2014-03-22 00:05 - 2013-02-23 20:03 - 00017920 _____ () C:\Users\MWA\Desktop\Point contacts.xlsx
2014-03-22 00:05 - 2013-02-06 02:19 - 00014005 _____ () C:\Users\MWA\Desktop\Accounting-Kristy.xlsx
2014-03-22 00:05 - 2013-01-03 23:05 - 00017795 _____ () C:\Users\MWA\Desktop\Coach price conversion to THB.xlsx
2014-03-22 00:05 - 2012-11-26 15:54 - 265011572 _____ () C:\Users\MWA\Desktop\reg backup.reg
2014-03-22 00:05 - 2012-11-24 22:49 - 00347918 _____ () C:\Users\MWA\Desktop\contacts.CSV
2014-03-22 00:05 - 2012-11-17 11:55 - 00448512 _____ (OldTimer Tools) C:\Users\MWA\Desktop\TFC.exe
2014-03-22 00:05 - 2012-11-06 02:33 - 00011857 _____ () C:\Users\MWA\Desktop\goals-revenue -st mt lt.xlsx
2014-03-22 00:05 - 2012-11-05 23:50 - 00000216 _____ () C:\Users\MWA\Desktop\http--www.theapartmentconsultant.com-Partnership.php.url
2014-03-22 00:05 - 2012-10-10 09:30 - 00001975 _____ () C:\Users\MWA\Desktop\Update Checker.lnk
2014-03-22 00:05 - 2012-09-05 15:07 - 00003185 _____ () C:\Users\MWA\Desktop\2008 expense ledger.csv
2014-03-22 00:05 - 2012-07-19 09:22 - 00014694 _____ () C:\Users\MWA\Desktop\Kristy voice-sewadika Michael!.amr
2014-03-21 23:31 - 2014-03-21 23:40 - 00000000 ____D () C:\Users\MWA\Documents\Outlook Files
2014-03-21 23:20 - 2014-03-21 23:20 - 00000000 __SHD () C:\Users\MWA\Documents\cache
2014-03-21 23:20 - 2014-03-21 23:20 - 00000000 ____D () C:\Users\MWA\Documents\My Data Files
2014-03-21 23:20 - 2014-03-21 23:20 - 00000000 ____D () C:\Users\MWA\Documents\eFax Messenger 4.4
2014-03-21 23:20 - 2014-03-21 23:20 - 00000000 ____D () C:\Users\MWA\Documents\ASUS
2014-03-21 23:20 - 2013-04-16 13:40 - 00450456 _____ () C:\Users\MWA\Documents\workspaceinstall.log
2014-03-21 23:20 - 2013-04-16 13:40 - 00046459 _____ () C:\Users\MWA\Documents\WorkspaceUpdate.log
2014-03-21 23:20 - 2013-03-14 15:17 - 00000332 _____ () C:\Users\MWA\Documents\desktoptools.log
2014-03-21 23:20 - 2013-02-12 20:14 - 00000000 ____H () C:\Users\MWA\Documents\Default.rdp
2014-03-21 23:20 - 2012-12-15 09:30 - 00042135 _____ () C:\Users\MWA\Documents\SR Week 1 December 15.odt
2014-03-21 23:20 - 2012-10-03 21:51 - 00102553 _____ () C:\Users\MWA\Documents\WELLS-FS-activity 3-1-11 thru 9-28-12.csv
2014-03-21 23:19 - 2014-03-21 23:20 - 00000000 ___RD () C:\Users\MWA\Dropbox
2014-03-21 23:19 - 2014-03-21 23:19 - 00000000 ____D () C:\Users\MWA\ZipForm
2014-03-21 23:19 - 2014-03-21 23:19 - 00000000 ____D () C:\Users\MWA\DoctorWeb
2014-03-21 23:19 - 2013-09-25 22:37 - 00000000 ____D () C:\Users\MWA\Monster
2014-03-21 23:19 - 2013-01-30 09:55 - 00060864 _____ () C:\Users\MWA\g2mdlhlpx.exe
2014-03-21 23:19 - 2012-05-24 12:22 - 00000088 _____ () C:\Users\MWA\.java.policy
2014-03-21 23:03 - 2014-03-21 23:03 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Intel Corporation
2014-03-21 23:02 - 2014-03-21 23:02 - 00087336 _____ () C:\Users\Temp.Michael-PC.002\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-21 23:02 - 2014-03-21 23:02 - 00001419 _____ () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 23:02 - 2014-03-21 23:02 - 00000020 ___SH () C:\Users\Temp.Michael-PC.002\ntuser.ini
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ___RD () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ___RD () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Intel
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Adobe
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Local\VirtualStore
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Local\offsync
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002
2014-03-21 23:02 - 2013-11-26 10:37 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Local\Power2Go
2014-03-21 23:02 - 2012-09-17 17:37 - 00000000 ___RD () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-21 23:02 - 2012-09-17 17:37 - 00000000 ___RD () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-21 23:02 - 2012-04-06 10:58 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Local\Microsoft Help
2014-03-21 22:51 - 2014-03-21 23:19 - 00000000 ____D () C:\Users\MWA
2014-03-21 22:51 - 2014-03-21 22:51 - 00087336 _____ () C:\Users\MWA\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-21 22:51 - 2014-03-21 22:51 - 00001419 _____ () C:\Users\MWA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 22:51 - 2014-03-21 22:51 - 00000020 ___SH () C:\Users\MWA\ntuser.ini
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ___RD () C:\Users\MWA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ___RD () C:\Users\MWA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\Intel Corporation
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\Intel
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\Adobe
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Local\VirtualStore
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Local\offsync
2014-03-21 22:51 - 2013-11-26 10:37 - 00000000 ____D () C:\Users\MWA\AppData\Local\Power2Go
2014-03-21 22:51 - 2012-09-17 17:37 - 00000000 ___RD () C:\Users\MWA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-21 22:51 - 2012-09-17 17:37 - 00000000 ___RD () C:\Users\MWA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-21 22:51 - 2012-04-06 10:58 - 00000000 ____D () C:\Users\MWA\AppData\Local\Microsoft Help
2014-03-21 18:16 - 2014-03-22 06:23 - 00000000 ____D () C:\FRST
2014-03-20 00:38 - 2014-03-20 00:38 - 00688992 _____ (Swearware) C:\Users\Michael\Desktop\dds.com
2014-03-18 08:39 - 2014-03-21 23:00 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001
2014-03-18 08:39 - 2014-03-18 08:41 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 05:42 - 2014-03-18 05:42 - 00003608 ____N () C:\bootsqm.dat
2014-03-18 02:23 - 2014-03-18 02:35 - 00000000 ____D () C:\Users\TEMP.Michael-PC.000
2014-03-18 02:09 - 2014-03-18 02:09 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\WinPatrol
2014-03-18 02:04 - 2014-03-18 02:04 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Macromedia
2014-03-18 02:03 - 2014-03-18 02:03 - 00087336 _____ () C:\Users\TEMP.Michael-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 02:03 - 2014-03-18 02:03 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Intel Corporation
2014-03-18 02:02 - 2014-03-18 02:03 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 02:02 - 2014-03-18 02:02 - 00001419 _____ () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 02:02 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Adobe
2014-03-18 02:01 - 2014-03-18 02:03 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 02:01 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\TEMP.Michael-PC
2014-03-18 02:01 - 2014-03-18 02:01 - 00000020 ___SH () C:\Users\TEMP.Michael-PC\ntuser.ini
2014-03-18 02:01 - 2014-03-18 02:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Intel
2014-03-18 02:01 - 2014-03-18 02:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\VirtualStore
2014-03-18 02:01 - 2014-03-18 02:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\offsync
2014-03-18 02:01 - 2013-11-26 10:37 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\Power2Go
2014-03-18 02:01 - 2012-09-17 17:37 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-18 02:01 - 2012-09-17 17:37 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-18 02:01 - 2012-04-06 10:58 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\Microsoft Help
2014-03-18 00:16 - 2014-02-28 22:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 00:16 - 2014-02-28 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 00:16 - 2014-02-28 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 00:16 - 2014-02-28 20:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 00:16 - 2014-02-28 20:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 00:16 - 2014-02-28 20:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 00:16 - 2014-02-28 20:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 00:16 - 2014-02-28 20:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 00:16 - 2014-02-28 20:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 00:16 - 2014-02-28 20:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 00:16 - 2014-02-28 20:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 00:16 - 2014-02-28 20:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 00:16 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-18 00:16 - 2014-02-28 20:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 00:16 - 2014-02-28 20:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 00:16 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-18 00:16 - 2014-02-28 20:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 00:16 - 2014-02-28 19:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 00:16 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 00:16 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 00:16 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 00:16 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 00:16 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 00:16 - 2014-02-28 19:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 00:16 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 00:16 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 00:16 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 00:16 - 2014-02-28 19:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 00:16 - 2014-02-28 19:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 00:16 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 00:16 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 00:16 - 2014-02-28 19:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 00:16 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 00:16 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 00:16 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 00:16 - 2014-02-28 18:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 00:16 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 00:16 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 00:16 - 2014-02-28 18:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 00:16 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 00:16 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-18 00:16 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-18 00:16 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-18 00:16 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-18 00:16 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-18 00:16 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-18 00:16 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-18 00:16 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-18 00:16 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-18 00:16 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-18 00:16 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-18 00:16 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-18 00:16 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-18 00:16 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-18 00:16 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-18 00:16 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-18 00:16 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-18 00:16 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-18 00:16 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-18 00:16 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-18 00:16 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-18 00:16 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-18 00:16 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-18 00:16 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-18 00:16 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-18 00:16 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-18 00:16 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-18 00:16 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-18 00:16 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-18 00:16 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-18 00:16 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-18 00:16 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-18 00:16 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-18 00:16 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-18 00:16 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-18 00:16 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-18 00:16 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-18 00:16 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-18 00:16 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-18 00:16 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-18 00:16 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-18 00:16 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-18 00:15 - 2014-02-06 17:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 00:15 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 00:15 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 00:15 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-18 00:15 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-18 00:15 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-18 00:15 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-18 00:15 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-18 00:15 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-18 00:15 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-18 00:15 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-03-18 00:15 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-03-18 00:15 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-18 00:15 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-03-18 00:15 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-18 00:15 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-03-18 00:14 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-18 00:14 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-18 00:14 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-18 00:14 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-18 00:14 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-18 00:10 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-18 00:10 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-18 00:10 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-18 00:10 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-18 00:10 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-18 00:10 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-18 00:10 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-18 00:10 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-18 00:10 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-18 00:10 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-21 13:29 - 2014-02-21 13:29 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-02-20 22:55 - 2014-02-20 22:55 - 00001964 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-02-20 22:55 - 2014-02-20 22:55 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-20 22:55 - 2014-02-20 22:55 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-02-20 22:55 - 2014-02-18 19:54 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon9.dll
2014-02-20 22:55 - 2014-02-18 19:54 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui9.dll
2014-02-20 21:36 - 2014-02-20 21:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-22 06:23 - 2014-03-22 06:23 - 00013583 _____ () C:\Users\MWA\Desktop\FRST.txt
2014-03-22 06:23 - 2014-03-21 18:16 - 00000000 ____D () C:\FRST
2014-03-22 06:21 - 2014-03-22 06:21 - 02157056 _____ (Farbar) C:\Users\MWA\Desktop\FRST64.exe
2014-03-22 06:19 - 2014-03-22 06:19 - 00000212 _____ () C:\Users\MWA\Desktop\fixlist.txt
2014-03-22 05:46 - 2013-04-01 01:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 05:46 - 2012-02-17 02:13 - 01634418 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 03:28 - 2012-11-30 17:27 - 00064845 _____ () C:\Windows\setupact.log
2014-03-22 03:28 - 2012-04-01 00:20 - 00000000 ____D () C:\Users\Michael
2014-03-22 03:28 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 03:28 - 2009-07-13 20:45 - 00344752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 03:27 - 2012-12-13 03:50 - 00035710 _____ () C:\Windows\PFRO.log
2014-03-22 03:27 - 2012-11-27 18:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-22 03:27 - 2012-11-27 18:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-22 02:52 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 02:41 - 2014-03-22 00:29 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\WinPatrol
2014-03-22 02:41 - 2012-04-01 00:21 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-03-22 02:35 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\Bible study
2014-03-22 02:33 - 2009-07-13 21:13 - 00794418 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 02:33 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 02:33 - 2009-07-13 20:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 02:25 - 2011-10-18 09:24 - 00788634 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-22 02:21 - 2012-04-03 21:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-22 02:16 - 2012-09-23 20:13 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-22 02:16 - 2012-09-23 20:12 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-22 02:16 - 2012-09-23 20:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-22 02:15 - 2009-07-13 18:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-22 02:06 - 2013-08-15 08:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-22 00:26 - 2014-03-22 00:26 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\Macromedia
2014-03-22 00:08 - 2014-03-22 00:08 - 00000000 ____D () C:\Users\MWA\Downloads\Tokyo.Story.1953.Criterion.Collection.720p.BluRay.x264-PublicHD
2014-03-22 00:08 - 2014-03-22 00:08 - 00000000 ____D () C:\Users\MWA\Desktop\whatsapp video
2014-03-22 00:08 - 2014-03-22 00:08 - 00000000 ____D () C:\Users\MWA\Desktop\Toyota Rav4
2014-03-22 00:08 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\Todd
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\Thailand real estate
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\temp pdf conversion
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\TAXES
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\Short Sale marketing
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\Ricoh
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\PNTTEMPL
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\PNTDATA
2014-03-22 00:07 - 2014-03-22 00:07 - 00000000 ____D () C:\Users\MWA\Desktop\OFF-MARKET
2014-03-22 00:06 - 2014-03-22 00:06 - 00000000 ____D () C:\Users\MWA\Desktop\Money Arbitrage Blueprint
2014-03-22 00:06 - 2014-03-22 00:06 - 00000000 ____D () C:\Users\MWA\Desktop\MCA pics
2014-03-22 00:06 - 2014-03-22 00:06 - 00000000 ____D () C:\Users\MWA\Desktop\Master Lease Option
2014-03-22 00:06 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\Management forms
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\malena
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\Great Wealth Transfer - Success Council
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\FB
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\Child support
2014-03-22 00:05 - 2014-03-22 00:05 - 00000000 ____D () C:\Users\MWA\Desktop\CDPE
2014-03-21 23:40 - 2014-03-21 23:31 - 00000000 ____D () C:\Users\MWA\Documents\Outlook Files
2014-03-21 23:20 - 2014-03-21 23:20 - 00000000 __SHD () C:\Users\MWA\Documents\cache
2014-03-21 23:20 - 2014-03-21 23:20 - 00000000 ____D () C:\Users\MWA\Documents\My Data Files
2014-03-21 23:20 - 2014-03-21 23:20 - 00000000 ____D () C:\Users\MWA\Documents\eFax Messenger 4.4
2014-03-21 23:20 - 2014-03-21 23:20 - 00000000 ____D () C:\Users\MWA\Documents\ASUS
2014-03-21 23:20 - 2014-03-21 23:19 - 00000000 ___RD () C:\Users\MWA\Dropbox
2014-03-21 23:19 - 2014-03-21 23:19 - 00000000 ____D () C:\Users\MWA\ZipForm
2014-03-21 23:19 - 2014-03-21 23:19 - 00000000 ____D () C:\Users\MWA\DoctorWeb
2014-03-21 23:19 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA
2014-03-21 23:03 - 2014-03-21 23:03 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Intel Corporation
2014-03-21 23:02 - 2014-03-21 23:02 - 00087336 _____ () C:\Users\Temp.Michael-PC.002\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-21 23:02 - 2014-03-21 23:02 - 00001419 _____ () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 23:02 - 2014-03-21 23:02 - 00000020 ___SH () C:\Users\Temp.Michael-PC.002\ntuser.ini
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ___RD () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ___RD () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Intel
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Roaming\Adobe
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Local\VirtualStore
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002\AppData\Local\offsync
2014-03-21 23:02 - 2014-03-21 23:02 - 00000000 ____D () C:\Users\Temp.Michael-PC.002
2014-03-21 23:00 - 2014-03-18 08:39 - 00000000 ____D () C:\Users\TEMP.Michael-PC.001
2014-03-21 22:51 - 2014-03-21 22:51 - 00087336 _____ () C:\Users\MWA\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-21 22:51 - 2014-03-21 22:51 - 00001419 _____ () C:\Users\MWA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-21 22:51 - 2014-03-21 22:51 - 00000020 ___SH () C:\Users\MWA\ntuser.ini
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ___RD () C:\Users\MWA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ___RD () C:\Users\MWA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\Intel Corporation
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\Intel
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Roaming\Adobe
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Local\VirtualStore
2014-03-21 22:51 - 2014-03-21 22:51 - 00000000 ____D () C:\Users\MWA\AppData\Local\offsync
2014-03-20 00:38 - 2014-03-22 00:05 - 00688992 _____ (Swearware) C:\Users\MWA\Desktop\dds.com
2014-03-20 00:38 - 2014-03-20 00:38 - 00688992 _____ (Swearware) C:\Users\Michael\Desktop\dds.com
2014-03-18 08:41 - 2014-03-18 08:39 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-18 08:41 - 2013-04-01 01:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-18 08:41 - 2012-11-13 19:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 08:41 - 2012-11-13 19:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 08:40 - 2012-06-28 11:18 - 00003348 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2574172027-3284400276-4226840274-1001
2014-03-18 08:40 - 2012-06-28 11:18 - 00003218 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2574172027-3284400276-4226840274-1001
2014-03-18 05:42 - 2014-03-18 05:42 - 00003608 ____N () C:\bootsqm.dat
2014-03-18 02:35 - 2014-03-18 02:23 - 00000000 ____D () C:\Users\TEMP.Michael-PC.000
2014-03-18 02:09 - 2014-03-18 02:09 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\WinPatrol
2014-03-18 02:04 - 2014-03-18 02:04 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Macromedia
2014-03-18 02:03 - 2014-03-18 02:03 - 00087336 _____ () C:\Users\TEMP.Michael-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 02:03 - 2014-03-18 02:03 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Intel Corporation
2014-03-18 02:03 - 2014-03-18 02:02 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 02:03 - 2014-03-18 02:01 - 00000000 ___RD () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 02:03 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-18 02:02 - 2014-03-18 02:02 - 00001419 _____ () C:\Users\TEMP.Michael-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 02:02 - 2014-03-18 02:02 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Adobe
2014-03-18 02:02 - 2014-03-18 02:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC
2014-03-18 02:01 - 2014-03-18 02:01 - 00000020 ___SH () C:\Users\TEMP.Michael-PC\ntuser.ini
2014-03-18 02:01 - 2014-03-18 02:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Roaming\Intel
2014-03-18 02:01 - 2014-03-18 02:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\VirtualStore
2014-03-18 02:01 - 2014-03-18 02:01 - 00000000 ____D () C:\Users\TEMP.Michael-PC\AppData\Local\offsync
2014-03-18 00:49 - 2013-12-20 03:07 - 00000000 ____D () C:\Users\Michael\Downloads\Tokyo.Story.1953.Criterion.Collection.720p.BluRay.x264-PublicHD
2014-03-18 00:49 - 2013-03-14 13:16 - 00000000 ____D () C:\Users\Michael\AppData\Local\Workspace
2014-03-18 00:49 - 2012-11-02 11:56 - 00000000 ____D () C:\Users\Michael\Desktop\FB
2014-03-18 00:49 - 2012-07-06 02:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Citrix
2014-03-18 00:49 - 2012-04-05 13:54 - 00000000 ____D () C:\Users\Michael\Desktop\Ricoh
2014-03-18 00:49 - 2012-04-05 13:54 - 00000000 ____D () C:\Users\Michael\Desktop\PNTTEMPL
2014-03-18 00:49 - 2012-04-05 13:54 - 00000000 ____D () C:\Users\Michael\Desktop\PNTDATA
2014-03-18 00:49 - 2012-04-03 21:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Help
2014-03-18 00:49 - 2012-02-17 02:30 - 00000000 ____D () C:\ProgramData\P4G
2014-03-18 00:49 - 2011-10-18 09:32 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-18 00:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
2014-03-18 00:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-18 00:48 - 2012-04-25 14:27 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-18 00:48 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-03-18 00:47 - 2013-02-08 14:03 - 00000000 ____D () C:\Users\Michael\AppData\Local\Mozilla
2014-03-18 00:47 - 2012-11-16 23:56 - 00000000 ____D () C:\Users\Michael\AppData\Local\SlimWare Utilities Inc
2014-03-18 00:44 - 2012-09-22 14:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Games
2014-03-18 00:44 - 2012-07-16 08:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-18 00:44 - 2012-06-28 11:11 - 00000000 ____D () C:\ProgramData\Real
2014-03-18 00:44 - 2012-04-04 15:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-03-18 00:44 - 2012-04-01 13:16 - 00000000 ____D () C:\Users\Michael\AppData\Local\ASUS
2014-03-18 00:44 - 2012-04-01 00:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\2.0
2014-03-17 01:10 - 2012-04-04 12:51 - 00000000 ____D () C:\Users\Michael\Documents\Outlook Files
2014-03-15 13:58 - 2012-12-08 23:29 - 00000000 ____D () C:\Users\Michael\Desktop\Bible study
2014-03-12 14:20 - 2013-06-04 15:31 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Nitro PDF
2014-03-04 23:19 - 2012-11-19 16:35 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-03-02 21:02 - 2012-11-19 16:38 - 00000000 ___RD () C:\Users\Michael\Dropbox
2014-03-02 14:05 - 2013-04-25 01:23 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-28 22:05 - 2014-03-18 00:16 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 21:17 - 2014-03-18 00:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 21:16 - 2014-03-18 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 20:58 - 2014-03-18 00:16 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 20:52 - 2014-03-18 00:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 20:51 - 2014-03-18 00:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 20:42 - 2014-03-18 00:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 20:40 - 2014-03-18 00:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 20:37 - 2014-03-18 00:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 20:33 - 2014-03-18 00:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 20:33 - 2014-03-18 00:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 20:32 - 2014-03-18 00:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 20:30 - 2014-03-18 00:16 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 20:23 - 2014-03-18 00:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 20:17 - 2014-03-18 00:16 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 20:11 - 2014-03-18 00:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 20:02 - 2014-03-18 00:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 19:54 - 2014-03-18 00:16 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 19:52 - 2014-03-18 00:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 19:51 - 2014-03-18 00:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 19:47 - 2014-03-18 00:16 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 19:43 - 2014-03-18 00:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 19:43 - 2014-03-18 00:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 19:42 - 2014-03-18 00:16 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 19:40 - 2014-03-18 00:16 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 19:38 - 2014-03-18 00:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 19:37 - 2014-03-18 00:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 19:35 - 2014-03-18 00:16 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 19:18 - 2014-03-18 00:16 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 19:16 - 2014-03-18 00:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 19:14 - 2014-03-18 00:16 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 19:10 - 2014-03-18 00:16 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 19:03 - 2014-03-18 00:16 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 19:00 - 2014-03-18 00:16 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 18:57 - 2014-03-18 00:16 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 18:38 - 2014-03-18 00:16 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 18:32 - 2014-03-18 00:16 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 18:27 - 2014-03-18 00:16 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 18:25 - 2014-03-18 00:16 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 18:25 - 2014-03-18 00:16 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-23 11:48 - 2014-03-22 00:05 - 00002011 _____ () C:\Users\MWA\Desktop\scan foler.lnk
2014-02-23 11:48 - 2012-11-05 17:05 - 00002011 _____ () C:\Users\Michael\Desktop\scan foler.lnk
2014-02-23 11:08 - 2013-10-23 13:08 - 00000000 ____D () C:\Users\Michael\Desktop\malena
2014-02-23 11:04 - 2013-05-18 01:04 - 00000000 ____D () C:\Users\Michael\Desktop\MCA pics
2014-02-22 21:57 - 2013-02-08 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 13:29 - 2014-02-21 13:29 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-02-20 23:22 - 2011-10-18 09:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-20 22:55 - 2014-02-20 22:55 - 00001964 _____ () C:\Users\Public\Desktop\Nitro Pro 9.lnk
2014-02-20 22:55 - 2014-02-20 22:55 - 00000000 ____D () C:\Program Files\Common Files\Nitro
2014-02-20 22:55 - 2014-02-20 22:55 - 00000000 ____D () C:\Program Files (x86)\Nitro
2014-02-20 22:53 - 2012-04-09 10:26 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Downloaded Installations
2014-02-20 21:37 - 2014-02-20 21:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\temp\G2MInstallerExtractor.exe
C:\Users\Michael\AppData\Local\temp\install_flashplayer12x32_mssa_aaa_aih.exe
C:\Users\Michael\AppData\Local\temp\install_reader11_en_gtba_chra_dy_aaa_aih.exe
C:\Users\Michael\AppData\Local\temp\JREInstall??.exe
C:\Users\Michael\AppData\Local\temp\nitro_pro8_x64(1).exe
C:\Users\Michael\AppData\Local\temp\nitro_pro8_x64.exe
C:\Users\Michael\AppData\Local\temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-10 12:06

==================== End Of Log ============================

 

 

ADDITION:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by MWA at 2014-03-22 06:24:04
Running from C:\Users\MWA\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS U Series ScreenSaver (HKLM-x32\...\ASUS U Series ScreenSaver) (Version: 1.0.0002 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Best Buy Connect (HKLM-x32\...\{B435FD87-CA14-45E3-9D0B-A30F1F9F3866}) (Version: 3.00.68 - Best Buy)
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Canon MX880 series User Registration (HKLM-x32\...\Canon MX880 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2926 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version:  - Microsoft)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.1.528 - j2 Global)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Fresco Logic USB3.0 Host Controller (HKLM\...\{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}) (Version: 3.0.119.1 - Fresco Logic Inc.)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Intel® WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 9 (HKLM\...\{BAC19554-0CF9-45B8-A920-88D0D680FDB2}) (Version: 9.0.6.20 - Nitro)
Point 7.2 (HKLM-x32\...\{DD68AE74-98BA-4ABE-B11E-30F39206ECE8}) (Version: 7.2.1146 - Calyx Software)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{DD350F3A-3620-4185-A5E2-88A6437C8415}) (Version: 2.2.24428 - SlimWare Utilities, Inc.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinPatrol (HKLM\...\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}) (Version: 25.6.2012.1 - BillP Studios)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

02-03-2014 01:43:05 Windows Update
05-03-2014 07:30:35 Windows Update
08-03-2014 22:49:54 Windows Update
12-03-2014 00:06:41 Windows Update
15-03-2014 04:21:34 Windows Update
18-03-2014 08:13:59 Restore Operation
18-03-2014 10:12:00 Windows Update
22-03-2014 07:15:36 Windows Update
22-03-2014 10:00:25 Windows Update
22-03-2014 11:00:13 Windows Update

==================== Hosts content: ==========================

2009-07-13 18:34 - 2012-09-22 15:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1C2D54F7-F390-4802-9E53-D2864243F0AD} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-11] ()
Task: {271F8BE6-03EE-4121-A54C-3C49E6BFC12B} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {85F9745F-738A-4382-A278-DB1539A9F1A0} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2574172027-3284400276-4226840274-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {A439CC3C-C30D-4C8C-9498-388CB213B805} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {ABA252D2-A59A-496A-B874-AC0DC7538BDA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18] (Adobe Systems Incorporated)
Task: {AF702946-DEC1-49F4-879F-CF1E4B894C27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {C9B90F09-351C-40D6-B169-B14681E26F5C} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {D481BCCB-709C-4ACF-8B3C-726CCFA601EE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2574172027-3284400276-4226840274-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {E7635C78-E89B-482A-AEB8-938F520CB327} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-06-04 12:56 - 2011-02-28 14:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2010-05-11 17:35 - 2010-05-11 17:35 - 00489392 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2010-04-02 19:21 - 2008-09-30 23:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-05-02 13:41 - 2011-05-02 13:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-15 00:14 - 2011-01-26 16:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-23 16:53 - 2010-09-23 16:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-08-11 19:52 - 2010-08-11 19:52 - 00060928 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
2012-11-17 01:16 - 1999-12-31 16:00 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-09-23 20:29 - 2012-06-20 13:23 - 00599419 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2014 03:00:13 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {c62ecb7e-1626-4a7a-bbfe-c2aecc32af61}

Error: (03/22/2014 02:00:25 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {95b846b1-c84f-4976-82be-bdf4065fa739}

Error: (03/21/2014 11:15:36 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {75d7b8cc-148b-4045-b706-0d27413ae679}

Error: (03/21/2014 11:00:36 PM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP.Michael-PC.001. This error may be caused by files in this directory being used by another program.

 DETAIL - The directory is not empty.

Error: (03/18/2014 08:39:43 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/18/2014 08:39:43 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/18/2014 02:35:57 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP.Michael-PC.000. This error may be caused by files in this directory being used by another program.

 DETAIL - The directory is not empty.

Error: (03/18/2014 02:23:44 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/18/2014 02:23:44 AM) (Source: Microsoft-Windows-User Profiles Service) (User: Michael-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/18/2014 02:12:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {00f45542-afec-4762-91ae-15d5f9545c8a}

System errors:
=============
Error: (03/22/2014 02:06:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2911501).

Error: (03/22/2014 02:02:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2929961).

Error: (03/18/2014 02:01:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (03/18/2014 00:59:35 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 00:58:22 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 00:56:32 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 00:55:19 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 00:53:19 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (03/18/2014 00:34:34 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (03/18/2014 00:33:04 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Microsoft Office Sessions:
=========================
Error: (03/22/2014 03:00:13 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {c62ecb7e-1626-4a7a-bbfe-c2aecc32af61}

Error: (03/22/2014 02:00:25 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {95b846b1-c84f-4976-82be-bdf4065fa739}

Error: (03/21/2014 11:15:36 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {75d7b8cc-148b-4045-b706-0d27413ae679}

Error: (03/21/2014 11:00:36 PM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: C:\Users\TEMP.Michael-PC.001The directory is not empty.

Error: (03/18/2014 08:39:43 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 08:39:43 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 02:35:57 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: C:\Users\TEMP.Michael-PC.000The directory is not empty.

Error: (03/18/2014 02:23:44 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 02:23:44 AM) (Source: Microsoft-Windows-User Profiles Service)(User: Michael-PC)
Description:

Error: (03/18/2014 02:12:00 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-2574172027-3284400276-4226840274-1001.bak)0x80070539, The security ID structure is invalid.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {00f45542-afec-4762-91ae-15d5f9545c8a}

CodeIntegrity Errors:
===================================
  Date: 2012-09-22 15:04:18.681
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-22 15:04:18.655
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-22 15:04:18.629
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-22 15:04:18.603
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-18 03:09:38.033
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-18 03:09:38.002
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8102.76 MB
Available physical RAM: 5699.68 MB
Total Pagefile: 16203.7 MB
Available Pagefile: 13490.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:673.62 GB) (Free:473.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E3102A4B)

Partition: GPT Partition Type.

==================== End Of Log ============================



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 22 March 2014 - 09:33 AM

Thanks,

I will be away from my computer for a few hours but will be reviewing your log upon my return. You can expect a response in a few hours. Thanks for your patience and understanding.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 22 March 2014 - 02:04 PM

Greetings Michael,

Thanks for your patience. That report looks good. :thumbsup2:

Can you just confirm you are aware of Nalpeiron on your computer? It is not bad unless you did not intend to have it installed.

Let's do these things now.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • If the Program will not run properly run it in Safe Mode
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Security check log
  • Did TFC run properly?
  • How is your computer running

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 nyseman

nyseman
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 22 March 2014 - 03:32 PM

Hi Gary,

 

I don't quite recall having dealt with Nalpeiron. I may have tried to use their services, but I can't remember when or why. Should I remove it?

My computer seems likes it's running well at this point.  Although I do keep getting pop ups from Oracle's jucheck.exe asking for permission.  This used to happen all the time before as well. It happens quite a bit and I'd like to stop it if possible. 

 

TFC did run through and delete about 6GB of data;  I had to run Securtiy Check in safe mode.  Here are the log results:

 

Adware Cleaner log:

# AdwCleaner v3.022 - Report created 22/03/2014 at 12:34:47
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : MWA - MICHAEL-PC
# Running from : C:\Users\MWA\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

*************************

AdwCleaner[R0].txt - [1513 octets] - [22/03/2014 12:31:51]
AdwCleaner[S0].txt - [1444 octets] - [22/03/2014 12:34:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1504 octets] ##########

 

Junkware log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by MWA on Sat 03/22/2014 at 12:46:03.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\asknpavbb_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\asknpavbb_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\asknpavbb_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\asknpavbb_RASMANCS

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/22/2014 at 12:50:10.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Security Check log:

 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials  
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 17 
 Java version out of Date!
 Adobe Flash Player 12.0.0.77 
 Adobe Reader XI 
 Mozilla Firefox 27.0.1 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,798 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:54 PM

Posted 22 March 2014 - 03:53 PM

Greetings sir,
 

Should I remove it?

If you are not going to use it I would recommend uninstalling it.

Please run these.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck Install the Ask Toolbar and make Ask my default search provider
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:
  • Click Start, Control Panel, Java, then Advanced
  • Scroll down to Miscellaneous then uncheck the box for Java Quick Starter.
  • Click OK and reboot your computer.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java install properly?
  • FSS.txt
  • Did Firefox install properly?
  • Are you getting Oracle popups?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users