Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitcoin Miner


  • This topic is locked This topic is locked
8 replies to this topic

#1 ArcticPrince

ArcticPrince

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 21 July 2014 - 07:09 AM

Malwarebytes Anti-Malware is reporting 6 instances of a bit coin miner.  I have tried 4 times to quarantine and delete, but on every reboot they return.  Any help would be appreciated.



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 21 July 2014 - 09:15 AM

Hi there,

can you please post up the log file from Malwarebytes that shows what exactly has been found.
And run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 ArcticPrince

ArcticPrince
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 24 July 2014 - 06:44 PM

Sorry to be so late posting, I never saw that someone had replied to my post!  When I first ran malwarebytes it said 0 files.  On a whim I rebooted and then it found 1.  Yesterday I had 3 processes and 3 files.  MalwareBytes log and FRST logs below.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/24/2014
Scan Time: 6:22:12 PM
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.24.09
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User:

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293692
Time Elapsed: 8 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.BitCoinMiner, C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe, 3960, Delete-on-Reboot, [8dcce1c21e5d7eb8e839f61b2cd5b34d]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.BitCoinMiner, C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe, Delete-on-Reboot, [8dcce1c21e5d7eb8e839f61b2cd5b34d],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Ward Harris (administrator) on G75V on 24-07-2014 18:03:16
Running from C:\Users\Ward Harris\Downloads\Programs
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Livedrive\VSSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\IDMan.exe
(jiiSoft) C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
() C:\Program Files\Andy\HandyAndy.exe
() C:\Program Files\Andy\AndyPriorityMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Internet Download Manager, Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Fences] => E:\Program Files (x86)\Fences.exe [4013744 2013-07-11] (Stardock Corporation)
HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [923256 2014-06-27] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-06-12] (Google Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [IDMan] => E:\Program Files (x86)\Internet Download Manager\IDMan.exe [3837520 2014-06-17] (Tonec Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [IE New Window Maximizer] => C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe [356352 2005-02-09] (jiiSoft)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [AdobeFlashPlayer] => wscript "C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\PureCache\IDMan.vbs" "C:\Users\Ward (the data entry has 64 more characters).
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [MediaUpdate] => wscript "C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\MediaCache\IEMonitor.vbs" "C:\Users (the data entry has 74 more characters).
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [IDM] => wscript "C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache\idm.vbs" "C:\Users\Ward  (the data entry has 62 more characters).
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-06-20] (Siber Systems)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1814680 2013-07-29] (Livedrive Internet Ltd)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BackupOverlay -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => E:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: LivedriveDownloadOverlay -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSharedOverlay -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSyncedOverlay -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveUploadOverlay -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x165EDFE203A3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BrowserHelper Class -> {EDF48A39-1442-463F-9F4E-F376A78D034A} -> C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll (Livedrive Internet Ltd)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 24.116.2.50 24.116.2.34

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - E:\Program Files (x86)\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ward Harris\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ward Harris\AppData\Roaming\IDM\idmmzcc5 [2014-06-19]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]
CHR Extension: (Google Drive) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]
CHR Extension: (YouTube) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]
CHR Extension: (Google Search) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]
CHR Extension: (IDM Integration Module) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-06-20]
CHR Extension: (Skype Click to Call) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-21]
CHR Extension: (Google Wallet) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-20]
CHR Extension: (Gmail) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20]
CHR Extension: (RoboForm) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-06-20]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - E:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-06-18]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2013-07-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 cbfs3; C:\WINDOWS\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 18:03 - 2014-07-24 18:03 - 00000000 ____D () C:\FRST
2014-07-24 13:38 - 2014-07-24 13:38 - 00022878 _____ () C:\Users\Ward Harris\Documents\Copy of Timesheet Deployed Employee.xlsx
2014-07-24 11:07 - 2014-07-24 11:07 - 00000392 _____ () C:\Users\Ward Harris\Desktop\4 pulled pork recipes that'll change your life - MSN Living#image=2.url
2014-07-23 20:34 - 2014-07-23 20:34 - 00000308 _____ () C:\Users\Ward Harris\Desktop\Documentary Photography and Photojournalism Still Images of a World in Motion  Writing and Humanistic Studies  MIT OpenCourseWare.url
2014-07-23 12:44 - 2014-07-23 12:44 - 00000837 _____ () C:\Users\Ward Harris\Desktop\IrfanView Thumbnails.lnk
2014-07-23 12:44 - 2014-07-23 12:44 - 00000733 _____ () C:\Users\Ward Harris\Desktop\IrfanView.lnk
2014-07-23 12:44 - 2014-07-23 12:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-23 12:40 - 2014-07-23 12:40 - 00000586 _____ () C:\Users\Ward Harris\Desktop\KMPlayer.lnk
2014-07-23 12:40 - 2014-07-23 12:40 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-07-23 07:39 - 2014-07-23 07:39 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\CrashRpt
2014-07-23 07:38 - 2014-07-23 07:38 - 00000886 _____ () C:\Users\Ward Harris\Desktop\Crawlerbot.lnk
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\Documents\Outlook Files
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\3815B7D9-BF1D-4809-8106-0AD11A7C0539.aplzod
2014-07-23 04:44 - 2014-07-23 04:44 - 00000219 _____ () C:\Users\Ward Harris\Desktop\foodgawker  feed your eyes.url
2014-07-23 04:44 - 2014-07-23 04:44 - 00000199 _____ () C:\Users\Ward Harris\Desktop\1000 Life Hacks.url
2014-07-23 04:41 - 2014-07-23 04:41 - 00001600 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-23 04:41 - 2014-07-23 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-23 04:40 - 2014-07-23 04:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-23 04:40 - 2014-07-23 04:41 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 04:40 - 2014-07-23 04:40 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 04:37 - 2014-07-23 04:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-07-23 03:59 - 2014-07-23 03:59 - 00000221 _____ () C:\Users\Ward Harris\Desktop\Summer Crockpot Recipes  POPSUGAR Moms.url
2014-07-22 17:26 - 2014-07-22 17:27 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\IrfanView
2014-07-22 16:49 - 2014-07-09 23:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-22 16:49 - 2014-07-09 23:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-22 16:49 - 2014-07-09 22:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-21 08:35 - 2014-07-21 08:40 - 00167424 _____ () C:\Users\Ward Harris\Downloads\Expense Report.xls
2014-07-21 07:58 - 2014-07-21 07:58 - 00000220 _____ () C:\Users\Ward Harris\Desktop\Official Gmail Blog 10 Gmail gadgets to try.url
2014-07-21 07:23 - 2014-07-23 09:09 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 05:02 - 2014-07-23 08:55 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 05:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-21 05:01 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-21 05:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-21 04:45 - 2014-07-21 04:45 - 00003035 _____ () C:\Users\Ward Harris\Desktop\HiJackThis.lnk
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-21 04:43 - 2014-07-21 04:43 - 00001782 _____ () C:\sc-cleaner.txt
2014-07-21 04:39 - 2014-07-21 04:39 - 00001819 _____ () C:\Users\Ward Harris\Desktop\JRT.txt
2014-07-21 04:32 - 2014-07-21 04:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-19 08:26 - 2014-07-19 08:26 - 00000189 _____ () C:\Users\Ward Harris\Desktop\US Plane Crash Lands In Uganda - YouTube.url
2014-07-17 20:29 - 2014-07-24 11:07 - 00000709 _____ () C:\Users\Ward Harris\Desktop\Purchase Fences.lnk
2014-07-17 20:29 - 2014-07-17 20:29 - 00000424 _____ () C:\Users\Ward Harris\Desktop\10 Tricks to Make Yourself a Chromecast Master.url
2014-07-11 07:06 - 2014-07-12 09:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Livedrive
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livedrive
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\Program Files (x86)\Livedrive
2014-07-11 07:06 - 2012-11-10 10:56 - 00223592 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsNetRdr3.dll
2014-07-11 07:06 - 2012-11-10 10:56 - 00141672 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsNetRdr3.dll
2014-07-11 07:06 - 2012-11-10 10:55 - 00190312 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsMntNtf3.dll
2014-07-11 07:06 - 2012-11-10 10:55 - 00158056 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsMntNtf3.dll
2014-07-11 07:06 - 2012-11-10 10:50 - 00352008 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs3.sys
2014-07-10 08:01 - 2014-07-10 08:05 - 00000104 _____ () C:\Users\Ward Harris\Documents\Tor.txt
2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Tor Browser
2014-07-09 16:12 - 2014-07-09 16:13 - 37554316 _____ () C:\Users\Ward Harris\Downloads\IT_S_A_TRAP___.rar
2014-07-09 14:30 - 2014-07-09 14:30 - 08212465 _____ () C:\Users\Ward Harris\Downloads\Self shot series-Play time in the shower.flv
2014-07-09 10:51 - 2014-07-09 10:51 - 00001135 _____ () C:\Users\Public\Desktop\Rosetta Stone TOTALe.lnk
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone Backups
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-07-09 10:49 - 2014-07-09 10:53 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdServices
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\Program Files (x86)\RosettaStoneLtdServices
2014-07-09 05:55 - 2014-07-09 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-07-08 15:52 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-08 15:33 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-08 15:33 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-08 15:33 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-08 15:33 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-08 15:33 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-08 15:33 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-08 15:33 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-08 15:33 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-08 15:33 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-08 15:33 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-08 15:32 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-08 15:32 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-08 15:32 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-08 15:32 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-08 15:32 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-08 15:32 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-08 15:32 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-08 15:32 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-08 15:32 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-08 15:32 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-08 15:32 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-08 15:32 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-08 15:32 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-08 15:32 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-08 15:32 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-08 15:32 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-08 15:32 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-08 15:32 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-08 15:32 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-08 15:32 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-08 15:32 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-08 15:32 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-08 15:32 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-08 15:32 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-08 15:32 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-08 15:32 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-08 15:32 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-08 15:32 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-08 15:32 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-08 15:31 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-08 15:31 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-08 15:31 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-08 15:31 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-08 15:31 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 15:31 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-08 15:31 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-08 15:31 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 15:31 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-08 15:31 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-08 15:31 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-08 15:31 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-08 15:31 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-08 15:31 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-08 15:31 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-08 15:30 - 2014-07-08 15:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-06 16:04 - 2014-07-06 16:04 - 00000000 ____D () C:\Users\Ward Harris\Documents\Streaming Audio Recorder
2014-07-06 16:03 - 2014-07-06 16:03 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apowersoft
2014-07-06 14:58 - 2014-07-06 14:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-07-06 10:22 - 2014-07-06 10:22 - 00000182 _____ () C:\Users\Ward Harris\Desktop\Judicial Watch  Welcome.url
2014-07-05 07:28 - 2014-07-05 07:28 - 00000000 ____D () C:\Users\Ward Harris\xinorbis
2014-07-03 11:02 - 2014-07-06 15:31 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Games
2014-07-02 07:52 - 2014-07-23 20:21 - 04664339 _____ () C:\Users\Ward Harris\Andy.log
2014-07-02 07:52 - 2014-07-23 20:16 - 00000000 ____D () C:\Users\Ward Harris\Andy
2014-07-02 07:52 - 2014-07-02 07:52 - 00000240 _____ () C:\Users\Ward Harris\HandyAndy.ini
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\Users\Ward Harris\Andy_SF
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\Program Files\Oracle
2014-07-02 07:51 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2014-07-02 07:51 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2014-07-02 07:12 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-07-02 07:11 - 2014-07-23 04:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-02 07:11 - 2014-07-02 07:11 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-02 06:59 - 2014-07-02 07:52 - 00000000 ____D () C:\Program Files\Andy
2014-07-02 06:59 - 2014-07-02 07:45 - 01177208 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanupTool.exe
2014-07-02 06:59 - 2014-07-02 07:45 - 01176696 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanVM.exe
2014-07-01 05:36 - 2014-07-01 05:36 - 00001916 _____ () C:\Users\Public\Desktop\Wondershare QuizCreator Online.lnk
2014-07-01 05:36 - 2014-07-01 05:36 - 00001211 _____ () C:\Users\Public\Desktop\Wondershare QuizCreator.lnk
2014-07-01 05:36 - 2014-07-01 05:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-07-01 05:36 - 2014-07-01 05:36 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-06-25 16:11 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apple Computer
2014-06-25 16:11 - 2014-07-23 06:28 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple Computer
2014-06-25 16:11 - 2014-07-12 06:17 - 00000000 ____D () C:\Program Files\pia_manager
2014-06-25 16:11 - 2014-06-25 16:11 - 00031232 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2014-06-25 16:11 - 2014-06-25 16:11 - 00003162 _____ () C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2014-06-25 16:11 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Titanium
2014-06-25 16:11 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 18:03 - 2014-07-24 18:03 - 00000000 ____D () C:\FRST
2014-07-24 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-24 17:22 - 2014-06-12 14:11 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 16:49 - 2014-06-11 21:06 - 01711587 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-24 13:38 - 2014-07-24 13:38 - 00022878 _____ () C:\Users\Ward Harris\Documents\Copy of Timesheet Deployed Employee.xlsx
2014-07-24 12:54 - 2014-06-11 20:50 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-831231532-1518658252-4247205751-1001
2014-07-24 12:22 - 2014-06-12 14:11 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-24 11:13 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\Downloads\Video
2014-07-24 11:07 - 2014-07-24 11:07 - 00000392 _____ () C:\Users\Ward Harris\Desktop\4 pulled pork recipes that'll change your life - MSN Living#image=2.url
2014-07-24 11:07 - 2014-07-17 20:29 - 00000709 _____ () C:\Users\Ward Harris\Desktop\Purchase Fences.lnk
2014-07-24 01:53 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\Downloads\Compressed
2014-07-23 20:34 - 2014-07-23 20:34 - 00000308 _____ () C:\Users\Ward Harris\Desktop\Documentary Photography and Photojournalism Still Images of a World in Motion  Writing and Humanistic Studies  MIT OpenCourseWare.url
2014-07-23 20:21 - 2014-07-02 07:52 - 04664339 _____ () C:\Users\Ward Harris\Andy.log
2014-07-23 20:16 - 2014-07-02 07:52 - 00000000 ____D () C:\Users\Ward Harris\Andy
2014-07-23 20:15 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Ward Harris\.VirtualBox
2014-07-23 12:44 - 2014-07-23 12:44 - 00000837 _____ () C:\Users\Ward Harris\Desktop\IrfanView Thumbnails.lnk
2014-07-23 12:44 - 2014-07-23 12:44 - 00000733 _____ () C:\Users\Ward Harris\Desktop\IrfanView.lnk
2014-07-23 12:44 - 2014-07-23 12:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-23 12:40 - 2014-07-23 12:40 - 00000586 _____ () C:\Users\Ward Harris\Desktop\KMPlayer.lnk
2014-07-23 12:40 - 2014-07-23 12:40 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-07-23 09:11 - 2014-06-11 21:09 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-23 09:09 - 2014-07-21 07:23 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Skype
2014-07-23 09:05 - 2014-06-11 22:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-23 09:05 - 2014-06-11 21:00 - 00026132 _____ () C:\WINDOWS\PFRO.log
2014-07-23 09:05 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-23 09:04 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\DMCache
2014-07-23 09:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Globalization
2014-07-23 08:55 - 2014-07-21 05:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-23 08:54 - 2014-06-12 17:22 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Utlities
2014-07-23 07:39 - 2014-07-23 07:39 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\CrashRpt
2014-07-23 07:38 - 2014-07-23 07:38 - 00000886 _____ () C:\Users\Ward Harris\Desktop\Crawlerbot.lnk
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\Documents\Outlook Files
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\3815B7D9-BF1D-4809-8106-0AD11A7C0539.aplzod
2014-07-23 06:29 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apple Computer
2014-07-23 06:28 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple Computer
2014-07-23 04:44 - 2014-07-23 04:44 - 00000219 _____ () C:\Users\Ward Harris\Desktop\foodgawker  feed your eyes.url
2014-07-23 04:44 - 2014-07-23 04:44 - 00000199 _____ () C:\Users\Ward Harris\Desktop\1000 Life Hacks.url
2014-07-23 04:41 - 2014-07-23 04:41 - 00001600 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-23 04:41 - 2014-07-23 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-23 04:41 - 2014-07-23 04:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-23 04:41 - 2014-07-23 04:40 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 04:40 - 2014-07-23 04:40 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 04:37 - 2014-07-23 04:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-07-23 04:37 - 2014-07-02 07:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-23 03:59 - 2014-07-23 03:59 - 00000221 _____ () C:\Users\Ward Harris\Desktop\Summer Crockpot Recipes  POPSUGAR Moms.url
2014-07-22 18:44 - 2014-06-12 14:52 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\vlc
2014-07-22 17:27 - 2014-07-22 17:26 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\IrfanView
2014-07-22 17:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-22 17:10 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-21 08:40 - 2014-07-21 08:35 - 00167424 _____ () C:\Users\Ward Harris\Downloads\Expense Report.xls
2014-07-21 07:58 - 2014-07-21 07:58 - 00000220 _____ () C:\Users\Ward Harris\Desktop\Official Gmail Blog 10 Gmail gadgets to try.url
2014-07-21 07:23 - 2014-07-21 07:23 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 06:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Branding
2014-07-21 05:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-07-21 05:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 04:45 - 2014-07-21 04:45 - 00003035 _____ () C:\Users\Ward Harris\Desktop\HiJackThis.lnk
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-21 04:43 - 2014-07-21 04:43 - 00001782 _____ () C:\sc-cleaner.txt
2014-07-21 04:39 - 2014-07-21 04:39 - 00001819 _____ () C:\Users\Ward Harris\Desktop\JRT.txt
2014-07-21 04:32 - 2014-07-21 04:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-19 12:59 - 2014-06-11 21:03 - 00000000 ____D () C:\Users\Ward Harris
2014-07-19 10:37 - 2012-10-07 12:02 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Adobe
2014-07-19 08:26 - 2014-07-19 08:26 - 00000189 _____ () C:\Users\Ward Harris\Desktop\US Plane Crash Lands In Uganda - YouTube.url
2014-07-19 08:21 - 2013-08-22 09:46 - 00310447 _____ () C:\WINDOWS\setupact.log
2014-07-17 20:29 - 2014-07-17 20:29 - 00000424 _____ () C:\Users\Ward Harris\Desktop\10 Tricks to Make Yourself a Chromecast Master.url
2014-07-17 11:58 - 2014-06-12 17:21 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Recepies
2014-07-14 12:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-12 09:44 - 2014-07-11 07:06 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Livedrive
2014-07-12 09:30 - 2014-06-18 08:21 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Battle.net
2014-07-12 09:23 - 2014-06-18 08:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-12 07:56 - 2014-06-20 14:28 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Deployment
2014-07-12 06:17 - 2014-06-25 16:11 - 00000000 ____D () C:\Program Files\pia_manager
2014-07-11 18:09 - 2014-06-14 20:51 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Adobe
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livedrive
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\Program Files (x86)\Livedrive
2014-07-10 19:15 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-10 16:50 - 2013-08-22 09:44 - 00473392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 08:05 - 2014-07-10 08:01 - 00000104 _____ () C:\Users\Ward Harris\Documents\Tor.txt
2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Tor Browser
2014-07-09 23:16 - 2014-07-22 16:49 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-09 23:03 - 2014-07-22 16:49 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-09 22:33 - 2014-07-22 16:49 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-09 16:13 - 2014-07-09 16:12 - 37554316 _____ () C:\Users\Ward Harris\Downloads\IT_S_A_TRAP___.rar
2014-07-09 14:30 - 2014-07-09 14:30 - 08212465 _____ () C:\Users\Ward Harris\Downloads\Self shot series-Play time in the shower.flv
2014-07-09 10:53 - 2014-07-09 10:49 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-07-09 10:51 - 2014-07-09 10:51 - 00001135 _____ () C:\Users\Public\Desktop\Rosetta Stone TOTALe.lnk
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone Backups
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdServices
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\Program Files (x86)\RosettaStoneLtdServices
2014-07-09 05:55 - 2014-07-09 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-07-08 15:56 - 2014-06-12 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-08 15:55 - 2014-06-11 22:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-08 15:54 - 2014-06-11 22:09 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 15:52 - 2013-08-22 14:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 15:30 - 2014-07-08 15:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-06 16:04 - 2014-07-06 16:04 - 00000000 ____D () C:\Users\Ward Harris\Documents\Streaming Audio Recorder
2014-07-06 16:04 - 2014-06-11 20:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\VirtualStore
2014-07-06 16:03 - 2014-07-06 16:03 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apowersoft
2014-07-06 15:31 - 2014-07-03 11:02 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Games
2014-07-06 14:58 - 2014-07-06 14:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-07-06 10:22 - 2014-07-06 10:22 - 00000182 _____ () C:\Users\Ward Harris\Desktop\Judicial Watch  Welcome.url
2014-07-05 07:28 - 2014-07-05 07:28 - 00000000 ____D () C:\Users\Ward Harris\xinorbis
2014-07-05 07:28 - 2014-06-12 17:22 - 00000735 _____ () C:\Users\Ward Harris\Desktop\Xinorbis6.lnk
2014-07-05 06:59 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy
2014-07-03 19:45 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-02 07:52 - 2014-07-02 07:52 - 00000240 _____ () C:\Users\Ward Harris\HandyAndy.ini
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\Users\Ward Harris\Andy_SF
2014-07-02 07:52 - 2014-07-02 06:59 - 00000000 ____D () C:\Program Files\Andy
2014-07-02 07:52 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Ward Harris\VirtualBox VMs
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\Program Files\Oracle
2014-07-02 07:45 - 2014-07-02 06:59 - 01177208 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanupTool.exe
2014-07-02 07:45 - 2014-07-02 06:59 - 01176696 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanVM.exe
2014-07-02 07:11 - 2014-07-02 07:11 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-02 07:11 - 2014-06-12 19:36 - 00000000 ____D () C:\ProgramData\Apple
2014-07-01 05:36 - 2014-07-01 05:36 - 00001916 _____ () C:\Users\Public\Desktop\Wondershare QuizCreator Online.lnk
2014-07-01 05:36 - 2014-07-01 05:36 - 00001211 _____ () C:\Users\Public\Desktop\Wondershare QuizCreator.lnk
2014-07-01 05:36 - 2014-07-01 05:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-07-01 05:36 - 2014-07-01 05:36 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-06-27 07:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-06-26 15:55 - 2013-08-22 10:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 15:55 - 2013-08-22 10:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 16:11 - 2014-06-25 16:11 - 00031232 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2014-06-25 16:11 - 2014-06-25 16:11 - 00003162 _____ () C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2014-06-25 16:11 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Titanium
2014-06-25 16:11 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-06-24 21:35 - 2014-06-11 22:19 - 00002990 _____ () C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements

Some content of TEMP:
====================
C:\Users\Ward Harris\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\Ward Harris\AppData\Local\Temp\LD8582.tmp.exe
C:\Users\Ward Harris\AppData\Local\Temp\LDA5B8.tmp.exe
C:\Users\Ward Harris\AppData\Local\Temp\ochelper.dll
C:\Users\Ward Harris\AppData\Local\Temp\ochelper.exe
C:\Users\Ward Harris\AppData\Local\Temp\PIPInstaller_PTV_.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-18 11:23

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by Ward Harris at 2014-07-24 18:04:14
Running from C:\Users\Ward Harris\Downloads\Programs
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
ANDY OS (HKLM\...\ANDY OS) (Version: 1.1 - andyroid.net)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IE New Window Maximizer 2.4 (HKLM-x32\...\IE New Window Maximizer_is1) (Version:  - jiiSoft, Jonatan Dahl)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Jaikoz (64-bit) 6.2.0 (HKLM\...\Jaikoz (64-bit) 6.2.0) (Version: 6.2.0 - )
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Livedrive (HKLM\...\{AB1D35FC-31E0-4872-8466-12BDF42F513D}) (Version: 1.14.2.0 - Livedrive Internet Limited)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
MMoCrawlerbots (HKLM-x32\...\MMoCrawlerbots) (Version:  - Haatan group Ltd.)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuizCreator (HKLM-x32\...\Wondershare QuizCreator (Build 4.5.1)_is1) (Version:  - Wondershare Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-7-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-7-5 - Siber Systems)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.11 - Stardock Software, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.125 - PandoraTV)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-831231532-1518658252-4247205751-1001_Classes\CLSID\{ee786771-d5c7-4d57-b3af-663832ba1f0d}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

08-07-2014 20:52:14 Windows Update
11-07-2014 12:06:17 Installed Livedrive
19-07-2014 11:19:42 Scheduled Checkpoint
21-07-2014 09:44:58 Installed HiJackThis

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-06-14 20:36 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3A4EF9C7-C4E9-4EDC-948E-F6555674A283} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A0A7362-E291-4EF6-8C55-DCF6D61A07C4} - System32\Tasks\Microsoft System Certificates => C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe [2013-12-19] ()
Task: {5CFBF25C-A1C8-4942-858A-4253F7C8F626} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNMOJJJPMLMIMNMIMCNJJMJMMJMCNLMNJIMJMCNHMHMNJIMCNNJKJOMIMJJNMJMLMLMJMJJHMJNJICMIMCNGMCNIMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMKMLMIMJNHICMMJBJKJLIMJJNBJCMIKOJNILJPNHLOJNINIGJMIJNKJCMIKOJNILJBNHLOJNINIGJMIPLILCJOJGJDJBNMJAJCJJNNICMJNDJCMKJBJJNMJCMOMFMNMGMLMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78257033-26F6-49E2-B8B8-B9334EB3F280} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-08] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AEBE52E-C633-4415-88D0-21343B442274} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: {8B9AA0D5-1D5A-4049-A871-21FCBC60D877} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-06-20] (Siber Systems)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {95BB5A52-F417-4EBF-9246-BF75D0CF6239} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A4AAD5C8-818C-4486-AAD6-56EB9B3A7849} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {B410B35D-6D85-4912-80DE-69793757A9F1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {BE61F73B-3691-427F-BFC4-9042436CB897} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {C1494BFF-CCEC-4803-B0C0-777D091FEEDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD6CA750-E1A0-4251-9CA5-EE0021E23C8A} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-07-12] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB5DDFE1-04A1-48BC-BD2D-E86AE60AD059} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {FCD2C07F-BACA-44BE-90DB-59F49C03B299} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-11 22:29 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 02:17 - 2013-09-05 02:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-29 11:38 - 2013-07-29 11:38 - 00210584 _____ () C:\Program Files (x86)\Livedrive\VSSService.exe
2014-07-02 07:51 - 2014-06-27 14:52 - 00923256 _____ () C:\Program Files\Andy\HandyAndy.exe
2014-07-02 07:51 - 2014-06-27 14:52 - 00905848 _____ () C:\Program Files\Andy\AndyPriorityMgr.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Andy"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKCU\...\StartupApproved\Run: => "swg"
HKCU\...\StartupApproved\Run: => "IDM"
HKCU\...\StartupApproved\Run: => "MediaUpdate"
HKCU\...\StartupApproved\Run: => "AdobeFlashPlayer"
HKCU\...\StartupApproved\Run: => "Livedrive"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 06:00:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: Flash.ocx, version: 14.0.0.145, time stamp: 0x53aa3a98
Exception code: 0xc0000005
Fault offset: 0x008880fa
Faulting process id: 0x3864
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/24/2014 04:54:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1beea4c0
Faulting process id: 0x3ddc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/24/2014 00:41:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1c239718
Faulting process id: 0x2518
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/24/2014 00:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13f8

Start Time: 01cfa76373ed8c82

Termination Time: 125

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: a47963ad-1357-11e4-be8b-dc85de5ef912

Faulting package full name:

Faulting package-relative application ID:

Error: (07/24/2014 06:49:41 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Recovery was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (07/23/2014 08:40:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17126, time stamp: 0x53882e30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x151715c8
Faulting process id: 0x1a34
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (07/23/2014 09:04:48 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (07/23/2014 08:44:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 338

Start Time: 01cfa66cf5c92c17

Termination Time: 94

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 764cf314-126f-11e4-be8a-dc85de5ef912

Faulting package full name:

Faulting package-relative application ID:

Error: (07/23/2014 07:44:37 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (07/23/2014 06:55:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 105c

Start Time: 01cfa66b1057d34b

Termination Time: 46

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 2cabfdef-1260-11e4-be8a-dc85de5ef912

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (07/24/2014 06:49:36 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/24/2014 06:49:06 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2014 04:45:52 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (07/23/2014 04:45:52 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/23/2014 04:45:52 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (07/23/2014 03:07:41 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2014 03:07:11 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/22/2014 05:10:56 PM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/21/2014 03:33:43 PM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}

Error: (07/21/2014 06:53:49 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Microsoft Office Sessions:
=========================
Error: (07/24/2014 06:00:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30Flash.ocx14.0.0.14553aa3a98c0000005008880fa386401cfa792ff313466C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx55a72b87-1386-11e4-be8b-dc85de5ef912

Error: (07/24/2014 04:54:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30unknown0.0.0.000000000c00000051beea4c03ddc01cfa788505418dcC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown20999bc1-137d-11e4-be8b-dc85de5ef912

Error: (07/24/2014 00:41:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30unknown0.0.0.000000000c00000051c239718251801cfa765f7962f0aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownb444626e-1359-11e4-be8b-dc85de5ef912

Error: (07/24/2014 00:26:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1712613f801cfa76373ed8c82125C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa47963ad-1357-11e4-be8b-dc85de5ef912

Error: (07/24/2014 06:49:41 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: RecoveryThe parameter is incorrect. (0x80070057)

Error: (07/23/2014 08:40:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1712653882e30unknown0.0.0.000000000c0000005151715c81a3401cfa6e0134f31cbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown814c1bea-12d3-11e4-be8b-dc85de5ef912

Error: (07/23/2014 09:04:48 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (07/23/2014 08:44:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1712633801cfa66cf5c92c1794C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE764cf314-126f-11e4-be8a-dc85de5ef912

Error: (07/23/2014 07:44:37 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (07/23/2014 06:55:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17126105c01cfa66b1057d34b46C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE2cabfdef-1260-11e4-be8a-dc85de5ef912

CodeIntegrity Errors:
===================================
  Date: 2014-07-24 06:48:43.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 03:53:15.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 03:53:15.836
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 03:06:46.525
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-21 05:06:26.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-18 11:23:46.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-17 13:23:01.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-16 12:04:56.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-15 12:32:41.658
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-12 06:36:21.223
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 16336.98 MB
Available physical RAM: 13504.07 MB
Total Pagefile: 18768.98 MB
Available Pagefile: 14855.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.96 GB) (Free:103.71 GB) NTFS
Drive d: (Spanish_LA_2) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS
Drive e: (New Volume) (Fixed) (Total:677.62 GB) (Free:358 GB) NTFS
Drive f: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:444.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238 GB) (Disk ID: D5ED4652)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 699 GB) (Disk ID: B19F8D36)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 13959830)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 26 July 2014 - 12:38 PM

Ok, let's remove this bitcoin miner:


Step 1

Please download this attached Attached File  fixlist.txt   854bytes   5 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#5 ArcticPrince

ArcticPrince
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 31 July 2014 - 01:19 PM

Thanks for helping me....

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 01
Ran by Ward Harris at 2014-07-31 06:46:52 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe
Task: {4A0A7362-E291-4EF6-8C55-DCF6D61A07C4} - System32\Tasks\Microsoft System Certificates => C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe [2013-12-19] ()
C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe
C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe
Folder: C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [IDM] => wscript "C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache\idm.vbs" "C:\Users\Ward  (the data entry has 62 more characters).
Folder: C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache
Reboot:
*****************

C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe => No running process found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A0A7362-E291-4EF6-8C55-DCF6D61A07C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A0A7362-E291-4EF6-8C55-DCF6D61A07C4}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft System Certificates => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft System Certificates" => Key deleted successfully.
C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe => Moved successfully.
C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe => Moved successfully.

========================= Folder: C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater ========================

2014-06-13 07:35 - 2014-07-30 13:07 - 0003431 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\API.class
2014-06-13 07:36 - 2014-07-30 13:07 - 0003142 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\API.java
2013-07-19 06:24 - 2014-06-13 07:35 - 0011307 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\data.ini
2014-06-13 07:36 - 2014-07-30 13:07 - 0044727 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\diablo130302.cl
2014-06-13 07:36 - 2014-07-30 13:07 - 0030802 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\diakgcn121016.cl
2014-07-24 18:21 - 2014-07-30 13:08 - 0192519 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe
2014-06-13 07:36 - 2014-07-11 08:19 - 0192519 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe.old
2014-06-13 07:36 - 2014-07-30 13:07 - 0612352 _____ (The cURL library, http://curl.haxx.se/) C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl.dll
2014-07-24 18:21 - 2014-07-30 13:08 - 0245795 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libcurl-4.dll
2014-06-13 07:36 - 2014-07-30 13:07 - 1704448 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libeay32.dll
2014-06-13 07:36 - 2014-07-30 13:07 - 0279955 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libidn-11.dll
2014-06-13 07:36 - 2014-07-30 13:07 - 0183382 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\librtmp.dll
2014-06-13 07:36 - 2014-07-30 13:07 - 0171008 _____ (The libssh2 library, http://www.libssh2.org/) C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libssh2.dll
2014-06-13 07:36 - 2014-07-30 13:07 - 0110094 _____ (libusb.org) C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libusb-1.0.dll
2014-06-13 07:36 - 2014-07-30 13:08 - 0072206 _____ (Open Source Software community LGPL) C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\libwinpthread-1.dll
2014-06-13 07:36 - 2014-07-30 13:07 - 0013062 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\phatk121016.cl
2014-06-13 07:36 - 2014-07-30 13:07 - 0043810 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\poclbm130302.cl
2014-06-13 07:36 - 2014-07-30 13:08 - 0119888 _____ (Open Source Software community LGPL) C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\pthreadGC2.dll
2014-06-13 07:36 - 2014-07-30 13:07 - 0023825 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\scrypt130511.cl
2014-06-13 07:36 - 2014-06-13 07:36 - 0943045 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\scrypt130511GeForce GTX 670Mglg2tc6080w256l4.bin
2014-06-13 07:36 - 2014-07-30 13:07 - 0640972 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\SearchIndexer.exe
2014-06-13 07:36 - 2014-07-30 13:08 - 0727537 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe
2014-06-13 07:36 - 2014-07-30 13:07 - 0364544 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssleay32.dll
2014-06-13 07:36 - 2014-07-30 13:08 - 0100864 _____ () C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\zlib1.dll

====== End of Folder: ======

HKU\S-1-5-21-831231532-1518658252-4247205751-1001\Software\Microsoft\Windows\CurrentVersion\Run\\IDM => value deleted successfully.

========================= Folder: C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache ========================

2012-10-07 11:52 - 2013-05-15 07:20 - 0000292 _____ () C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache\idm.bat
2012-10-07 11:52 - 2012-07-02 16:28 - 0000078 _____ () C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache\idm.vbs
2013-06-11 15:57 - 2013-06-11 15:57 - 0211968 _____ (Tonec Inc.) C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache\IDMan.exe
2012-12-07 10:00 - 2012-06-06 05:06 - 0302592 _____ () C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache\libcurl.dll
2012-12-07 10:00 - 2012-06-06 05:06 - 0072206 _____ (Open Source Software community LGPL) C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache\pthreadGC2.dll

====== End of Folder: ======

 

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

C:\FRST\Quarantine\C\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\svchost.exe.xBAD a variant of Win32/BitCoinMiner.BY potentially unsafe application
C:\FRST\Quarantine\C\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\updater.exe.xBAD Win32/TrojanDownloader.Autoit.NLZ trojan
C:\Users\Ward Harris\AppData\Local\Livedrive\~LD\0110011876368\4195\4a98905354824967969fcb33b8d000d5 Win32/InstallMonetizer.AN potentially unwanted application
C:\Users\Ward Harris\AppData\Local\Livedrive\~LD\0110011876368\4739\94430bd33978499ea32d76389234e121 Win32/OpenCandy potentially unsafe application
C:\Users\Ward Harris\AppData\Local\Livedrive\~LD\0110011876368\5308\e1e5011c00a243688a06f55f80b2a308 Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Ward Harris\AppData\Local\Microsoft\Windows\INetCache\IE\5B75TC06\ssl[1].exe Win32/Autoit.NPY trojan
C:\Users\Ward Harris\AppData\Local\Microsoft\Windows\INetCache\IE\BNS85VOS\jusched[1].exe a variant of Win32/BitCoinMiner.BS potentially unsafe application
C:\Users\Ward Harris\AppData\Local\Microsoft\Windows\INetCache\IE\YI1C3MR1\Offercast2802_PTV_[1].exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Ward Harris\AppData\Local\Microsoft\Windows\INetCache\IE\YI1C3MR1\SearchIndexer[1].exe multiple threats
C:\Users\Ward Harris\AppData\Local\Microsoft\Windows\INetCache\IE\YI1C3MR1\svchost[1].exe a variant of Win32/BitCoinMiner.BY potentially unsafe application
C:\Users\Ward Harris\AppData\Local\Temp\KMP_3.9.0.126.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\FileCache\check.bat BAT/CoinMiner.HD trojan
C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\MediaCache\IEMonitor.bat BAT/CoinMiner.HD trojan
C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\MediaCache\IEMonitor.exe a variant of Win64/BitCoinMiner.AG potentially unsafe application
C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\PureCache\IDMan.bat BAT/CoinMiner.HD trojan
C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\PureCache\IDMan.exe a variant of Win32/BitCoinMiner.K potentially unsafe application
C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\SpeedCache\IDMan.exe a variant of Win32/BitCoinMiner.K potentially unsafe application
C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe a variant of Win32/BitCoinMiner.BS potentially unsafe application
C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\jusched.exe.old a variant of Win32/BitCoinMiner.BS potentially unsafe application
C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\SearchIndexer.exe multiple threats
C:\Users\Ward Harris\AppData\Roaming\Microsoft\SystemCertificates\My\Updater\ssl.exe Win32/Autoit.NPY trojan
C:\Users\Ward Harris\Downloads\Compressed\WinZip Pro 18 Build 10661 (x86x64)+Crack-XenoCoder\CRACK\32BIT\WINZIP32.exe Win32/TrojanDownloader.Autoit.NLZ trojan
C:\Users\Ward Harris\Downloads\Programs\3.9.0.125_20140702035547.exe a variant of Win32/OpenCandy.A potentially unsafe application
E:\Downloads\CCleaner_Setup [1].exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
E:\Downloads\Programs\smart-ir-remote-universal-ir-v1.7.0-proper.zip Win32/InstalleRex.M potentially unwanted application
E:\Downloads\Programs\SoftonicDownloader_for_itunes-64-bit.exe a variant of Win32/SoftonicDownloader.F potentially unwanted application
E:\Downloads\Programs\tweetzsetup.exe Win32/InstallMonetizer.AF potentially unwanted application
E:\My Documents\Documents\Documents\Downloads\Programs\cbsidlm-tr1_5-GrabIt-10054405.exe Win32/DownloadAdmin.G potentially unwanted application
E:\My Documents\Documents\Documents\Downloads\Programs\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
E:\My Documents\Documents\Documents\Downloads\Programs\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
E:\My Documents\Documents\Documents\Downloads\Programs\FreemakeVideoConverterSetup.exe Win32/OpenCandy potentially unsafe application
E:\test\APCS13ni\APCS13wi\NSCC\NSCC\Nik Software Silver Efex Pro v2.004 (x32x64)\Nik Software Silver Efex Pro 2.x Keygen.exe a variant of Win32/Keygen.HA potentially unsafe application
E:\test\APCS13ni\APCS13wi\NSCC\NSCC\Nik Software Viveza v2.007 (x32_x64)\Nik Software Viveza 2.x Keygen.exe a variant of Win32/Keygen.HA potentially unsafe application

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Ward Harris (administrator) on G75V on 31-07-2014 13:13:00
Running from C:\FRST
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Livedrive\VSSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Internet Download Manager, Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [923256 2014-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-06-12] (Google Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [IDMan] => E:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [IE New Window Maximizer] => C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe [356352 2005-02-09] (jiiSoft)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [AdobeFlashPlayer] => wscript "C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\PureCache\IDMan.vbs" "C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\PureCache\IDMan.bat"
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [MediaUpdate] => wscript "C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\MediaCache\IEMonitor.vbs" "C:\Users\Ward Harris\AppData\Roaming\Adobe\Flash Player\MediaCache\IEMonitor.bat"
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1814680 2013-07-29] (Livedrive Internet Ltd)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [GoogleChromeAutoLaunch_B71FC91FA36E8D6AAD8192161A00AAA1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-07-27] (Siber Systems)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [AdobeBridge] => [X]
Startup: C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BackupOverlay -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => E:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: LivedriveDownloadOverlay -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSharedOverlay -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSyncedOverlay -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveUploadOverlay -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49DF6747EBA8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BrowserHelper Class -> {EDF48A39-1442-463F-9F4E-F376A78D034A} -> C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll (Livedrive Internet Ltd)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - E:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - E:\Program Files (x86)\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 - E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - E:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ward Harris\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ward Harris\AppData\Roaming\IDM\idmmzcc5 [2014-07-26]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]
CHR Extension: (Google Drive) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]
CHR Extension: (YouTube) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]
CHR Extension: (Honey) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-07-27]
CHR Extension: (Google Search) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]
CHR Extension: (Google Calendar) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-27]
CHR Extension: (Full Screen Weather) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-07-27]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-07-27]
CHR Extension: (IDM Integration Module) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-06-20]
CHR Extension: (Whois this!!) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-07-27]
CHR Extension: (Skype Click to Call) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-21]
CHR Extension: (FastestFox for Chrome) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-07-27]
CHR Extension: (Google Wallet) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-20]
CHR Extension: (FREE TV) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofddcjfikfghkmoapnjnmmflbcjohbic [2014-07-27]
CHR Extension: (World Clocks) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2014-07-27]
CHR Extension: (Gmail) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20]
CHR Extension: (RoboForm) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-06-20]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - E:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2013-07-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 cbfs3; C:\WINDOWS\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 06:51 - 2014-07-31 06:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-31 06:42 - 2014-07-31 06:42 - 02347384 _____ (ESET) C:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe
2014-07-31 05:35 - 2014-07-31 05:35 - 00022886 _____ () C:\Users\Ward Harris\Desktop\Timesheet Ward Harris.xlsx
2014-07-31 05:33 - 2014-07-31 05:33 - 00012322 _____ () C:\Users\Ward Harris\Desktop\Schwab.xlsx
2014-07-31 04:27 - 2014-07-31 04:27 - 00001558 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-07-30 14:14 - 2014-07-30 14:14 - 00000569 _____ () C:\Users\Ward Harris\Desktop\5 Essential Add-Ons For Dropbox.url
2014-07-30 13:44 - 2014-07-30 13:44 - 00000809 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-30 13:16 - 2014-07-30 13:16 - 00000953 _____ () C:\Users\Ward Harris\Desktop\Customize Fences.lnk
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 __HDC () C:\ProgramData\{FA418120-C277-40A2-855B-F71E56D2E902}
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-07-30 10:14 - 2014-07-30 10:14 - 00000240 _____ () C:\Users\Ward Harris\Desktop\Understanding and Using Firewalls.url
2014-07-30 09:16 - 2014-07-30 09:16 - 00005309 _____ () C:\Users\Ward Harris\Downloads\Purge_Fences.bat
2014-07-30 09:13 - 2014-07-30 09:13 - 00000205 _____ () C:\Users\Ward Harris\Desktop\General Tsos Chicken Recipe - Deep-fried.Food.com.url
2014-07-30 09:10 - 2014-07-30 09:10 - 00000192 _____ () C:\Users\Ward Harris\Desktop\Bourbon Chicken Recipe - Food.com.url
2014-07-29 05:39 - 2014-07-29 05:39 - 00000236 _____ () C:\Users\Ward Harris\Desktop\DUDE FOR FOOD Diplahan Lechon The Best of Mindanao Lechon, Now in Manila.url
2014-07-28 09:28 - 2014-07-28 09:28 - 00000281 _____ () C:\Users\Ward Harris\Desktop\Pat's Beer Can Grilled Chicken Recipe  Patrick and Gina Neely  Food Network.url
2014-07-28 08:21 - 2014-07-28 08:21 - 00000236 _____ () C:\Users\Ward Harris\Desktop\Weight Loss Help - Free Diet Program Guides & Tools  Medifast.url
2014-07-28 08:16 - 2014-07-28 08:16 - 00000176 _____ () C:\Users\Ward Harris\Desktop\Movies - Moreflicks.com.url
2014-07-28 07:39 - 2014-07-28 09:58 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Netflix
2014-07-27 09:35 - 2014-07-27 09:35 - 00003506 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-G75V-Ward Harris
2014-07-27 09:35 - 2014-07-27 09:35 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\PDAppFlex
2014-07-27 09:29 - 2014-07-27 09:29 - 00000965 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-07-27 09:29 - 2014-07-27 09:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-27 09:28 - 2014-07-27 09:28 - 00000910 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2014-07-27 09:27 - 2014-07-27 09:27 - 00000935 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-07-27 09:27 - 2014-07-27 09:27 - 00000882 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2014-07-27 09:26 - 2014-07-27 09:26 - 00001539 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-07-27 09:26 - 2014-07-27 09:26 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-07-27 09:25 - 2014-07-27 09:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-27 06:21 - 2014-07-27 06:21 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-25 09:19 - 2014-07-25 09:19 - 00000361 _____ () C:\Users\Ward Harris\Desktop\Free Online Photo & Video Classes, Workshops & Tips  CreativeLive - Learn. Be Inspired..url
2014-07-24 18:03 - 2014-07-31 13:13 - 00000000 ____D () C:\FRST
2014-07-24 13:38 - 2014-07-24 13:38 - 00022878 _____ () C:\Users\Ward Harris\Documents\Copy of Timesheet Deployed Employee.xlsx
2014-07-23 20:34 - 2014-07-23 20:34 - 00000308 _____ () C:\Users\Ward Harris\Desktop\Documentary Photography and Photojournalism Still Images of a World in Motion  Writing and Humanistic Studies  MIT OpenCourseWare.url
2014-07-23 12:44 - 2014-07-23 12:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-23 12:40 - 2014-07-23 12:40 - 00000586 _____ () C:\Users\Ward Harris\Desktop\KMPlayer.lnk
2014-07-23 12:40 - 2014-07-23 12:40 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-07-23 07:39 - 2014-07-23 07:39 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\CrashRpt
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\Documents\Outlook Files
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\3815B7D9-BF1D-4809-8106-0AD11A7C0539.aplzod
2014-07-23 06:02 - 2014-06-09 03:41 - 00180136 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2014-07-23 04:44 - 2014-07-23 04:44 - 00000199 _____ () C:\Users\Ward Harris\Desktop\1000 Life Hacks.url
2014-07-23 04:41 - 2014-07-23 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-23 04:40 - 2014-07-23 04:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-23 04:40 - 2014-07-23 04:41 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 04:40 - 2014-07-23 04:40 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 04:37 - 2014-07-23 04:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-07-22 17:26 - 2014-07-22 17:27 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\IrfanView
2014-07-22 16:49 - 2014-07-09 23:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-22 16:49 - 2014-07-09 23:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-22 16:49 - 2014-07-09 22:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-21 08:35 - 2014-07-31 10:49 - 00168448 _____ () C:\Users\Ward Harris\Downloads\Expense Report.xls
2014-07-21 07:58 - 2014-07-21 07:58 - 00000220 _____ () C:\Users\Ward Harris\Desktop\Official Gmail Blog 10 Gmail gadgets to try.url
2014-07-21 07:23 - 2014-07-31 10:14 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 05:02 - 2014-07-24 18:22 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 05:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-21 05:01 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-21 05:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-21 04:45 - 2014-07-21 04:45 - 00003035 _____ () C:\Users\Ward Harris\Desktop\HiJackThis.lnk
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-21 04:43 - 2014-07-21 04:43 - 00001782 _____ () C:\sc-cleaner.txt
2014-07-21 04:32 - 2014-07-21 04:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-19 08:26 - 2014-07-19 08:26 - 00000189 _____ () C:\Users\Ward Harris\Desktop\US Plane Crash Lands In Uganda - YouTube.url
2014-07-17 20:29 - 2014-07-17 20:29 - 00000424 _____ () C:\Users\Ward Harris\Desktop\10 Tricks to Make Yourself a Chromecast Master.url
2014-07-11 07:06 - 2014-07-12 09:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Livedrive
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livedrive
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\Program Files (x86)\Livedrive
2014-07-11 07:06 - 2012-11-10 10:56 - 00223592 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsNetRdr3.dll
2014-07-11 07:06 - 2012-11-10 10:56 - 00141672 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsNetRdr3.dll
2014-07-11 07:06 - 2012-11-10 10:55 - 00190312 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsMntNtf3.dll
2014-07-11 07:06 - 2012-11-10 10:55 - 00158056 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsMntNtf3.dll
2014-07-11 07:06 - 2012-11-10 10:50 - 00352008 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs3.sys
2014-07-10 08:01 - 2014-07-10 08:05 - 00000104 _____ () C:\Users\Ward Harris\Documents\Tor.txt
2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Tor Browser
2014-07-09 10:51 - 2014-07-09 10:51 - 00001135 _____ () C:\Users\Public\Desktop\Rosetta Stone TOTALe.lnk
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone Backups
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-07-09 10:49 - 2014-07-09 10:53 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdServices
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\Program Files (x86)\RosettaStoneLtdServices
2014-07-09 05:55 - 2014-07-09 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-07-08 15:52 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-08 15:33 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-08 15:33 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-08 15:33 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-08 15:33 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-08 15:33 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-08 15:33 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-08 15:33 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-08 15:33 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-08 15:33 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-08 15:33 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-08 15:32 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-08 15:32 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-08 15:32 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-08 15:32 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-08 15:32 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-08 15:32 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-08 15:32 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-08 15:32 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-08 15:32 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-08 15:32 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-08 15:32 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-08 15:32 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-08 15:32 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-08 15:32 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-08 15:32 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-08 15:32 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-08 15:32 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-08 15:32 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-08 15:32 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-08 15:32 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-08 15:32 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-08 15:32 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-08 15:32 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-08 15:32 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-08 15:32 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-08 15:32 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-08 15:32 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-08 15:32 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-08 15:32 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-08 15:31 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-08 15:31 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-08 15:31 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-08 15:31 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-08 15:31 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 15:31 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-08 15:31 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-08 15:31 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 15:31 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-08 15:31 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-08 15:31 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-08 15:31 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-08 15:31 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-08 15:31 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-08 15:31 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-08 15:30 - 2014-07-08 15:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-06 16:04 - 2014-07-06 16:04 - 00000000 ____D () C:\Users\Ward Harris\Documents\Streaming Audio Recorder
2014-07-06 16:03 - 2014-07-06 16:03 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apowersoft
2014-07-06 14:58 - 2014-07-06 14:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-07-06 10:22 - 2014-07-06 10:22 - 00000182 _____ () C:\Users\Ward Harris\Desktop\Judicial Watch  Welcome.url
2014-07-05 07:28 - 2014-07-05 07:28 - 00000000 ____D () C:\Users\Ward Harris\xinorbis
2014-07-03 11:02 - 2014-07-06 15:31 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Games
2014-07-02 07:52 - 2014-07-30 19:07 - 08556070 _____ () C:\Users\Ward Harris\Andy.log
2014-07-02 07:52 - 2014-07-30 18:51 - 00000000 ____D () C:\Users\Ward Harris\Andy
2014-07-02 07:52 - 2014-07-02 07:52 - 00000240 _____ () C:\Users\Ward Harris\HandyAndy.ini
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\Users\Ward Harris\Andy_SF
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\Program Files\Oracle
2014-07-02 07:51 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2014-07-02 07:51 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2014-07-02 07:12 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-07-02 07:11 - 2014-07-23 04:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-02 07:11 - 2014-07-02 07:11 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-02 06:59 - 2014-07-02 07:52 - 00000000 ____D () C:\Program Files\Andy
2014-07-02 06:59 - 2014-07-02 07:45 - 01177208 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanupTool.exe
2014-07-02 06:59 - 2014-07-02 07:45 - 01176696 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanVM.exe
2014-07-01 05:36 - 2014-07-01 05:36 - 00001916 _____ () C:\Users\Public\Desktop\Wondershare QuizCreator Online.lnk
2014-07-01 05:36 - 2014-07-01 05:36 - 00001211 _____ () C:\Users\Public\Desktop\Wondershare QuizCreator.lnk
2014-07-01 05:36 - 2014-07-01 05:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-07-01 05:36 - 2014-07-01 05:36 - 00000000 ____D () C:\Program Files (x86)\Wondershare

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 13:13 - 2014-07-24 18:03 - 00000000 ____D () C:\FRST
2014-07-31 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-31 12:56 - 2014-06-11 20:50 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-831231532-1518658252-4247205751-1001
2014-07-31 12:22 - 2014-06-12 14:11 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 12:22 - 2014-06-12 14:11 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 11:32 - 2014-06-11 21:06 - 01376761 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-31 10:57 - 2014-06-11 21:09 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-31 10:54 - 2013-08-22 09:46 - 00312308 _____ () C:\WINDOWS\setupact.log
2014-07-31 10:49 - 2014-07-21 08:35 - 00168448 _____ () C:\Users\Ward Harris\Downloads\Expense Report.xls
2014-07-31 10:14 - 2014-07-21 07:23 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Skype
2014-07-31 06:51 - 2014-07-31 06:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-31 06:49 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\DMCache
2014-07-31 06:47 - 2014-06-11 22:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-31 06:47 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-31 06:42 - 2014-07-31 06:42 - 02347384 _____ (ESET) C:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe
2014-07-31 05:35 - 2014-07-31 05:35 - 00022886 _____ () C:\Users\Ward Harris\Desktop\Timesheet Ward Harris.xlsx
2014-07-31 05:33 - 2014-07-31 05:33 - 00012322 _____ () C:\Users\Ward Harris\Desktop\Schwab.xlsx
2014-07-31 05:31 - 2014-06-12 17:21 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Recepies
2014-07-31 05:15 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\Downloads\Compressed
2014-07-31 04:34 - 2014-06-14 20:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-31 04:27 - 2014-07-31 04:27 - 00001558 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-07-31 04:27 - 2014-06-14 20:51 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Adobe
2014-07-30 19:07 - 2014-07-02 07:52 - 08556070 _____ () C:\Users\Ward Harris\Andy.log
2014-07-30 18:51 - 2014-07-02 07:52 - 00000000 ____D () C:\Users\Ward Harris\Andy
2014-07-30 18:51 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Ward Harris\.VirtualBox
2014-07-30 17:05 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\Downloads\Video
2014-07-30 14:14 - 2014-07-30 14:14 - 00000569 _____ () C:\Users\Ward Harris\Desktop\5 Essential Add-Ons For Dropbox.url
2014-07-30 13:45 - 2014-06-12 14:52 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\vlc
2014-07-30 13:44 - 2014-07-30 13:44 - 00000809 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-30 13:16 - 2014-07-30 13:16 - 00000953 _____ () C:\Users\Ward Harris\Desktop\Customize Fences.lnk
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 __HDC () C:\ProgramData\{FA418120-C277-40A2-855B-F71E56D2E902}
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-07-30 13:06 - 2014-06-11 21:03 - 00000000 ____D () C:\Users\Ward Harris
2014-07-30 13:06 - 2014-06-11 21:00 - 00028986 _____ () C:\WINDOWS\PFRO.log
2014-07-30 10:14 - 2014-07-30 10:14 - 00000240 _____ () C:\Users\Ward Harris\Desktop\Understanding and Using Firewalls.url
2014-07-30 09:16 - 2014-07-30 09:16 - 00005309 _____ () C:\Users\Ward Harris\Downloads\Purge_Fences.bat
2014-07-30 09:13 - 2014-07-30 09:13 - 00000205 _____ () C:\Users\Ward Harris\Desktop\General Tsos Chicken Recipe - Deep-fried.Food.com.url
2014-07-30 09:10 - 2014-07-30 09:10 - 00000192 _____ () C:\Users\Ward Harris\Desktop\Bourbon Chicken Recipe - Food.com.url
2014-07-29 21:40 - 2014-06-12 18:24 - 00000000 ____D () C:\ProgramData\Stardock
2014-07-29 05:39 - 2014-07-29 05:39 - 00000236 _____ () C:\Users\Ward Harris\Desktop\DUDE FOR FOOD Diplahan Lechon The Best of Mindanao Lechon, Now in Manila.url
2014-07-28 12:54 - 2013-08-22 09:44 - 05098560 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-28 12:54 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-28 09:58 - 2014-07-28 07:39 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Netflix
2014-07-28 09:28 - 2014-07-28 09:28 - 00000281 _____ () C:\Users\Ward Harris\Desktop\Pat's Beer Can Grilled Chicken Recipe  Patrick and Gina Neely  Food Network.url
2014-07-28 08:21 - 2014-07-28 08:21 - 00000236 _____ () C:\Users\Ward Harris\Desktop\Weight Loss Help - Free Diet Program Guides & Tools  Medifast.url
2014-07-28 08:16 - 2014-07-28 08:16 - 00000176 _____ () C:\Users\Ward Harris\Desktop\Movies - Moreflicks.com.url
2014-07-28 02:00 - 2014-06-14 20:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-27 09:37 - 2012-10-07 12:02 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Adobe
2014-07-27 09:35 - 2014-07-27 09:35 - 00003506 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-G75V-Ward Harris
2014-07-27 09:35 - 2014-07-27 09:35 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\PDAppFlex
2014-07-27 09:32 - 2014-07-27 09:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-27 09:29 - 2014-07-27 09:29 - 00000965 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-07-27 09:29 - 2014-07-27 09:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-27 09:28 - 2014-07-27 09:28 - 00000910 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2014-07-27 09:27 - 2014-07-27 09:27 - 00000935 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-07-27 09:27 - 2014-07-27 09:27 - 00000882 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2014-07-27 09:26 - 2014-07-27 09:26 - 00001539 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-07-27 09:26 - 2014-07-27 09:26 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-07-27 09:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-27 06:29 - 2014-06-12 14:30 - 00004220 _____ () C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2014-07-27 06:29 - 2014-06-12 14:30 - 00003496 _____ () C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2014-07-27 06:28 - 2014-06-12 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-07-27 06:21 - 2014-07-27 06:21 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-26 11:01 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\IDM
2014-07-25 09:19 - 2014-07-25 09:19 - 00000361 _____ () C:\Users\Ward Harris\Desktop\Free Online Photo & Video Classes, Workshops & Tips  CreativeLive - Learn. Be Inspired..url
2014-07-24 19:42 - 2014-06-18 08:21 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Battle.net
2014-07-24 19:42 - 2014-06-18 08:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 18:35 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\SchCache
2014-07-24 18:22 - 2014-07-21 05:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 13:38 - 2014-07-24 13:38 - 00022878 _____ () C:\Users\Ward Harris\Documents\Copy of Timesheet Deployed Employee.xlsx
2014-07-23 20:34 - 2014-07-23 20:34 - 00000308 _____ () C:\Users\Ward Harris\Desktop\Documentary Photography and Photojournalism Still Images of a World in Motion  Writing and Humanistic Studies  MIT OpenCourseWare.url
2014-07-23 12:44 - 2014-07-23 12:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-23 12:40 - 2014-07-23 12:40 - 00000586 _____ () C:\Users\Ward Harris\Desktop\KMPlayer.lnk
2014-07-23 12:40 - 2014-07-23 12:40 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-07-23 09:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Globalization
2014-07-23 08:54 - 2014-06-12 17:22 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Utlities
2014-07-23 07:39 - 2014-07-23 07:39 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\CrashRpt
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\Documents\Outlook Files
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\3815B7D9-BF1D-4809-8106-0AD11A7C0539.aplzod
2014-07-23 06:29 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apple Computer
2014-07-23 06:28 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple Computer
2014-07-23 04:44 - 2014-07-23 04:44 - 00000199 _____ () C:\Users\Ward Harris\Desktop\1000 Life Hacks.url
2014-07-23 04:41 - 2014-07-23 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-23 04:41 - 2014-07-23 04:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-23 04:41 - 2014-07-23 04:40 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 04:40 - 2014-07-23 04:40 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 04:37 - 2014-07-23 04:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-07-23 04:37 - 2014-07-02 07:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-22 17:27 - 2014-07-22 17:26 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\IrfanView
2014-07-22 17:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-22 17:10 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-21 07:58 - 2014-07-21 07:58 - 00000220 _____ () C:\Users\Ward Harris\Desktop\Official Gmail Blog 10 Gmail gadgets to try.url
2014-07-21 07:23 - 2014-07-21 07:23 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 06:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Branding
2014-07-21 05:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-07-21 05:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 04:45 - 2014-07-21 04:45 - 00003035 _____ () C:\Users\Ward Harris\Desktop\HiJackThis.lnk
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-21 04:43 - 2014-07-21 04:43 - 00001782 _____ () C:\sc-cleaner.txt
2014-07-21 04:32 - 2014-07-21 04:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-19 08:26 - 2014-07-19 08:26 - 00000189 _____ () C:\Users\Ward Harris\Desktop\US Plane Crash Lands In Uganda - YouTube.url
2014-07-17 20:29 - 2014-07-17 20:29 - 00000424 _____ () C:\Users\Ward Harris\Desktop\10 Tricks to Make Yourself a Chromecast Master.url
2014-07-14 12:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-12 09:44 - 2014-07-11 07:06 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Livedrive
2014-07-12 07:56 - 2014-06-20 14:28 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Deployment
2014-07-12 06:17 - 2014-06-25 16:11 - 00000000 ____D () C:\Program Files\pia_manager
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livedrive
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\Program Files (x86)\Livedrive
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 08:05 - 2014-07-10 08:01 - 00000104 _____ () C:\Users\Ward Harris\Documents\Tor.txt
2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Tor Browser
2014-07-09 23:16 - 2014-07-22 16:49 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-09 23:03 - 2014-07-22 16:49 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-09 22:33 - 2014-07-22 16:49 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-09 10:53 - 2014-07-09 10:49 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-07-09 10:51 - 2014-07-09 10:51 - 00001135 _____ () C:\Users\Public\Desktop\Rosetta Stone TOTALe.lnk
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone Backups
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdServices
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\Program Files (x86)\RosettaStoneLtdServices
2014-07-09 05:55 - 2014-07-09 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-07-08 15:56 - 2014-06-12 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-08 15:55 - 2014-06-11 22:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-08 15:54 - 2014-06-11 22:09 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 15:52 - 2013-08-22 14:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 15:30 - 2014-07-08 15:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-06 16:04 - 2014-07-06 16:04 - 00000000 ____D () C:\Users\Ward Harris\Documents\Streaming Audio Recorder
2014-07-06 16:04 - 2014-06-11 20:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\VirtualStore
2014-07-06 16:03 - 2014-07-06 16:03 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apowersoft
2014-07-06 15:31 - 2014-07-03 11:02 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Games
2014-07-06 14:58 - 2014-07-06 14:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-07-06 10:22 - 2014-07-06 10:22 - 00000182 _____ () C:\Users\Ward Harris\Desktop\Judicial Watch  Welcome.url
2014-07-05 07:28 - 2014-07-05 07:28 - 00000000 ____D () C:\Users\Ward Harris\xinorbis
2014-07-05 06:59 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy
2014-07-03 19:45 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-02 07:52 - 2014-07-02 07:52 - 00000240 _____ () C:\Users\Ward Harris\HandyAndy.ini
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\Users\Ward Harris\Andy_SF
2014-07-02 07:52 - 2014-07-02 06:59 - 00000000 ____D () C:\Program Files\Andy
2014-07-02 07:52 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Ward Harris\VirtualBox VMs
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\Program Files\Oracle
2014-07-02 07:45 - 2014-07-02 06:59 - 01177208 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanupTool.exe
2014-07-02 07:45 - 2014-07-02 06:59 - 01176696 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanVM.exe
2014-07-02 07:11 - 2014-07-02 07:11 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-02 07:11 - 2014-06-12 19:36 - 00000000 ____D () C:\ProgramData\Apple
2014-07-01 05:36 - 2014-07-01 05:36 - 00001916 _____ () C:\Users\Public\Desktop\Wondershare QuizCreator Online.lnk
2014-07-01 05:36 - 2014-07-01 05:36 - 00001211 _____ () C:\Users\Public\Desktop\Wondershare QuizCreator.lnk
2014-07-01 05:36 - 2014-07-01 05:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-07-01 05:36 - 2014-07-01 05:36 - 00000000 ____D () C:\Program Files (x86)\Wondershare

Some content of TEMP:
====================
C:\Users\Ward Harris\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\Ward Harris\AppData\Local\Temp\LD8582.tmp.exe
C:\Users\Ward Harris\AppData\Local\Temp\LDA5B8.tmp.exe
C:\Users\Ward Harris\AppData\Local\Temp\ochelper.dll
C:\Users\Ward Harris\AppData\Local\Temp\ochelper.exe
C:\Users\Ward Harris\AppData\Local\Temp\vlc-2.1.5-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-28 05:25

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Ward Harris at 2014-07-31 13:13:50
Running from C:\FRST
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
ANDY OS (HKLM\...\ANDY OS) (Version: 1.1 - andyroid.net)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fences Pro (HKLM-x32\...\Fences Pro) (Version: 1.10.419.19935 - Stardock Corporation)
Fences Pro (Version: 1.10.419 - Stardock Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IE New Window Maximizer 2.4 (HKLM-x32\...\IE New Window Maximizer_is1) (Version:  - jiiSoft, Jonatan Dahl)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Jaikoz (64-bit) 6.2.0 (HKLM\...\Jaikoz (64-bit) 6.2.0) (Version: 6.2.0 - )
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Livedrive (HKLM\...\{AB1D35FC-31E0-4872-8466-12BDF42F513D}) (Version: 1.14.2.0 - Livedrive Internet Limited)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MMoCrawlerbots (HKLM-x32\...\MMoCrawlerbots) (Version:  - Haatan group Ltd.)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuizCreator (HKLM-x32\...\Wondershare QuizCreator (Build 4.5.1)_is1) (Version:  - Wondershare Software)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboForm 7-9-8-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-8-5 - Siber Systems)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.125 - PandoraTV)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-831231532-1518658252-4247205751-1001_Classes\CLSID\{ee786771-d5c7-4d57-b3af-663832ba1f0d}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

11-07-2014 12:06:17 Installed Livedrive
19-07-2014 11:19:42 Scheduled Checkpoint
21-07-2014 09:44:58 Installed HiJackThis
28-07-2014 10:25:36 Windows Update
30-07-2014 14:18:27 Revo Uninstaller's restore point - Stardock Fences 2

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-07-27 10:11 - 00001695 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 209.34.83.73:443
127.0.0.1 209.34.83.73:43
127.0.0.1 209.34.83.73
127.0.0.1 209.34.83.67:443
127.0.0.1 209.34.83.67:43
127.0.0.1 209.34.83.67
127.0.0.1 ood.opsource.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 199.7.52.190:80
127.0.0.1 199.7.52.190
127.0.0.1 adobeereg.com
127.0.0.1 OCSP.SPO1.VERISIGN.COM
127.0.0.1 199.7.54.72:80

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23931D42-01FB-4212-9099-91794B8C8922} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-08] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3A4EF9C7-C4E9-4EDC-948E-F6555674A283} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3CAC4D6F-484D-476C-9A23-B0A0A47B8DDD} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNMOJJJPMLMIMNMIMCNJJMJMMJMCNLMNJIMJMCNHMHMNJIMCNNJKJOMIMJJNMJMLMLMJMJJHMJNJICMIMCNGMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMKMHMMMJNHICMMJBJKJLIMJJNBJCMIKOJNILJPNHLOJNINIGJMIJNKJCMIKOJNILJBNHLOJNINIGJMIPLILCJOJGJDJBNMJAJCJJNNICMJNDJCMKJBJJNMJCMOMFMMMOMOMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8094C296-23FF-4B43-8AF7-ADFEB1D6A1D5} - System32\Tasks\AdobeAAMUpdater-1.0-G75V-Ward Harris => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AEBE52E-C633-4415-88D0-21343B442274} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {90C2045C-DF4E-49E3-AF6A-1EE023E8667B} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-07-27] (Siber Systems)
Task: {95BB5A52-F417-4EBF-9246-BF75D0CF6239} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A4AAD5C8-818C-4486-AAD6-56EB9B3A7849} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {B410B35D-6D85-4912-80DE-69793757A9F1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {BE61F73B-3691-427F-BFC4-9042436CB897} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {C1494BFF-CCEC-4803-B0C0-777D091FEEDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD6CA750-E1A0-4251-9CA5-EE0021E23C8A} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-07-12] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB5DDFE1-04A1-48BC-BD2D-E86AE60AD059} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {FCD2C07F-BACA-44BE-90DB-59F49C03B299} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-11 22:29 - 2014-05-19 20:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 02:17 - 2013-09-05 02:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-07-29 11:38 - 2013-07-29 11:38 - 00210584 _____ () C:\Program Files (x86)\Livedrive\VSSService.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Andy"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKCU\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKCU\...\StartupApproved\Run: => "swg"
HKCU\...\StartupApproved\Run: => "IDM"
HKCU\...\StartupApproved\Run: => "MediaUpdate"
HKCU\...\StartupApproved\Run: => "AdobeFlashPlayer"
HKCU\...\StartupApproved\Run: => "Livedrive"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B71FC91FA36E8D6AAD8192161A00AAA1"
HKCU\...\StartupApproved\Run: => "iCloudServices"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2014 10:31:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/31/2014 10:31:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/31/2014 06:51:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/31/2014 06:51:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/31/2014 06:51:05 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/31/2014 06:50:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/31/2014 06:47:07 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (07/31/2014 06:45:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/31/2014 06:43:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/31/2014 06:43:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

System errors:
=============
Error: (07/31/2014 06:47:07 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (07/31/2014 06:47:07 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (07/31/2014 06:47:07 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}

Error: (07/31/2014 06:04:55 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/31/2014 06:04:25 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/31/2014 05:07:41 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/31/2014 05:07:11 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/31/2014 03:53:24 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/31/2014 03:52:54 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/30/2014 06:58:06 AM) (Source: DCOM) (EventID: 10010) (User: G75V)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Microsoft Office Sessions:
=========================
Error: (07/31/2014 10:31:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe

Error: (07/31/2014 10:31:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe

Error: (07/31/2014 06:51:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe

Error: (07/31/2014 06:51:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe

Error: (07/31/2014 06:51:05 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe

Error: (07/31/2014 06:50:49 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe

Error: (07/31/2014 06:47:07 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (07/31/2014 06:45:36 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Ward Harris\Downloads\Programs\esetsmartinstaller_enu.exe

Error: (07/31/2014 06:43:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Ward Harris\Downloads\Programs\esetsmartinstaller_enu.exe

Error: (07/31/2014 06:43:06 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Ward Harris\Downloads\Programs\esetsmartinstaller_enu.exe

CodeIntegrity Errors:
===================================
  Date: 2014-07-31 03:52:30.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-30 06:57:12.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-29 06:38:42.848
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-27 03:04:04.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-24 06:48:43.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 03:53:15.997
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 03:53:15.836
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-23 03:06:46.525
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-21 05:06:26.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-07-18 11:23:46.439
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 16336.98 MB
Available physical RAM: 12958.32 MB
Total Pagefile: 18768.98 MB
Available Pagefile: 14905.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.96 GB) (Free:89.33 GB) NTFS
Drive d: (Spanish_LA_2) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS
Drive e: (New Volume) (Fixed) (Total:677.62 GB) (Free:355.94 GB) NTFS
Drive f: (BT5) (Removable) (Total:7.52 GB) (Free:7.31 GB) FAT32
Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:444.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238 GB) (Disk ID: D5ED4652)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 699 GB) (Disk ID: B19F8D36)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 8 GB) (Disk ID: CAD4EBEA)
Partition 4: (Active) - (Size=8 GB) - (Type=0B)

========================================================
Disk: 3 (Size: 932 GB) (Disk ID: 13959830)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 31 July 2014 - 02:35 PM

Let's do one more round:


Step 1

Please download this attached Attached File  fixlist.txt   1.31KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 ArcticPrince

ArcticPrince
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 01 August 2014 - 05:09 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Ward Harris (administrator) on G75V on 01-08-2014 05:07:55
Running from C:\FRST
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Livedrive\VSSService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\IDMan.exe
(jiiSoft) C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Internet Download Manager, Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Internet Download Manager, Tonec Inc.) E:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [923256 2014-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => E:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-07-09] (AimerSoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-06-12] (Google Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [IDMan] => E:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [IE New Window Maximizer] => C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe [356352 2005-02-09] (jiiSoft)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [Livedrive] => C:\Program Files (x86)\Livedrive\Livedrive.exe [1814680 2013-07-29] (Livedrive Internet Ltd)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21648480 2014-07-02] (Skype Technologies S.A.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [GoogleChromeAutoLaunch_B71FC91FA36E8D6AAD8192161A00AAA1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-07-27] (Siber Systems)
HKU\S-1-5-21-831231532-1518658252-4247205751-1001\...\Run: [AdobeBridge] => [X]
Startup: C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: BackupOverlay -> {B44A5D93-1351-41A1-BD91-5E92435D8ECD} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => E:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers: LivedriveDownloadOverlay -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSharedOverlay -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSyncedOverlay -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveUploadOverlay -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files (x86)\Livedrive\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x49DF6747EBA8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BrowserHelper Class -> {EDF48A39-1442-463F-9F4E-F376A78D034A} -> C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll (Livedrive Internet Ltd)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files (x86)\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Aimersoft Video Converter Ultimate 6.1.0 -> {D879895E-2124-4ED0-BDDF-F8F8BBC98A6F} -> C:\ProgramData\Aimersoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - E:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - E:\Program Files (x86)\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 - E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - E:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com
FF Extension: Aimersoft Video Converter Ultimate - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com [2014-08-01]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ward Harris\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Ward Harris\AppData\Roaming\IDM\idmmzcc5 [2014-07-26]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]
CHR Extension: (Google Drive) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]
CHR Extension: (YouTube) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]
CHR Extension: (Honey) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-07-27]
CHR Extension: (Google Search) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]
CHR Extension: (Google Calendar) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-27]
CHR Extension: (Full Screen Weather) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2014-07-27]
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-07-27]
CHR Extension: (IDM Integration Module) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-06-20]
CHR Extension: (Whois this!!) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb [2014-07-27]
CHR Extension: (Skype Click to Call) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-07-21]
CHR Extension: (FastestFox for Chrome) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2014-07-27]
CHR Extension: (Google Wallet) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-20]
CHR Extension: (FREE TV) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofddcjfikfghkmoapnjnmmflbcjohbic [2014-07-27]
CHR Extension: (World Clocks) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej [2014-07-27]
CHR Extension: (Gmail) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20]
CHR Extension: (RoboForm) - C:\Users\Ward Harris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-06-20]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - E:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nmapfhedmiiikmeicmclonepdhjgmlcn] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com.crx [2014-08-01]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-06-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2013-07-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 cbfs3; C:\WINDOWS\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 04:11 - 2014-08-01 04:11 - 00000914 _____ () C:\Users\Ward Harris\Desktop\Any Video Converter.lnk
2014-08-01 04:11 - 2014-08-01 04:11 - 00000000 ____D () C:\Users\Ward Harris\Documents\Any Video Converter
2014-08-01 04:11 - 2014-08-01 04:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\AnvSoft
2014-08-01 04:11 - 2014-08-01 04:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-08-01 03:53 - 2014-08-01 03:53 - 00000000 ____D () C:\Users\Ward Harris\Documents\Aimersoft Video Converter Ultimate
2014-08-01 03:52 - 2014-08-01 03:53 - 00000000 ____D () C:\ProgramData\Aimersoft Video Converter Ultimate
2014-08-01 03:52 - 2014-08-01 03:52 - 00001095 _____ () C:\Users\Public\Desktop\Aimersoft Video Converter Ultimate.lnk
2014-08-01 03:52 - 2014-08-01 03:52 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Aimersoft
2014-08-01 03:52 - 2014-08-01 03:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
2014-08-01 03:52 - 2014-08-01 03:52 - 00000000 ____D () C:\ProgramData\Aimersoft
2014-08-01 03:52 - 2013-08-23 13:36 - 00721263 _____ () C:\WINDOWS\SysWOW64\AiCM64.dll
2014-08-01 03:52 - 2013-08-07 14:31 - 00214528 _____ () C:\WINDOWS\SysWOW64\AiCM32.dll
2014-08-01 03:50 - 2014-08-01 03:51 - 00000000 ____D () C:\Users\Public\Documents\Aimersoft
2014-07-31 15:11 - 2014-07-31 15:11 - 00000281 _____ () C:\Users\Ward Harris\Desktop\17 obscure Windows tools and tricks too powerful to overlook  PCWorld.url
2014-07-31 14:32 - 2014-07-31 14:32 - 00000000 ____D () C:\Users\Ward Harris\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-07-31 06:51 - 2014-07-31 06:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-31 06:42 - 2014-07-31 06:42 - 02347384 _____ (ESET) C:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe
2014-07-31 05:35 - 2014-07-31 05:35 - 00022886 _____ () C:\Users\Ward Harris\Desktop\Timesheet Ward Harris.xlsx
2014-07-31 05:33 - 2014-07-31 15:36 - 00012367 _____ () C:\Users\Ward Harris\Desktop\Schwab.xlsx
2014-07-31 04:27 - 2014-07-31 04:27 - 00001558 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-07-30 14:14 - 2014-07-30 14:14 - 00000569 _____ () C:\Users\Ward Harris\Desktop\5 Essential Add-Ons For Dropbox.url
2014-07-30 13:44 - 2014-07-30 13:44 - 00000809 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-30 13:16 - 2014-07-30 13:16 - 00000953 _____ () C:\Users\Ward Harris\Desktop\Customize Fences.lnk
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 __HDC () C:\ProgramData\{FA418120-C277-40A2-855B-F71E56D2E902}
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-07-30 10:14 - 2014-07-30 10:14 - 00000240 _____ () C:\Users\Ward Harris\Desktop\Understanding and Using Firewalls.url
2014-07-30 09:16 - 2014-07-30 09:16 - 00005309 _____ () C:\Users\Ward Harris\Downloads\Purge_Fences.bat
2014-07-28 08:21 - 2014-07-28 08:21 - 00000236 _____ () C:\Users\Ward Harris\Desktop\Weight Loss Help - Free Diet Program Guides & Tools  Medifast.url
2014-07-28 08:16 - 2014-07-28 08:16 - 00000176 _____ () C:\Users\Ward Harris\Desktop\Movies - Moreflicks.com.url
2014-07-28 07:39 - 2014-07-28 09:58 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Netflix
2014-07-27 09:35 - 2014-07-27 09:35 - 00003506 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-G75V-Ward Harris
2014-07-27 09:35 - 2014-07-27 09:35 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\PDAppFlex
2014-07-27 09:29 - 2014-07-27 09:29 - 00000965 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-07-27 09:29 - 2014-07-27 09:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-27 09:28 - 2014-07-27 09:28 - 00000910 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2014-07-27 09:27 - 2014-07-27 09:27 - 00000935 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-07-27 09:27 - 2014-07-27 09:27 - 00000882 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2014-07-27 09:26 - 2014-07-27 09:26 - 00001539 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-07-27 09:26 - 2014-07-27 09:26 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-07-27 09:25 - 2014-07-27 09:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-27 06:21 - 2014-07-27 06:21 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-25 09:19 - 2014-07-25 09:19 - 00000361 _____ () C:\Users\Ward Harris\Desktop\Free Online Photo & Video Classes, Workshops & Tips  CreativeLive - Learn. Be Inspired..url
2014-07-24 18:03 - 2014-08-01 05:07 - 00000000 ____D () C:\FRST
2014-07-24 13:38 - 2014-07-24 13:38 - 00022878 _____ () C:\Users\Ward Harris\Documents\Copy of Timesheet Deployed Employee.xlsx
2014-07-23 20:34 - 2014-07-23 20:34 - 00000308 _____ () C:\Users\Ward Harris\Desktop\Documentary Photography and Photojournalism Still Images of a World in Motion  Writing and Humanistic Studies  MIT OpenCourseWare.url
2014-07-23 12:44 - 2014-07-23 12:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-23 12:40 - 2014-07-23 12:40 - 00000586 _____ () C:\Users\Ward Harris\Desktop\KMPlayer.lnk
2014-07-23 12:40 - 2014-07-23 12:40 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-07-23 07:39 - 2014-07-23 07:39 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\CrashRpt
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\Documents\Outlook Files
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\3815B7D9-BF1D-4809-8106-0AD11A7C0539.aplzod
2014-07-23 06:02 - 2014-06-09 03:41 - 00180136 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2014-07-23 04:44 - 2014-07-23 04:44 - 00000199 _____ () C:\Users\Ward Harris\Desktop\1000 Life Hacks.url
2014-07-23 04:41 - 2014-07-23 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-23 04:40 - 2014-07-23 04:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-23 04:40 - 2014-07-23 04:41 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 04:40 - 2014-07-23 04:40 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 04:37 - 2014-07-23 04:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-07-22 17:26 - 2014-07-22 17:27 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\IrfanView
2014-07-22 16:49 - 2014-07-09 23:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-22 16:49 - 2014-07-09 23:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-22 16:49 - 2014-07-09 22:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-21 08:35 - 2014-07-31 10:49 - 00168448 _____ () C:\Users\Ward Harris\Downloads\Expense Report.xls
2014-07-21 07:58 - 2014-07-21 07:58 - 00000220 _____ () C:\Users\Ward Harris\Desktop\Official Gmail Blog 10 Gmail gadgets to try.url
2014-07-21 07:23 - 2014-07-31 16:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-21 07:23 - 2014-07-31 10:14 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 05:02 - 2014-07-24 18:22 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 05:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-21 05:01 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-21 05:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-21 04:45 - 2014-07-21 04:45 - 00003035 _____ () C:\Users\Ward Harris\Desktop\HiJackThis.lnk
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-21 04:43 - 2014-07-21 04:43 - 00001782 _____ () C:\sc-cleaner.txt
2014-07-21 04:32 - 2014-07-21 04:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-19 08:26 - 2014-07-19 08:26 - 00000189 _____ () C:\Users\Ward Harris\Desktop\US Plane Crash Lands In Uganda - YouTube.url
2014-07-17 20:29 - 2014-07-17 20:29 - 00000424 _____ () C:\Users\Ward Harris\Desktop\10 Tricks to Make Yourself a Chromecast Master.url
2014-07-11 07:06 - 2014-07-12 09:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Livedrive
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livedrive
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\Program Files (x86)\Livedrive
2014-07-11 07:06 - 2012-11-10 10:56 - 00223592 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsNetRdr3.dll
2014-07-11 07:06 - 2012-11-10 10:56 - 00141672 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsNetRdr3.dll
2014-07-11 07:06 - 2012-11-10 10:55 - 00190312 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsMntNtf3.dll
2014-07-11 07:06 - 2012-11-10 10:55 - 00158056 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsMntNtf3.dll
2014-07-11 07:06 - 2012-11-10 10:50 - 00352008 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs3.sys
2014-07-10 08:01 - 2014-07-10 08:05 - 00000104 _____ () C:\Users\Ward Harris\Documents\Tor.txt
2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Tor Browser
2014-07-09 10:51 - 2014-07-09 10:51 - 00001135 _____ () C:\Users\Public\Desktop\Rosetta Stone TOTALe.lnk
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone Backups
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-07-09 10:49 - 2014-07-09 10:53 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdServices
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\Program Files (x86)\RosettaStoneLtdServices
2014-07-09 05:55 - 2014-07-09 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-07-08 15:52 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-08 15:33 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-08 15:33 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-08 15:33 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-08 15:33 - 2014-06-18 18:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-08 15:33 - 2014-06-18 17:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-08 15:33 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-08 15:33 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-08 15:33 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-08 15:33 - 2014-06-06 09:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-08 15:33 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-08 15:32 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-08 15:32 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-08 15:32 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-08 15:32 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-08 15:32 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-08 15:32 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-08 15:32 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-08 15:32 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-08 15:32 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-08 15:32 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-08 15:32 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-08 15:32 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-08 15:32 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-08 15:32 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-08 15:32 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-08 15:32 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-08 15:32 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-08 15:32 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-08 15:32 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-08 15:32 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-08 15:32 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-08 15:32 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-08 15:32 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-08 15:32 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-08 15:32 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-08 15:32 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-08 15:32 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-08 15:32 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-08 15:32 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-08 15:31 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-08 15:31 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-08 15:31 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-08 15:31 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-08 15:31 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 15:31 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-08 15:31 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-08 15:31 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 15:31 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-08 15:31 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-08 15:31 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-08 15:31 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-08 15:31 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-08 15:31 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-08 15:31 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-08 15:30 - 2014-07-08 15:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-06 16:04 - 2014-07-06 16:04 - 00000000 ____D () C:\Users\Ward Harris\Documents\Streaming Audio Recorder
2014-07-06 16:03 - 2014-07-06 16:03 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apowersoft
2014-07-06 14:58 - 2014-07-06 14:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-07-06 10:22 - 2014-07-06 10:22 - 00000182 _____ () C:\Users\Ward Harris\Desktop\Judicial Watch  Welcome.url
2014-07-05 07:28 - 2014-07-05 07:28 - 00000000 ____D () C:\Users\Ward Harris\xinorbis
2014-07-03 11:02 - 2014-07-06 15:31 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Games
2014-07-02 07:52 - 2014-07-31 20:01 - 08722294 _____ () C:\Users\Ward Harris\Andy.log
2014-07-02 07:52 - 2014-07-31 19:58 - 00000000 ____D () C:\Users\Ward Harris\Andy
2014-07-02 07:52 - 2014-07-02 07:52 - 00000240 _____ () C:\Users\Ward Harris\HandyAndy.ini
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\Users\Ward Harris\Andy_SF
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\Program Files\Oracle
2014-07-02 07:51 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2014-07-02 07:51 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2014-07-02 07:12 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-07-02 07:11 - 2014-07-23 04:37 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-02 07:11 - 2014-07-02 07:11 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-02 06:59 - 2014-07-02 07:52 - 00000000 ____D () C:\Program Files\Andy
2014-07-02 06:59 - 2014-07-02 07:45 - 01177208 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanupTool.exe
2014-07-02 06:59 - 2014-07-02 07:45 - 01176696 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanVM.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-01 05:07 - 2014-07-24 18:03 - 00000000 ____D () C:\FRST
2014-08-01 05:07 - 2014-06-11 21:09 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-01 05:05 - 2014-06-11 20:50 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-831231532-1518658252-4247205751-1001
2014-08-01 05:00 - 2014-06-12 14:11 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 04:59 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\DMCache
2014-08-01 04:59 - 2014-06-11 22:30 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-01 04:59 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-01 04:57 - 2014-06-11 20:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\VirtualStore
2014-08-01 04:22 - 2014-06-12 14:11 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 04:16 - 2013-08-22 09:46 - 00313189 _____ () C:\WINDOWS\setupact.log
2014-08-01 04:11 - 2014-08-01 04:11 - 00000914 _____ () C:\Users\Ward Harris\Desktop\Any Video Converter.lnk
2014-08-01 04:11 - 2014-08-01 04:11 - 00000000 ____D () C:\Users\Ward Harris\Documents\Any Video Converter
2014-08-01 04:11 - 2014-08-01 04:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\AnvSoft
2014-08-01 04:11 - 2014-08-01 04:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2014-08-01 04:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-01 03:59 - 2014-06-11 21:06 - 01392450 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-01 03:53 - 2014-08-01 03:53 - 00000000 ____D () C:\Users\Ward Harris\Documents\Aimersoft Video Converter Ultimate
2014-08-01 03:53 - 2014-08-01 03:52 - 00000000 ____D () C:\ProgramData\Aimersoft Video Converter Ultimate
2014-08-01 03:52 - 2014-08-01 03:52 - 00001095 _____ () C:\Users\Public\Desktop\Aimersoft Video Converter Ultimate.lnk
2014-08-01 03:52 - 2014-08-01 03:52 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Aimersoft
2014-08-01 03:52 - 2014-08-01 03:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aimersoft
2014-08-01 03:52 - 2014-08-01 03:52 - 00000000 ____D () C:\ProgramData\Aimersoft
2014-08-01 03:51 - 2014-08-01 03:50 - 00000000 ____D () C:\Users\Public\Documents\Aimersoft
2014-08-01 03:39 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\Downloads\Compressed
2014-08-01 02:00 - 2014-06-14 20:51 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Adobe
2014-07-31 20:46 - 2014-06-12 17:21 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Recepies
2014-07-31 20:01 - 2014-07-02 07:52 - 08722294 _____ () C:\Users\Ward Harris\Andy.log
2014-07-31 19:58 - 2014-07-02 07:52 - 00000000 ____D () C:\Users\Ward Harris\Andy
2014-07-31 19:58 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Ward Harris\.VirtualBox
2014-07-31 16:57 - 2014-07-21 07:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 15:36 - 2014-07-31 05:33 - 00012367 _____ () C:\Users\Ward Harris\Desktop\Schwab.xlsx
2014-07-31 15:11 - 2014-07-31 15:11 - 00000281 _____ () C:\Users\Ward Harris\Desktop\17 obscure Windows tools and tricks too powerful to overlook  PCWorld.url
2014-07-31 14:32 - 2014-07-31 14:32 - 00000000 ____D () C:\Users\Ward Harris\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-07-31 10:49 - 2014-07-21 08:35 - 00168448 _____ () C:\Users\Ward Harris\Downloads\Expense Report.xls
2014-07-31 10:14 - 2014-07-21 07:23 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Skype
2014-07-31 06:51 - 2014-07-31 06:51 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-31 06:42 - 2014-07-31 06:42 - 02347384 _____ (ESET) C:\Users\Ward Harris\Desktop\esetsmartinstaller_enu.exe
2014-07-31 05:35 - 2014-07-31 05:35 - 00022886 _____ () C:\Users\Ward Harris\Desktop\Timesheet Ward Harris.xlsx
2014-07-31 04:34 - 2014-06-14 20:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-31 04:27 - 2014-07-31 04:27 - 00001558 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-07-30 17:05 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\Downloads\Video
2014-07-30 14:14 - 2014-07-30 14:14 - 00000569 _____ () C:\Users\Ward Harris\Desktop\5 Essential Add-Ons For Dropbox.url
2014-07-30 13:45 - 2014-06-12 14:52 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\vlc
2014-07-30 13:44 - 2014-07-30 13:44 - 00000809 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-30 13:16 - 2014-07-30 13:16 - 00000953 _____ () C:\Users\Ward Harris\Desktop\Customize Fences.lnk
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 __HDC () C:\ProgramData\{FA418120-C277-40A2-855B-F71E56D2E902}
2014-07-30 13:16 - 2014-07-30 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2014-07-30 13:06 - 2014-06-11 21:03 - 00000000 ____D () C:\Users\Ward Harris
2014-07-30 13:06 - 2014-06-11 21:00 - 00028986 _____ () C:\WINDOWS\PFRO.log
2014-07-30 10:14 - 2014-07-30 10:14 - 00000240 _____ () C:\Users\Ward Harris\Desktop\Understanding and Using Firewalls.url
2014-07-30 09:16 - 2014-07-30 09:16 - 00005309 _____ () C:\Users\Ward Harris\Downloads\Purge_Fences.bat
2014-07-29 21:40 - 2014-06-12 18:24 - 00000000 ____D () C:\ProgramData\Stardock
2014-07-28 12:54 - 2013-08-22 09:44 - 05098560 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-28 12:54 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-28 09:58 - 2014-07-28 07:39 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Netflix
2014-07-28 08:21 - 2014-07-28 08:21 - 00000236 _____ () C:\Users\Ward Harris\Desktop\Weight Loss Help - Free Diet Program Guides & Tools  Medifast.url
2014-07-28 08:16 - 2014-07-28 08:16 - 00000176 _____ () C:\Users\Ward Harris\Desktop\Movies - Moreflicks.com.url
2014-07-28 02:00 - 2014-06-14 20:41 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-27 09:37 - 2012-10-07 12:02 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Adobe
2014-07-27 09:35 - 2014-07-27 09:35 - 00003506 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-G75V-Ward Harris
2014-07-27 09:35 - 2014-07-27 09:35 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\PDAppFlex
2014-07-27 09:32 - 2014-07-27 09:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-27 09:29 - 2014-07-27 09:29 - 00000965 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2014-07-27 09:29 - 2014-07-27 09:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-27 09:28 - 2014-07-27 09:28 - 00000910 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2014-07-27 09:27 - 2014-07-27 09:27 - 00000935 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2014-07-27 09:27 - 2014-07-27 09:27 - 00000882 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2014-07-27 09:26 - 2014-07-27 09:26 - 00001539 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2014-07-27 09:26 - 2014-07-27 09:26 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2014-07-27 09:25 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-27 06:29 - 2014-06-12 14:30 - 00004220 _____ () C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2014-07-27 06:29 - 2014-06-12 14:30 - 00003496 _____ () C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2014-07-27 06:28 - 2014-06-12 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-07-27 06:21 - 2014-07-27 06:21 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-26 11:01 - 2014-06-12 16:55 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\IDM
2014-07-25 09:19 - 2014-07-25 09:19 - 00000361 _____ () C:\Users\Ward Harris\Desktop\Free Online Photo & Video Classes, Workshops & Tips  CreativeLive - Learn. Be Inspired..url
2014-07-24 19:42 - 2014-06-18 08:21 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Battle.net
2014-07-24 19:42 - 2014-06-18 08:21 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 18:35 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\SchCache
2014-07-24 18:22 - 2014-07-21 05:02 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 13:38 - 2014-07-24 13:38 - 00022878 _____ () C:\Users\Ward Harris\Documents\Copy of Timesheet Deployed Employee.xlsx
2014-07-23 20:34 - 2014-07-23 20:34 - 00000308 _____ () C:\Users\Ward Harris\Desktop\Documentary Photography and Photojournalism Still Images of a World in Motion  Writing and Humanistic Studies  MIT OpenCourseWare.url
2014-07-23 12:44 - 2014-07-23 12:44 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-23 12:40 - 2014-07-23 12:40 - 00000586 _____ () C:\Users\Ward Harris\Desktop\KMPlayer.lnk
2014-07-23 12:40 - 2014-07-23 12:40 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2014-07-23 09:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Globalization
2014-07-23 08:54 - 2014-06-12 17:22 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Utlities
2014-07-23 07:39 - 2014-07-23 07:39 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\CrashRpt
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\Documents\Outlook Files
2014-07-23 06:29 - 2014-07-23 06:29 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\3815B7D9-BF1D-4809-8106-0AD11A7C0539.aplzod
2014-07-23 06:29 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apple Computer
2014-07-23 06:28 - 2014-06-25 16:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple Computer
2014-07-23 04:44 - 2014-07-23 04:44 - 00000199 _____ () C:\Users\Ward Harris\Desktop\1000 Life Hacks.url
2014-07-23 04:41 - 2014-07-23 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-23 04:41 - 2014-07-23 04:40 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-23 04:41 - 2014-07-23 04:40 - 00000000 ____D () C:\Program Files\iTunes
2014-07-23 04:40 - 2014-07-23 04:40 - 00000000 ____D () C:\Program Files\iPod
2014-07-23 04:37 - 2014-07-23 04:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-07-23 04:37 - 2014-07-02 07:11 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-22 17:27 - 2014-07-22 17:26 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\IrfanView
2014-07-22 17:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-22 17:10 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-21 07:58 - 2014-07-21 07:58 - 00000220 _____ () C:\Users\Ward Harris\Desktop\Official Gmail Blog 10 Gmail gadgets to try.url
2014-07-21 07:23 - 2014-07-21 07:23 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Skype
2014-07-21 07:23 - 2014-07-21 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-21 06:54 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Branding
2014-07-21 05:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-07-21 05:12 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-21 05:01 - 2014-07-21 05:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-21 04:45 - 2014-07-21 04:45 - 00003035 _____ () C:\Users\Ward Harris\Desktop\HiJackThis.lnk
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-21 04:45 - 2014-07-21 04:45 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-21 04:43 - 2014-07-21 04:43 - 00001782 _____ () C:\sc-cleaner.txt
2014-07-21 04:32 - 2014-07-21 04:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-19 08:26 - 2014-07-19 08:26 - 00000189 _____ () C:\Users\Ward Harris\Desktop\US Plane Crash Lands In Uganda - YouTube.url
2014-07-17 20:29 - 2014-07-17 20:29 - 00000424 _____ () C:\Users\Ward Harris\Desktop\10 Tricks to Make Yourself a Chromecast Master.url
2014-07-14 12:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-12 09:44 - 2014-07-11 07:06 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Livedrive
2014-07-12 07:56 - 2014-06-20 14:28 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Deployment
2014-07-12 06:17 - 2014-06-25 16:11 - 00000000 ____D () C:\Program Files\pia_manager
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livedrive
2014-07-11 07:06 - 2014-07-11 07:06 - 00000000 ____D () C:\Program Files (x86)\Livedrive
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 08:05 - 2014-07-10 08:01 - 00000104 _____ () C:\Users\Ward Harris\Documents\Tor.txt
2014-07-10 07:35 - 2014-07-10 07:35 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Tor Browser
2014-07-09 23:16 - 2014-07-22 16:49 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-07-09 23:03 - 2014-07-22 16:49 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-07-09 22:33 - 2014-07-22 16:49 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-07-09 10:53 - 2014-07-09 10:49 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-07-09 10:51 - 2014-07-09 10:51 - 00001135 _____ () C:\Users\Public\Desktop\Rosetta Stone TOTALe.lnk
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone Backups
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2014-07-09 10:51 - 2014-07-09 10:51 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdServices
2014-07-09 10:49 - 2014-07-09 10:49 - 00000000 ____D () C:\Program Files (x86)\RosettaStoneLtdServices
2014-07-09 05:55 - 2014-07-09 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-07-08 15:56 - 2014-06-12 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-08 15:55 - 2014-06-11 22:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-08 15:54 - 2014-06-11 22:09 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-08 15:52 - 2013-08-22 14:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-08 15:30 - 2014-07-08 15:30 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-06 16:04 - 2014-07-06 16:04 - 00000000 ____D () C:\Users\Ward Harris\Documents\Streaming Audio Recorder
2014-07-06 16:03 - 2014-07-06 16:03 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Apowersoft
2014-07-06 15:31 - 2014-07-03 11:02 - 00000000 ____D () C:\Users\Ward Harris\Desktop\Games
2014-07-06 14:58 - 2014-07-06 14:58 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-07-06 10:22 - 2014-07-06 10:22 - 00000182 _____ () C:\Users\Ward Harris\Desktop\Judicial Watch  Welcome.url
2014-07-05 07:28 - 2014-07-05 07:28 - 00000000 ____D () C:\Users\Ward Harris\xinorbis
2014-07-05 06:59 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Ward Harris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy
2014-07-03 19:45 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-02 07:52 - 2014-07-02 07:52 - 00000240 _____ () C:\Users\Ward Harris\HandyAndy.ini
2014-07-02 07:52 - 2014-07-02 07:52 - 00000000 ____D () C:\Users\Ward Harris\Andy_SF
2014-07-02 07:52 - 2014-07-02 06:59 - 00000000 ____D () C:\Program Files\Andy
2014-07-02 07:52 - 2014-06-12 19:36 - 00000000 ____D () C:\Users\Ward Harris\VirtualBox VMs
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-02 07:51 - 2014-07-02 07:51 - 00000000 ____D () C:\Program Files\Oracle
2014-07-02 07:45 - 2014-07-02 06:59 - 01177208 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanupTool.exe
2014-07-02 07:45 - 2014-07-02 06:59 - 01176696 _____ () C:\Users\Ward Harris\AppData\Roaming\AndyCleanVM.exe
2014-07-02 07:11 - 2014-07-02 07:11 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Users\Ward Harris\AppData\Local\Apple
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-02 07:11 - 2014-07-02 07:11 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-02 07:11 - 2014-06-12 19:36 - 00000000 ____D () C:\ProgramData\Apple

Some content of TEMP:
====================
C:\Users\Ward Harris\AppData\Local\Temp\KMP_3.9.0.126.exe
C:\Users\Ward Harris\AppData\Local\Temp\LD8582.tmp.exe
C:\Users\Ward Harris\AppData\Local\Temp\LDA5B8.tmp.exe
C:\Users\Ward Harris\AppData\Local\Temp\ochelper.dll
C:\Users\Ward Harris\AppData\Local\Temp\ochelper.exe
C:\Users\Ward Harris\AppData\Local\Temp\vlc-2.1.5-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-28 05:25

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 01 August 2014 - 05:44 AM

Ok. Please give Malwarebytes Anti-Malware another run to check if it still findes something.
How is your computer running? Do you experience any symptoms or problems now?

#9 ArcticPrince

ArcticPrince
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:46 AM

Posted 04 August 2014 - 08:58 AM

Malwarebytes is now only reporting some pups, no bit coin miners.  Thanks for taking care of that!

 

I am still having some issues with "not responding" popups.  It is mostly when I am online, I get the "IE is not responding" or ""not responding due to a long running script" message.  In fact I just got the not responding message while typing this response.  I also get the "not responding" message occasionally with other programs, not just IE.  When I first started Malwarebytes, I got the "Malewarebytes is not responding" popup.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users