Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.W32.Agent.ahqlz - pgms (incl. DDS) often cannot run


  • This topic is locked This topic is locked
57 replies to this topic

#1 Eeger33

Eeger33

  • Members
  • 35 posts
  • OFFLINE
  •  

Posted 29 November 2014 - 08:06 PM

On my infected PC, DDS fails to run (nothing happens that I can tell) in full Windows.     Even in safe mode, I cannot get DDS to run:  in Safe Mode I get "This operating system is not supported!  DDS only runs on:   Windows 2000...XP...Vista...Windows 7...Windows 8....



BC AdBot (Login to Remove)

 


m

#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:43 AM

Posted 30 November 2014 - 05:57 AM

Hello Eeger33 and welcome to BleepingComputer!          :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 2 days, feel free to PM me.          :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

So, which version of Windows and Antivirus you're using?


Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Eeger33

Eeger33
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  

Posted 30 November 2014 - 09:33 AM

Once again,   this program failed to run in full Windows.    No messages, nothing.  When I did run it (Safe Mode with Networking),  it did not offer the Addition.txt option.     Not sure what happened there.    So I had to do a Save As (filename) for what appeared on the screen and restart to full windows to send you this reply.     I hope it helps.

 

P.S.   Last night as I tried to run the previous program, before you came on board,   I noticed a Homegroup icon appeared on my Desktop and Homegroup may have been adulterated to allow full sharing (I don't).    I changed it to No Sharing; it changed back.  Seems scary to me.   I thought you'd like to know.

 

Farbar Service Scanner Version: 21-07-2014
Ran by DAW (administrator) on 30-11-2014 at 09:07:47
Running from "C:\Users\DAW\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx: "\SystemRoot\system32\DRIVERS\tdx.sys".

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****



#4 Eeger33

Eeger33
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  

Posted 01 December 2014 - 11:03 AM

I am using TrendMicro Anti-malware real time; MBAM is used for extra scans. Windows 8.1/64 bit.

#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:43 AM

Posted 01 December 2014 - 12:38 PM

Hi Eeger33.

 

The program you downloaded is Farbar Service Scanner, not Farbar Recovery Scan ToolPlease download the right one from here and run the scan with addition.txt option checked, then post both logs from the program.

 

----------------

 

About your homegroup icon, please follow the instructions below to remove it:

  1. Right click at the desktop and select Personalize.
  2. Select Change Desktop Icons at the left pane of Personalize window.
  3. Uncheck Network and press OK.
  4. Select Change Desktop Icons again and check the box Network and click OK. The Homegroup icon should disappeared now.

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 Eeger33

Eeger33
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  

Posted 01 December 2014 - 03:12 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by DAW (administrator) on LENOVO-PC on 01-12-2014 13:46:21
Running from C:\Users\DAW\Downloads
Loaded Profile: DAW (Available profiles: DAW)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2\ABService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [26536 2012-08-06] ()
HKLM-x32\...\Run: [CTRegRun] => C:\windows\CTRegRun.EXE [41984 1999-10-10] (Creative Technology Ltd )
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-10-13] (Glarysoft Ltd)
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\MountPoints2: {04f5481a-dd53-11e3-beae-fc4dd43a5e23} - "F:\GSLoader.exe"
Startup: C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TaxACT 2013 - 1040 Edition Readme.lnk
ShortcutTarget: TaxACT 2013 - 1040 Edition Readme.lnk ->  (No File)
Startup: C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TaxACT 2013.lnk
ShortcutTarget: TaxACT 2013.lnk ->  (No File)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1670467332-2357784724-919192203-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> {E73DE8CF-9423-4A38-872B-52025D19BB23} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

FireFox:
========
FF ProfilePath: C:\Users\DAW\AppData\Roaming\Mozilla\Firefox\Profiles\m8rjzhkj.default
FF Homepage: https://startpage.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\DAW\AppData\Roaming\Mozilla\Firefox\Profiles\m8rjzhkj.default\searchplugins\startpage-https.xml
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-01-09]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.6.15\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.6.15\coFFPlgn [2014-09-23]
FF HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-07-05]

Chrome:
=======
CHR Profile: C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-01-15]
CHR Extension: (RoboForm) - C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-05-03]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\chrome_tmbep.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
S3 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S3 FrAgent; C:\Program Files\Dayu\Disk Master Professional\Agent.exe [63720 2014-08-04] (DAYU Technology Co., Ltd.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-24] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.)
S4 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-08-01] (Nitro PDF Software)
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [59304 2012-08-06] (Lenovo)
R2 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186280 2012-08-06] (Lenovo Group Limited)
S2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
S3 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
S3 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2014-08-19] () [File not signed]
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [151480 2014-08-19] () [File not signed]
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-11-29] ()
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [17848 2014-08-19] () [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R0 bdisk; C:\Windows\System32\drivers\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
R0 CBUfs; C:\Windows\System32\drivers\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 diskbckp; C:\Windows\System32\drivers\diskbckp.sys [39656 2014-08-04] (DAYU Technology Co., Ltd.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2014-10-16] (Glarysoft Ltd)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-09] (Lenovo)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [96472 2014-11-24] (Malwarebytes Corporation)
S3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
S3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R0 reparse; C:\Windows\System32\DRIVERS\cbreparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-08-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-08-10] (Acronis)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2013-07-10] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [103712 2013-07-07] (Trend Micro Inc.)
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2013-12-12] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2013-12-12] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700680 2013-12-12] ()
R3 vdbus; C:\Windows\System32\drivers\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
R3 vDisk; C:\Windows\System32\drivers\vDisk.sys [236264 2014-08-04] (DAYU Technology Co., Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 13:46 - 2014-12-01 13:46 - 00024928 _____ () C:\Users\DAW\Downloads\FRST.txt
2014-12-01 13:46 - 2014-12-01 13:46 - 00000000 ____D () C:\FRST
2014-12-01 13:44 - 2014-12-01 13:44 - 02117120 _____ (Farbar) C:\Users\DAW\Downloads\FRST64.exe
2014-11-30 09:20 - 2014-11-30 09:20 - 00002290 _____ () C:\Users\DAW\Desktop\FSS_sfmdnet.txt
2014-11-30 09:07 - 2014-11-30 09:07 - 00002290 _____ () C:\Users\DAW\Desktop\FSS.txt
2014-11-30 08:54 - 2014-11-30 08:54 - 00415232 _____ (Farbar) C:\Users\DAW\Desktop\FSS.exe
2014-11-29 19:09 - 2014-11-29 19:09 - 00688992 _____ (Swearware) C:\Users\DAW\Desktop\dds.com
2014-11-29 09:50 - 2014-11-29 09:50 - 00000056 _____ () C:\.directory
2014-11-27 14:13 - 2014-11-28 15:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-11-26 17:36 - 2014-11-26 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2014-11-26 17:35 - 2014-11-26 17:35 - 00001078 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-11-26 17:35 - 2014-11-26 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-11-26 17:35 - 2014-11-26 17:35 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-11-26 15:10 - 2014-11-26 15:10 - 00000000 ____D () C:\Users\DAW\barbar
2014-11-26 15:01 - 2014-11-26 15:01 - 00000000 __SHD () C:\Users\DAW\AppData\Local\EmieBrowserModeList
2014-11-26 14:59 - 2014-11-26 14:59 - 00000000 ____D () C:\ProgramData\UVK
2014-11-26 14:53 - 2014-11-26 17:36 - 00001803 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2014-11-26 14:53 - 2014-11-26 14:58 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2014-11-24 11:35 - 2014-11-24 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-24 11:34 - 2014-11-24 11:34 - 00000000 ____D () C:\Users\DAW\Desktop\mbar
2014-11-24 10:49 - 2014-11-24 10:49 - 02476596 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\HousecallLauncher64.exe
2014-11-24 09:46 - 2014-11-24 09:46 - 00001378 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-11-24 09:46 - 2014-11-24 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-11-24 09:14 - 2014-11-24 09:14 - 00019272 _____ () C:\Users\DAW\Downloads\cc_20141124_091358.reg
2014-11-24 09:14 - 2014-11-24 09:14 - 00001544 _____ () C:\Users\DAW\Downloads\cc_20141124_091436.reg
2014-11-23 16:12 - 2014-11-23 16:12 - 00000000 ____D () C:\Users\DAW\Downloads\log
2014-11-23 16:11 - 2014-11-23 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-11-23 16:11 - 2014-11-23 16:11 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-11-23 16:08 - 2014-11-23 16:08 - 00013283 _____ () C:\LENOVO-PC_2014.11.23-1607.42_b97d995f-08bc-4d2a-8506-9094b9158911_17905.zip
2014-11-23 16:07 - 2014-11-23 16:08 - 00000000 ____D () C:\Users\DAW\Downloads\TrendMicro AntiThreat Toolkit
2014-11-23 15:59 - 2014-11-23 15:59 - 32016388 _____ () C:\LENOVO-PC_2014.11.23-1552.39_b97d995f-08bc-4d2a-8506-9094b9158911_17907.zip
2014-11-23 15:03 - 2014-11-23 15:03 - 04831040 _____ () C:\LENOVO-PC_2014.11.23-1448.44_b97d995f-08bc-4d2a-8506-9094b9158911_10568.zip
2014-11-23 14:46 - 2014-11-23 14:46 - 00000044 _____ () C:\Users\DAW\Downloads\HJThis_Adsspy.txt
2014-11-23 14:37 - 2014-11-23 14:37 - 00013023 _____ () C:\Users\DAW\Downloads\PaulBun1123A.log
2014-11-23 14:23 - 2014-11-23 16:08 - 00000328 _____ () C:\Users\DAW\Downloads\TRScn1Line.txt
2014-11-23 13:58 - 2014-11-23 13:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\HolaMe.exe
2014-11-23 13:54 - 2014-11-23 13:55 - 05228804 _____ () C:\Users\DAW\Downloads\BknWshNDreye.zip
2014-11-23 13:49 - 2014-11-23 13:49 - 07890226 _____ () C:\LENOVO-PC_2014.11.23-1334.58_b97d995f-08bc-4d2a-8506-9094b9158911_10568.zip
2014-11-23 13:41 - 2014-11-23 13:49 - 48965584 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\zffl.exe
2014-11-23 13:41 - 2014-11-23 13:44 - 08578872 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\fartr.exe
2014-11-23 13:33 - 2014-11-23 13:37 - 25247888 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\SEnline.exe
2014-11-23 13:33 - 2014-11-23 13:34 - 04572080 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\kcoll.exe
2014-11-23 13:19 - 2014-11-23 13:27 - 73491536 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\cucooD.exe
2014-11-23 13:17 - 2014-11-23 13:18 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\DAW\Downloads\ARBeeSetup.exe
2014-11-23 13:16 - 2014-11-23 13:16 - 00001036 _____ () C:\Users\DAW\Downloads\1416766579.txt
2014-11-23 13:12 - 2014-11-23 16:12 - 00000000 ____D () C:\Users\DAW\Downloads\TMRBLog
2014-11-23 13:12 - 2014-11-23 13:12 - 00000000 ____D () C:\Users\DAW\Downloads\EmptyTrdlog
2014-11-23 13:09 - 2014-11-23 13:11 - 14861360 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\XRBV5.0-1180x64.exe
2014-11-23 11:36 - 2014-11-23 11:36 - 00001108 _____ () C:\Users\DAW\Documents\MY_DATA_112314_1.p2g
2014-11-23 11:11 - 2014-11-23 11:11 - 00053248 _____ () C:\Users\DAW\Documents\bitdefender_isocd.iso
2014-11-23 10:55 - 2014-11-23 14:09 - 00000000 ____D () C:\Users\DAW\Downloads\ISO
2014-11-23 10:36 - 2014-11-23 11:23 - 00000836 _____ () C:\Users\DAW\AppData\Roaming\burnaware.ini
2014-11-23 10:36 - 2014-11-23 10:36 - 00001077 _____ () C:\Users\Public\Desktop\BurnAware Free.lnk
2014-11-23 10:36 - 2014-11-23 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-11-23 10:36 - 2014-11-23 10:36 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free
2014-11-23 10:25 - 2014-11-23 10:26 - 07244992 _____ (Burnaware ) C:\Users\DAW\Downloads\burnaware_free.exe
2014-11-23 09:13 - 2014-11-23 09:13 - 00274912 _____ () C:\WINDOWS\Minidump\112314-72546-01.dmp
2014-11-23 09:11 - 2014-11-23 09:11 - 218738790 _____ () C:\WINDOWS\MEMORY.DMP
2014-11-22 18:03 - 2014-11-22 18:03 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\FixTDSS
2014-11-22 17:57 - 2014-11-22 17:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-22 16:46 - 2014-11-22 16:46 - 00002608 _____ () C:\Users\DAW\Desktop\Rkill_Nov22_T446pm.txt
2014-11-22 16:41 - 2014-11-22 16:42 - 00000855 _____ () C:\Users\DAW\Downloads\Stinger_22112014_164117.html
2014-11-22 16:37 - 2014-11-22 16:37 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-11-22 16:34 - 2014-11-22 16:34 - 00000512 _____ () C:\Users\DAW\Downloads\dmpdsk0nov22
2014-11-22 16:32 - 2014-11-22 16:34 - 00012413 _____ () C:\Users\DAW\Desktop\MBRCheck_11.22.14_16.32.34.txt
2014-11-22 16:29 - 2014-11-22 16:29 - 00001159 _____ () C:\Users\DAW\Documents\gmpass2A.log
2014-11-22 16:21 - 2014-11-22 16:21 - 00002608 _____ () C:\Users\DAW\Desktop\Rkill_1122T4pm.txt
2014-11-22 16:17 - 2014-11-22 16:17 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-11-22 14:27 - 2014-11-23 08:33 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-22 14:12 - 2014-11-22 16:45 - 00002608 _____ () C:\Users\DAW\Desktop\Rkill.txt
2014-11-22 11:57 - 2014-11-22 11:57 - 00024790 _____ () C:\Users\DAW\Documents\mercy3.log
2014-11-22 11:35 - 2014-11-22 11:35 - 00001359 _____ () C:\Users\DAW\Documents\mercyf.log
2014-11-22 11:33 - 2014-11-22 11:33 - 00001359 _____ () C:\Users\DAW\Documents\mercy1.log
2014-11-21 22:14 - 2014-11-23 08:33 - 00000000 ____D () C:\Users\DAW\Downloads\ClamWinPortable
2014-11-21 21:47 - 2014-11-23 08:33 - 00000000 ____D () C:\Users\DAW\Documents\PandaCloudCleaner-1
2014-11-21 19:42 - 2014-11-22 16:43 - 00000110 ___RH () C:\Users\DAW\Downloads\Stinger.opt
2014-11-21 19:32 - 2014-11-21 19:34 - 00000851 _____ () C:\Users\DAW\Downloads\Stinger_21112014_193250.html
2014-11-21 12:32 - 2014-11-23 11:45 - 00000000 ____D () C:\Users\DAW\Downloads\Icon Cache Rebuilder
2014-11-21 12:31 - 2014-11-21 12:31 - 00126756 _____ () C:\Users\DAW\Downloads\Icon Cache Rebuilder.zip
2014-11-21 12:18 - 2014-11-23 11:45 - 00000000 ____D () C:\Users\DAW\Downloads\winx-dvd-ripper-platinum-bf
2014-11-21 11:03 - 2014-11-21 11:07 - 37753327 _____ () C:\Users\DAW\Downloads\winx-dvd-ripper-platinum-bf.zip
2014-11-19 19:02 - 2014-11-19 19:02 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-19 18:51 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-19 18:50 - 2014-10-28 22:59 - 00014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys
2014-11-19 18:50 - 2014-10-28 22:58 - 00014528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2014-11-19 18:50 - 2014-10-28 22:54 - 07474496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-19 18:50 - 2014-10-28 22:53 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-11-19 18:50 - 2014-10-28 22:52 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-19 18:50 - 2014-10-28 22:06 - 01499376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-11-19 18:50 - 2014-10-28 20:22 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-11-19 18:50 - 2014-10-15 03:32 - 02025792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-11-19 18:50 - 2014-09-24 22:42 - 00373568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-11-19 18:49 - 2014-10-28 23:04 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-19 18:49 - 2014-10-28 23:03 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-19 18:49 - 2014-10-28 22:59 - 00415040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-11-19 18:49 - 2014-10-28 22:58 - 01797944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2014-11-19 18:49 - 2014-10-28 22:57 - 01552704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-11-19 18:49 - 2014-10-28 22:57 - 00389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-11-19 18:49 - 2014-10-28 20:24 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-11-19 18:49 - 2014-10-28 20:14 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-11-19 18:49 - 2014-10-28 19:58 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-11-19 18:49 - 2014-10-15 03:32 - 00551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2014-11-19 18:49 - 2014-10-12 21:41 - 01114432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-11-19 18:49 - 2014-10-08 02:32 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-11-19 18:49 - 2014-10-07 01:44 - 00533824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2014-11-19 18:49 - 2014-07-04 16:29 - 00478528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2014-11-19 18:48 - 2014-10-28 22:59 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-11-19 18:48 - 2014-10-28 22:56 - 00089368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2014-11-19 18:48 - 2014-10-28 22:52 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-19 18:48 - 2014-10-28 22:52 - 00100672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2014-11-19 18:48 - 2014-10-28 22:51 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-11-19 18:48 - 2014-10-28 22:51 - 00179736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2014-11-19 18:48 - 2014-10-28 22:06 - 00080016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2014-11-19 18:48 - 2014-10-28 21:47 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2014-11-19 18:48 - 2014-10-28 21:46 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2014-11-19 18:48 - 2014-10-28 21:45 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2014-11-19 18:48 - 2014-10-28 21:45 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rassstp.sys
2014-11-19 18:48 - 2014-10-28 21:14 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2014-11-19 18:48 - 2014-10-28 20:57 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2014-11-19 18:48 - 2014-10-28 20:57 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2014-11-19 18:48 - 2014-10-28 20:57 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2014-11-19 18:48 - 2014-10-28 20:50 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2014-11-19 18:48 - 2014-10-28 20:22 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sstpsvc.dll
2014-11-19 18:48 - 2014-10-28 20:20 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-11-19 18:48 - 2014-10-28 20:16 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2014-11-19 18:48 - 2014-10-28 20:10 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-11-19 18:48 - 2014-10-28 20:06 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2014-11-19 18:48 - 2014-10-28 19:56 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2014-11-19 18:48 - 2014-10-28 19:54 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-11-19 18:48 - 2014-10-28 19:51 - 03317248 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2014-11-19 18:48 - 2014-10-28 19:45 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2014-11-19 18:48 - 2014-10-28 19:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2014-11-19 18:48 - 2014-10-15 03:32 - 00088896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2014-11-19 18:48 - 2014-10-15 03:32 - 00061248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2014-11-19 18:48 - 2014-10-12 21:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-11-19 18:48 - 2014-10-12 21:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-11-19 18:48 - 2014-10-08 04:24 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-11-19 18:48 - 2014-10-07 01:54 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2014-11-19 18:48 - 2014-10-07 01:44 - 00102208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-11-19 18:48 - 2014-09-26 23:59 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-11-19 18:48 - 2014-08-25 22:30 - 00354112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-11-19 18:47 - 2014-10-28 22:59 - 00025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\streamci.dll
2014-11-19 18:47 - 2014-10-28 22:57 - 00027872 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2014-11-19 18:47 - 2014-10-28 22:56 - 00097048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2014-11-19 18:47 - 2014-10-28 22:56 - 00061208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2014-11-19 18:47 - 2014-10-28 22:56 - 00049944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2014-11-19 18:47 - 2014-10-28 22:53 - 00095048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2014-11-19 18:47 - 2014-10-28 22:51 - 00047024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2014-11-19 18:47 - 2014-10-28 22:51 - 00033032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2014-11-19 18:47 - 2014-10-28 22:51 - 00024800 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2014-11-19 18:47 - 2014-10-28 22:05 - 00026304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2014-11-19 18:47 - 2014-10-28 22:05 - 00020120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2014-11-19 18:47 - 2014-10-28 21:48 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2014-11-19 18:47 - 2014-10-28 21:48 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2014-11-19 18:47 - 2014-10-28 21:47 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2014-11-19 18:47 - 2014-10-28 21:47 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2014-11-19 18:47 - 2014-10-28 21:47 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2014-11-19 18:47 - 2014-10-28 21:46 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbGD.sys
2014-11-19 18:47 - 2014-10-28 21:45 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2014-11-19 18:47 - 2014-10-28 21:45 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-11-19 18:47 - 2014-10-28 21:45 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2014-11-19 18:47 - 2014-10-28 21:44 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2014-11-19 18:47 - 2014-10-28 21:43 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2014-11-19 18:47 - 2014-10-28 21:43 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2014-11-19 18:47 - 2014-10-28 21:43 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2014-11-19 18:47 - 2014-10-28 21:42 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2014-11-19 18:47 - 2014-10-28 21:42 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\umdmxfrm.dll
2014-11-19 18:47 - 2014-10-28 21:42 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2014-11-19 18:47 - 2014-10-28 21:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshnetbs.dll
2014-11-19 18:47 - 2014-10-28 21:41 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\serwvdrv.dll
2014-11-19 18:47 - 2014-10-28 21:41 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshirda.dll
2014-11-19 18:47 - 2014-10-28 21:41 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIRCoInst.dll
2014-11-19 18:47 - 2014-10-28 21:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2014-11-19 18:47 - 2014-10-28 21:36 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\traffic.dll
2014-11-19 18:47 - 2014-10-28 21:36 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bridgeunattend.exe
2014-11-19 18:47 - 2014-10-28 21:34 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2014-11-19 18:47 - 2014-10-28 21:33 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2014-11-19 18:47 - 2014-10-28 21:33 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmdCoinstall.dll
2014-11-19 18:47 - 2014-10-28 21:33 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2014-11-19 18:47 - 2014-10-28 21:17 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbGDCoInstaller.dll
2014-11-19 18:47 - 2014-10-28 21:11 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2014-11-19 18:47 - 2014-10-28 21:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\brdgcfg.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2014-11-19 18:47 - 2014-10-28 20:58 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\umdmxfrm.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshrm.dll
2014-11-19 18:47 - 2014-10-28 20:57 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\serwvdrv.dll
2014-11-19 18:47 - 2014-10-28 20:57 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshirda.dll
2014-11-19 18:47 - 2014-10-28 20:56 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\irclass.dll
2014-11-19 18:47 - 2014-10-28 20:53 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\traffic.dll
2014-11-19 18:47 - 2014-10-28 20:51 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2014-11-19 18:47 - 2014-10-28 20:33 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2014-11-19 18:47 - 2014-10-28 20:29 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2014-11-19 18:47 - 2014-10-28 20:28 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshqos.dll
2014-11-19 18:47 - 2014-10-28 20:28 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2014-11-19 18:47 - 2014-10-28 20:27 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhapi.dll
2014-11-19 18:47 - 2014-10-28 20:27 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2014-11-19 18:47 - 2014-10-28 20:20 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2014-11-19 18:47 - 2014-10-28 20:05 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshqos.dll
2014-11-19 18:47 - 2014-10-28 20:05 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2014-11-19 18:47 - 2014-10-28 19:58 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootim.exe
2014-11-19 18:47 - 2014-10-15 03:32 - 00921920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2014-11-19 18:47 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-11-19 18:47 - 2014-10-12 21:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-11-19 18:47 - 2014-10-07 01:54 - 00324928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-11-19 18:47 - 2014-10-07 01:54 - 00189248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2014-11-19 18:47 - 2014-10-07 01:54 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2014-11-19 18:47 - 2014-10-07 01:44 - 00069952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2014-11-19 18:47 - 2014-10-06 22:30 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2014-11-19 18:47 - 2014-10-06 22:29 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2014-11-19 18:47 - 2014-10-06 22:29 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2014-11-19 18:47 - 2014-10-06 22:29 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2014-11-19 16:32 - 2014-11-23 12:08 - 00000000 ____D () C:\Users\DAW\AppData\Local\Archiver 2014
2014-11-19 16:31 - 2014-11-19 16:31 - 00000795 _____ () C:\Users\Public\Desktop\Archiver.lnk
2014-11-18 12:11 - 2014-11-29 10:55 - 00000000 ____D () C:\Program Files\Archiver
2014-11-18 12:11 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Archiver
2014-11-15 20:44 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-15 20:44 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-15 20:44 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-15 20:44 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-15 20:44 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-15 20:44 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-15 20:44 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-15 20:44 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-15 20:44 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-15 20:44 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-15 20:44 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-15 20:44 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-15 20:44 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-15 20:44 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-15 20:44 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-15 20:44 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-15 20:44 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-15 20:44 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-15 20:44 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-15 20:44 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-15 20:44 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-15 20:44 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-15 20:44 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-15 20:44 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-15 20:44 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-15 20:44 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-15 20:44 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-15 20:44 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-15 20:44 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-15 20:44 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-15 20:44 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-15 20:44 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-15 20:44 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-15 20:44 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-15 20:44 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-15 20:44 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-15 20:44 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-15 20:44 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-15 20:44 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-15 20:44 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-15 20:44 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-15 20:44 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-15 20:44 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-15 20:44 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-15 20:44 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-15 20:44 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-15 20:44 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-15 20:44 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-15 20:44 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-15 20:44 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-15 20:44 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-15 20:44 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-15 20:44 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-15 20:44 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-15 20:44 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-15 20:44 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-15 20:44 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-15 20:44 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-15 20:44 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-15 20:44 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-15 20:44 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-15 20:44 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-15 20:44 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-15 20:44 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-15 20:44 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-15 20:44 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-15 20:44 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-15 20:44 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-15 20:44 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-15 20:44 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-15 20:44 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 20:44 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-15 20:44 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-15 20:44 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-15 20:44 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-15 20:44 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-15 20:44 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-15 20:44 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-15 20:44 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-15 20:44 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-15 20:44 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-15 20:44 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-15 20:44 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-15 20:44 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-15 20:44 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-15 20:44 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-15 20:44 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-15 20:44 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-15 20:44 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-15 20:44 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-15 20:44 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-15 20:44 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-15 20:40 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-15 20:40 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-15 20:40 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-15 20:40 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-15 20:40 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-15 20:40 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-15 20:40 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-15 20:37 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-15 20:37 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-15 20:37 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-15 20:37 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-15 20:37 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-15 20:37 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-15 20:37 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-15 20:37 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-15 20:37 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-15 20:37 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-15 20:37 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-15 20:37 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-15 20:37 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-15 20:37 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-15 20:37 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-15 20:37 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-15 20:37 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-15 20:37 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-15 20:37 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-15 20:37 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-15 20:37 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-15 20:37 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-15 20:37 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-15 20:37 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-15 20:35 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-15 20:35 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-15 20:35 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-15 20:35 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-15 20:35 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-15 20:35 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-15 20:35 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-15 20:35 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-15 20:35 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-15 20:35 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-15 20:35 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-15 20:35 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-15 20:35 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-15 20:35 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-15 20:35 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-15 20:34 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-15 20:34 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-15 20:34 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-15 20:34 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-15 20:34 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-15 20:34 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-15 20:34 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-15 20:34 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-15 20:34 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-15 20:34 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-15 20:34 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-15 20:34 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-15 20:34 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-15 20:34 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-15 20:34 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-15 20:34 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-15 20:34 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 19:09 - 2014-11-11 19:09 - 00002098 _____ () C:\Users\DAW\Desktop\VirusTotal Uploader 2.2.lnk
2014-11-11 19:08 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2
2014-11-11 19:07 - 2014-11-11 19:07 - 00142744 _____ () C:\Users\DAW\Downloads\vtuploader2.2.exe
2014-11-10 22:38 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 19:41 - 2014-11-23 12:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 5
2014-11-08 19:41 - 2014-11-23 11:44 - 00000000 ____D () C:\Users\DAW\AppData\Local\Cyberlink
2014-11-08 19:41 - 2014-11-08 19:41 - 00002067 _____ () C:\Users\Public\Desktop\CyberLink PhotoDirector 5 (64-bit).lnk
2014-11-08 19:39 - 2014-11-23 11:43 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-08 19:37 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\install_clap
2014-11-08 19:05 - 2014-11-08 19:05 - 00000000 ____D () C:\ProgramData\complexbackup
2014-11-08 18:58 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 14 Compact
2014-11-08 18:58 - 2014-11-08 18:58 - 00002369 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 14 Compact.lnk
2014-11-07 13:33 - 2014-11-07 14:13 - 298809808 _____ () C:\Users\DAW\Downloads\PhotoDirector_5.0.5715.51476_HE_HE_PTD141020-02.exe
2014-11-07 11:04 - 2014-11-07 11:29 - 223095664 _____ (Paragon Software ) C:\Users\DAW\Downloads\BR14_Compact_ea_x64-November2014.exe
2014-11-04 20:42 - 2014-11-04 20:42 - 00000202 _____ () C:\Users\DAW\Documents\LRey.cpc
2014-11-04 20:37 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\PasswordsPro
2014-11-04 20:37 - 2014-11-04 20:41 - 00000000 ____D () C:\Users\DAW\Documents\PasswordsProData
2014-11-04 20:37 - 2014-11-04 20:37 - 00001078 _____ () C:\Users\Public\Desktop\PasswordsPro.lnk
2014-11-04 20:37 - 2014-11-04 20:37 - 00000184 _____ () C:\Users\DAW\AppData\Local\atidt64.dll
2014-11-04 20:37 - 2014-11-04 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PasswordsPro
2014-11-04 20:36 - 2014-11-04 20:36 - 00000000 ____D () C:\Users\DAW\Downloads\passwords
2014-11-03 10:34 - 2014-11-03 10:34 - 01638268 _____ () C:\Users\DAW\Downloads\passwords.zip
2014-11-02 16:22 - 2014-11-02 16:22 - 00001410 _____ () C:\Users\DAW\Desktop\procexp.exe - Shortcut.lnk
2014-11-02 16:21 - 2014-11-23 12:08 - 00000000 ____D () C:\Users\DAW\Downloads\ProcessExplorer
2014-11-02 16:20 - 2014-11-02 16:20 - 01188194 _____ () C:\Users\DAW\Downloads\ProcessExplorer.zip
2014-11-02 14:44 - 2014-11-02 16:17 - 00000000 ____D () C:\Users\DAW\.kchmviewer
2014-11-02 14:44 - 2014-11-02 14:44 - 00000000 ____D () C:\ProgramData\chmview
2014-11-02 14:41 - 2014-11-02 14:41 - 00000000 ____D () C:\ProgramData\launcher
2014-11-02 14:41 - 2014-11-02 14:41 - 00000000 ____D () C:\ProgramData\explauncher
2014-11-02 14:41 - 2014-11-02 14:41 - 00000000 ____D () C:\ProgramData\backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 13:44 - 2014-03-18 05:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-01 13:42 - 2014-07-27 08:19 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD850610-F9D3-4C5E-9514-08DD5A833AB3}
2014-12-01 13:41 - 2014-07-17 06:01 - 01569448 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-01 13:37 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-01 13:36 - 2014-06-22 10:02 - 00000348 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2014-12-01 13:36 - 2014-06-22 10:02 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-12-01 13:36 - 2013-12-30 13:07 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-01 13:35 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-01 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-30 09:16 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-30 08:58 - 2013-12-30 13:07 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 08:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-29 20:15 - 2013-12-15 22:14 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1670467332-2357784724-919192203-1001
2014-11-29 19:23 - 2014-05-02 17:58 - 05492736 ___SH () C:\Users\DAW\Downloads\Thumbs.db
2014-11-26 17:38 - 2013-12-16 20:04 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Mozilla
2014-11-26 15:10 - 2014-07-17 05:49 - 00000000 ____D () C:\Users\DAW
2014-11-26 13:43 - 2013-08-22 09:46 - 00321330 _____ () C:\WINDOWS\setupact.log
2014-11-24 11:39 - 2014-06-28 08:44 - 00135384 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 11:35 - 2014-06-28 08:44 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-24 10:53 - 2014-01-09 16:55 - 00000036 _____ () C:\Users\DAW\AppData\Local\housecall.guid.cache
2014-11-24 10:10 - 2014-09-02 18:12 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2
2014-11-24 10:10 - 2014-07-25 19:34 - 00001024 ____H () C:\SYSTAG.BIN
2014-11-24 10:10 - 2014-07-25 19:32 - 00000082 _____ () C:\WINDOWS\SysWOW64\winsevr.dat
2014-11-24 10:09 - 2014-01-09 16:58 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-11-23 17:23 - 2014-02-12 19:14 - 00000000 ____D () C:\Program Files (x86)\Opera Next
2014-11-23 16:14 - 2014-07-05 10:14 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-11-23 13:12 - 2014-01-09 16:59 - 00305832 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-11-23 12:26 - 2014-05-03 07:38 - 01820160 ___SH () C:\Users\DAW\Desktop\Thumbs.db
2014-11-23 12:10 - 2014-03-18 04:46 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents
2014-11-23 12:10 - 2014-03-18 04:46 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\ras
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MSDRM
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\icsxml
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Bthprops
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\ras
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\MSDRM
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Bthprops
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system\Speech
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\addins
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-23 12:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-11-23 12:08 - 2014-10-31 08:32 - 00000000 ____D () C:\Program Files (x86)\MiniTool Power Data Recovery - Bootable Media Builder
2014-11-23 12:08 - 2014-10-16 13:47 - 00000000 ____D () C:\Program Files (x86)\Kryptel
2014-11-23 12:08 - 2014-09-29 08:07 - 00000000 ____D () C:\Program Files (x86)\Zoom Player
2014-11-23 12:08 - 2014-09-14 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.1
2014-11-23 12:08 - 2014-09-11 08:51 - 00000000 ____D () C:\Program Files (x86)\4Card Recovery
2014-11-23 12:08 - 2014-09-02 13:38 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-11-23 12:08 - 2014-09-01 21:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-23 12:08 - 2014-08-12 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Master Professional
2014-11-23 12:08 - 2014-08-10 16:33 - 00000000 ____D () C:\Program Files (x86)\Seagate File Recovery for Windows
2014-11-23 12:08 - 2014-08-10 08:02 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer
2014-11-23 12:08 - 2014-08-07 10:44 - 00000000 ____D () C:\Program Files (x86)\AOMEI Partition Assistant Pro Edition 5.5
2014-11-23 12:08 - 2014-07-18 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-11-23 12:08 - 2014-07-18 19:50 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-11-23 12:08 - 2014-07-01 20:29 - 00000000 ____D () C:\Program Files\WOT
2014-11-23 12:08 - 2014-06-28 08:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 12:08 - 2014-06-12 10:20 - 00000000 ____D () C:\Program Files\MPC-HC
2014-11-23 12:08 - 2014-05-04 10:57 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-11-23 12:08 - 2014-03-17 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-23 12:08 - 2014-03-12 10:45 - 00000000 ____D () C:\Users\DAW\AppData\Local\Amazon Cloud Player
2014-11-23 12:08 - 2014-01-09 17:26 - 00000000 ____D () C:\Program Files\Recuva
2014-11-23 12:08 - 2013-12-21 18:49 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Hard Disk Sentinel
2014-11-23 12:08 - 2013-12-21 18:49 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2014-11-23 12:08 - 2013-12-16 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-23 12:08 - 2013-12-15 23:05 - 00000000 ____D () C:\Program Files (x86)\PrtScr
2014-11-23 12:08 - 2013-12-03 21:34 - 00000000 ____D () C:\Program Files (x86)\SugarSync
2014-11-23 12:08 - 2013-12-03 21:33 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-11-23 12:08 - 2013-12-03 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-11-23 12:08 - 2013-12-03 21:32 - 00000000 ____D () C:\Program Files\Intel
2014-11-23 12:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2014-11-23 12:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2014-11-23 12:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
2014-11-23 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-23 11:49 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-23 11:48 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2014-11-23 11:47 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-23 11:45 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-23 11:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME
2014-11-23 11:44 - 2014-09-25 11:37 - 00000000 ____D () C:\Users\DAW\AppData\Local\Downloaded Installations
2014-11-23 11:44 - 2014-06-04 16:18 - 00000000 ____D () C:\ProgramData\Temp
2014-11-23 11:44 - 2014-03-18 04:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-23 11:44 - 2013-12-16 20:04 - 00000000 ____D () C:\Users\DAW\AppData\Local\Mozilla
2014-11-23 11:43 - 2014-09-25 12:35 - 00000000 ____D () C:\Program Files\Paragon Software
2014-11-23 11:43 - 2013-12-03 21:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-23 11:43 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-23 11:39 - 2014-03-29 11:18 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-23 11:31 - 2014-08-12 14:46 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-23 09:13 - 2014-07-29 11:12 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-23 08:08 - 2014-09-29 08:00 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-11-23 08:08 - 2013-12-22 20:25 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Foxit Software
2014-11-23 07:44 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-11-22 13:12 - 2014-09-02 16:00 - 01736704 ___SH () C:\Users\DAW\Documents\Thumbs.db
2014-11-22 10:08 - 2013-12-15 22:50 - 00000000 ____D () C:\Users\DAW\AppData\Local\CrashDumps
2014-11-21 17:30 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-21 17:00 - 2013-12-16 00:13 - 00007610 _____ () C:\Users\DAW\AppData\Local\resmon.resmoncfg
2014-11-19 19:09 - 2014-03-18 04:54 - 00129298 _____ () C:\WINDOWS\PFRO.log
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-11-19 19:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2014-11-19 19:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2014-11-19 19:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-11-19 11:42 - 2014-09-27 08:38 - 00000000 ____D () C:\Users\DAW\AppData\Local\Clarus
2014-11-16 14:21 - 2013-12-20 09:18 - 00000000 ____D () C:\Users\DAW\AppData\Local\Adobe
2014-11-15 20:56 - 2013-08-22 09:44 - 00369664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-15 20:48 - 2013-12-16 19:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-15 20:45 - 2013-12-16 19:25 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-15 18:53 - 2013-12-30 13:07 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 18:53 - 2013-12-30 13:07 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:25 - 2014-09-01 21:53 - 00001024 ____H () C:\AMTAG.BIN
2014-11-07 13:28 - 2014-08-28 15:45 - 00000000 ____D () C:\Users\DAW\Downloads\PDFs
2014-11-02 09:39 - 2014-09-01 10:16 - 00000000 ____D () C:\Users\DAW\Desktop\ScreenShots
2014-11-01 17:18 - 2014-07-25 19:32 - 00000000 ____D () C:\ProgramData\AomeiBR

Some content of TEMP:
====================
C:\Users\DAW\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\DAW\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-29 20:15

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by DAW at 2014-12-01 13:47:10
Running from C:\Users\DAW\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Titanium Internet Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Internet Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3.5.0 (HKLM-x32\...\{AE117F4B-840D-448B-A843-C0AE9F5EE50C}_is1) (Version: 3.5.0 - Arduino Software)
4Card Recovery (HKLM-x32\...\{4D08FCD6-718D-4EAC-83BB-0C647118CDB5}_is1) (Version: 2.0 - 4CardRecovery)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOMEI Backupper Professional Edition 2.0.2 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF55E6C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Pro Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Archiver 2014 (HKLM\...\{9831A377-4577-4DB8-8670-747CBFFC6172}}_is1) (Version:  - Exeone)
BurnAware Free 7.6 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.8) (Version: 5.0.0.8 - Coupons.com Incorporated)
CouponPrinterPlugin (HKLM-x32\...\{8AC6566B-131F-4987-82DF-932CED9FCA23}) (Version: 2.0.2.0 - Hopster) <==== ATTENTION
Creative WebCam Control (HKLM-x32\...\Creative WebCam Control) (Version:  - )
CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5715.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5715.0 - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719c - CyberLink Corp.)
Dorgem 2.1.0 (HKLM-x32\...\Dorgem_is1) (Version:  - Frank Fesevur)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DxO Optics Pro 8 (HKLM\...\{ECC28C7D-ABF5-4ED1-9B29-6D48BC218393}) (Version: 8.5.0 - DxO Labs)
EaseUS Data Recovery Wizard 8.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 8.0_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.1 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Glary Utilities PRO 5.10 (HKLM-x32\...\Glary Utilities 5) (Version: 5.10.0.17 - Glarysoft Ltd)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Kryptel Standard Edition (HKLM-x32\...\{081617FD-3462-4906-B3C9-50F5CB887169}) (Version: 6.6 - Inv Softworks)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}) (Version: 1.0.0.6 - Lenovo)
Lenovo QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0022 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0007.00 - Lenovo)
Mac Blu-ray Player (HKLM-x32\...\Mac Blu-ray Player) (Version: 2.10.9.1754 - Macgo Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MiniTool Power Data Recovery - Bootable Media Builder 6.8 (HKLM-x32\...\{33187B46-F813-428A-8EE0-4B721B838C2C}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Nitro Pro 7 (HKLM\...\{31553BDE-BCDF-487A-8EFE-A911DA3D13DB}) (Version: 7.4.1.21 - Nitro PDF Software)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Opera Next 20.0.1387.24 (HKLM-x32\...\Opera 20.0.1387.24) (Version: 20.0.1387.24 - Opera Software ASA)
Opera Next 20.0.1387.24 (HKLM-x32\...\Opera 20.0.1387.241) (Version: 20.0.1387.24 - Opera Software ASA)
Opera Next 20.0.1387.30 (HKLM-x32\...\Opera 20.0.1387.30) (Version: 20.0.1387.30 - Opera Software ASA)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Paragon Backup and Recovery™ 14 Compact (HKLM\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
Paragon Drive Copy™ 14 Compact (HKLM\...\{24371D30-7CFF-11DE-B053-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon Virtualization Manager™ 14 Compact (HKLM-x32\...\{BF50CF00-7CE6-11DE-A06C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Picturelife (HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\850de4f180aba556) (Version: 1.1.6.47 - Picturelife, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.00.0005 - Lenovo Group Limited)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
PrtScr 1.7 (HKLM-x32\...\PrtScr_is1) (Version:  - FireStarter)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
RoboForm 7-9-10-1 (HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.172 - Clarus, Inc.)
Seagate DiscWizard (HKLM-x32\...\{AC5BFE42-B72A-467C-B9B2-8BF77C6D4D70}) (Version: 16.0.5840 - Seagate)
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.9835 - Seagate)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 6.8.4.0 - Carifred)
Vibra WebCam Manual (English) (HKLM-x32\...\Vibra WebCam Manual English) (Version:  - )
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinX HD Video Converter Deluxe 5.0.8 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{11056249-C369-49CA-B0E8-326B5C32AD3C}\InprocServer32 -> C:\Program Files (x86)\Kryptel\Shx64.dll (Inv Softworks LLC)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{11056249-F58F-4AC8-9FBF-75990E973B6C}\InprocServer32 -> C:\Program Files (x86)\Kryptel\Shx64.dll (Inv Softworks LLC)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{11056249-F7FB-49E6-9BBD-434D74005CF5}\InprocServer32 -> C:\Program Files (x86)\Kryptel\Shx64.dll (Inv Softworks LLC)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

08-11-2014 23:56:42 Installed Paragon Backup and Recovery™ 14 Compact.
13-11-2014 00:20:18 before large set of patches from msft
15-11-2014 01:59:46 after flash drive fiasco; restored to 11/12 and banned drive
16-11-2014 01:30:32 Post flash drive failure/11/12 restore/pre fixes
16-11-2014 01:58:38 post the 17 patches from bill gates
19-11-2014 16:08:16 Restore Operation
19-11-2014 22:56:39 before installlihng patch ms14-068 (kerberos)
20-11-2014 00:25:28 After 11/19 patches (actually 2, not 1) 720Mb
21-11-2014 17:46:22 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-11-26 17:38 - 00000795 ____A C:\WINDOWS\system32\Drivers\etc\hosts
  127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11EAF34A-D436-4A4A-A4B4-1F574B0F186D} - System32\Tasks\CLARUS_DRIVE_MANAGER\Clarus_Drive_Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [2013-12-18] (Clarus, Inc.)
Task: {2196C429-5A81-4AC1-B2B6-FB0778E62C4F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {25041E55-8523-46C0-AD79-28EDE7036C4D} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-10-13] (Glarysoft Ltd)
Task: {386E2EC5-5F98-495D-89DD-BAB7D391108A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-30] (Google Inc.)
Task: {7AA4EF30-5245-44A9-BAED-58E72751D812} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe
Task: {91CE955B-57BA-43AA-8E10-DAAFB649E184} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {9B936FFE-A832-44F8-AC5E-BB37A88B5EFE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-23] (Siber Systems)
Task: {9D0F396B-B3FA-41B7-92F0-A0185BD530C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd)
Task: {9E904503-E47B-4D1C-B77B-9594D9934232} - System32\Tasks\Opera scheduled Autoupdate 1392250451 => C:\Program Files (x86)\Opera Next\launcher.exe [2014-02-04] (Opera Software)
Task: {A4B152ED-BB06-49C7-AA94-6906BA6CA8B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-30] (Google Inc.)
Task: {AA49619A-B65A-47FC-A268-27344E6FB187} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {AD88AD76-12AB-480D-9ED0-C1259812E1D0} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-10-13] (Glarysoft Ltd)
Task: {B47FA020-BCDB-43EA-B8C1-C31EC33B0023} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2012-08-06] (Lenovo Group Limited)
Task: {C8B23373-33CC-4968-AEE8-448B6272BDF5} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {C94504F8-D58D-4869-BAC4-C06C43DA632C} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D56659D9-C37D-43FD-B723-742811564B17} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D87C47B0-5AD0-4BB0-88C1-19AD7377A004} - System32\Tasks\AOMEI  2014-10-16, 15-35-58 => C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2\Backupper.exe [2014-08-21] (AOMEI Tech Co., Ltd.)
Task: {E9F86D20-196F-488A-A725-0402304CD30D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-15] (Microsoft Corporation)
Task: {EFC3FA31-53A8-41DA-B678-36761AC9718A} - System32\Tasks\Intel\Intel Service Manager => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [2012-07-12] (Intel Corporation)
Task: {F8571104-B82D-418F-AEE9-C59261A55AE3} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe [2014-08-31] (Crystal Dew World)
Task: {FA67BB14-FBAA-4D6B-834D-BB74C49A2CD7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {FAE87A87-1D74-41C6-8D9F-670158738A45} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMOMPMMJKJNMMJKMGMCNIMKJGMOMCNLMHMKMMJCNHMMJGMGMCNLJJMGMMMOMOMLJPMIMHMGMJJJNJICMIMCNGMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMLJAJLIPMNMFMOMLMKMJNHICMLJAJLIPMNMJNBJCMLLOLPNIKOJMIHJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMIMOMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: C:\WINDOWS\Tasks\AOMEI  2014-10-16, 15-35-58.job => C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2\Backupper.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-09 16:58 - 2013-01-15 21:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-01-09 16:58 - 2013-04-01 23:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-01-09 16:58 - 2013-01-15 21:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-01-09 16:58 - 2012-12-18 15:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-01-09 16:58 - 2013-01-15 21:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-01-09 16:51 - 2013-07-23 10:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2014-03-17 18:12 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-11 08:21 - 2014-06-11 08:21 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-19 16:31 - 2014-01-21 14:41 - 02512896 _____ () C:\Program Files\Archiver\sysnav_helper.dll
2014-07-24 03:09 - 2014-10-07 05:55 - 01508032 _____ () C:\Program Files\COMODO\COMMON\LIBEAY32.dll
2014-07-24 03:09 - 2014-10-07 05:55 - 00338112 _____ () C:\Program Files\COMODO\COMMON\SSLEAY32.dll
2014-01-09 17:07 - 2013-12-18 08:33 - 00057584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "Power Manager Startup Utility"
HKLM\...\StartupApproved\Run32: => "CTRegRun"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\StartupApproved\StartupFolder: => "Uninstall TaxACT 2013 - 1040 Edition.lnk"
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\StartupApproved\Run: => "GUDelayStartup"

========================= Accounts: ==========================

Administrator (S-1-5-21-1670467332-2357784724-919192203-500 - Administrator - Disabled)
DAW (S-1-5-21-1670467332-2357784724-919192203-1001 - Administrator - Enabled) => C:\Users\DAW
Guest (S-1-5-21-1670467332-2357784724-919192203-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1670467332-2357784724-919192203-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2014 01:47:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mod_frst.exe, version: 3.3.10.2, time stamp: 0x52f906ab
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x40010006
Fault offset: 0x00012f71
Faulting process id: 0x19d4
Faulting application start time: 0xmod_frst.exe0
Faulting application path: mod_frst.exe1
Faulting module path: mod_frst.exe2
Report Id: mod_frst.exe3
Faulting package full name: mod_frst.exe4
Faulting package-relative application ID: mod_frst.exe5

Error: (12/01/2014 01:47:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mod_frst.exe, version: 3.3.10.2, time stamp: 0x52f906ab
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0xc00001a5
Fault offset: 0x0001d285
Faulting process id: 0x19d4
Faulting application start time: 0xmod_frst.exe0
Faulting application path: mod_frst.exe1
Faulting module path: mod_frst.exe2
Report Id: mod_frst.exe3
Faulting package full name: mod_frst.exe4
Faulting package-relative application ID: mod_frst.exe5

Error: (12/01/2014 01:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x40010006
Fault offset: 0x00012f71
Faulting process id: 0xf0c
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5

Error: (12/01/2014 01:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ERUNT.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0xc00001a5
Fault offset: 0x0001d285
Faulting process id: 0xf0c
Faulting application start time: 0xERUNT.exe0
Faulting application path: ERUNT.exe1
Faulting module path: ERUNT.exe2
Report Id: ERUNT.exe3
Faulting package full name: ERUNT.exe4
Faulting package-relative application ID: ERUNT.exe5

Error: (12/01/2014 01:38:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNS.exe, version: 8.1.0.1281, time stamp: 0x5007060d
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc0000028
Fault offset: 0x000a609f
Faulting process id: 0x1210
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
Faulting package full name: UNS.exe4
Faulting package-relative application ID: UNS.exe5

Error: (12/01/2014 01:38:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNS.exe, version: 8.1.0.1281, time stamp: 0x5007060d
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc00001a5
Fault offset: 0x0004059f
Faulting process id: 0x1210
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
Faulting package full name: UNS.exe4
Faulting package-relative application ID: UNS.exe5

Error: (12/01/2014 01:38:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNS.exe, version: 8.1.0.1281, time stamp: 0x5007060d
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc00001a5
Fault offset: 0x0004059f
Faulting process id: 0x1210
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
Faulting package full name: UNS.exe4
Faulting package-relative application ID: UNS.exe5

Error: (12/01/2014 01:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNS.exe, version: 8.1.0.1281, time stamp: 0x5007060d
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc0000028
Fault offset: 0x000a609f
Faulting process id: 0x163c
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
Faulting package full name: UNS.exe4
Faulting package-relative application ID: UNS.exe5

Error: (12/01/2014 01:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNS.exe, version: 8.1.0.1281, time stamp: 0x5007060d
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc00001a5
Fault offset: 0x0004059f
Faulting process id: 0x163c
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
Faulting package full name: UNS.exe4
Faulting package-relative application ID: UNS.exe5

Error: (12/01/2014 01:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNS.exe, version: 8.1.0.1281, time stamp: 0x5007060d
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc00001a5
Fault offset: 0x0004059f
Faulting process id: 0x163c
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
Faulting package full name: UNS.exe4
Faulting package-relative application ID: UNS.exe5


System errors:
=============
Error: (12/01/2014 01:38:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (12/01/2014 01:38:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (12/01/2014 01:38:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (12/01/2014 01:38:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/01/2014 01:38:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (12/01/2014 01:38:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (12/01/2014 01:36:58 PM) (Source: DCOM) (EventID: 10001) (User: Lenovo-PC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server5Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (12/01/2014 01:36:58 PM) (Source: DCOM) (EventID: 10001) (User: Lenovo-PC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server5Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (12/01/2014 01:36:33 PM) (Source: DCOM) (EventID: 10001) (User: Lenovo-PC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server5Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (12/01/2014 01:36:33 PM) (Source: DCOM) (EventID: 10001) (User: Lenovo-PC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server5Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (12/01/2014 01:47:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mod_frst.exe3.3.10.252f906abKERNELBASE.dll6.3.9600.1727853eeb4604001000600012f7119d401d00d973a40e9e6C:\WINDOWS\mod_frst.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll7a90377c-798a-11e4-bf28-fc4dd43a5e23

Error: (12/01/2014 01:47:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mod_frst.exe3.3.10.252f906abKERNELBASE.dll6.3.9600.1727853eeb460c00001a50001d28519d401d00d973a40e9e6C:\WINDOWS\mod_frst.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll7a8b72b6-798a-11e4-bf28-fc4dd43a5e23

Error: (12/01/2014 01:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19KERNELBASE.dll6.3.9600.1727853eeb4604001000600012f71f0c01d00d9717c5647aC:\WINDOWS\ERUNT.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll572fcd85-798a-11e4-bf28-fc4dd43a5e23

Error: (12/01/2014 01:46:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19KERNELBASE.dll6.3.9600.1727853eeb460c00001a50001d285f0c01d00d9717c5647aC:\WINDOWS\ERUNT.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll5728a66a-798a-11e4-bf28-fc4dd43a5e23

Error: (12/01/2014 01:38:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UNS.exe8.1.0.12815007060dntdll.dll6.3.9600.1741554504b0dc0000028000a609f121001d00d960a785a01C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\WINDOWS\SYSTEM32\ntdll.dll483db7af-7989-11e4-bf28-fc4dd43a5e23

Error: (12/01/2014 01:38:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UNS.exe8.1.0.12815007060dntdll.dll6.3.9600.1741554504b0dc00001a50004059f121001d00d960a785a01C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\WINDOWS\SYSTEM32\ntdll.dll4836d8b4-7989-11e4-bf28-fc4dd43a5e23

Error: (12/01/2014 01:38:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UNS.exe8.1.0.12815007060dntdll.dll6.3.9600.1741554504b0dc00001a50004059f121001d00d960a785a01C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\WINDOWS\SYSTEM32\ntdll.dll483020d3-7989-11e4-bf28-fc4dd43a5e23

Error: (12/01/2014 01:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UNS.exe8.1.0.12815007060dntdll.dll6.3.9600.1741554504b0dc0000028000a609f163c01d00d96047ad763C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\WINDOWS\SYSTEM32\ntdll.dll423f632a-7989-11e4-bf28-fc4dd43a5e23

Error: (12/01/2014 01:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UNS.exe8.1.0.12815007060dntdll.dll6.3.9600.1741554504b0dc00001a50004059f163c01d00d96047ad763C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\WINDOWS\SYSTEM32\ntdll.dll4238ab40-7989-11e4-bf28-fc4dd43a5e23

Error: (12/01/2014 01:38:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UNS.exe8.1.0.12815007060dntdll.dll6.3.9600.1741554504b0dc00001a50004059f163c01d00d96047ad763C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\WINDOWS\SYSTEM32\ntdll.dll42312ff1-7989-11e4-bf28-fc4dd43a5e23


CodeIntegrity Errors:
===================================
  Date: 2014-11-30 08:48:08.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.684
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.559
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 4026.35 MB
Available physical RAM: 2525.93 MB
Total Pagefile: 8122.35 MB
Available Pagefile: 6341.46 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:921.55 GB) (Free:800.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6D26FB66)

Partition: GPT Partition Type.

==================== End Of Log ============================



#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:43 AM

Posted 02 December 2014 - 12:31 PM

Hi Eeger33.

 

I saw that your firewall had been disabled. This is a way malware can infected your computer so please enable it.

 

Regarding your password managers, did you use them? If yes which one you use?

 

We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

  • Catalina Savings Printer
  • Coupon Printer for Windows
  • CouponPrinterPlugin

Additional instructions can be found here if needed.

--------------

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 Eeger33

Eeger33
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  

Posted 02 December 2014 - 04:52 PM

   I  attempted removing (in full Windows)  the Catalina Savings
Printer program and I got a Windows error 1719 (windows installer
service could not be accessed).      Later, in Safe Mode with
Networking,  I got "The Windows Installer Service could not be
accessed......".      The Coupon Printer for Windows uninstalled in
Safe Mode (failed to uninstall in live mode).     Uninstall of

Coupon Printer Plugin worked on the first try in live mode.

 

 

# AdwCleaner v4.103 - Report created 02/12/2014 at 16:02:57
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : DAW - LENOVO-PC
# Running from : C:\Users\DAW\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi
Key Found : HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v

[C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSLB&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869

*************************

AdwCleaner[R0].txt - [1405 octets] - [02/12/2014 16:02:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1465 octets] ##########
 



#9 Eeger33

Eeger33
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  

Posted 02 December 2014 - 06:47 PM

Additional comments: My password software is RoboForm and it fails to start up. Also, it seems the Malware regularly resets the Windows Firewall to OFF. I just checked it and Turned it back ON. Finally, I saw that a lot of apps in the PUBLIC column were somehow added to the Windows Firewall "allow through" list. I unchecked them all.

#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:43 AM

Posted 04 December 2014 - 11:45 AM

Hi Eeger33.

 

About Catalina failed to uninstall, we will looking into this later.

Also, in the log I see that you have Private Firewall installed. Please try enable that instead of windows firewall, can it be enabled?

 

Did you use Norton Identity Safe toolbar and Trendmicro toolbar?

 

----------------

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

-------------

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.

1406373241-3-o.png


Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.

1406373250-4-o.png


Go to Step 5 and under"System Restore" click on Create button.

1406373259-5-o.png


Go to Start Repairs tab and click the Start button.

1406373267-start1-o.png


Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start Repairs button.

1406373275-start2-o.png


After the repair finished, you may be prompted to restart the computer. Please allow it to do so.

Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

-------------

 

After the fixes above are completed. Please create new FRST log for me. Also check the box "addition.txt" before push scan.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 Eeger33

Eeger33
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  

Posted 04 December 2014 - 03:10 PM

Private Firewall enabled.     Windows Firewall disabled now.

 

Norton Identity Safe toolbar and Trendmicro toolbar - neither are used at the present time.      Although I may like to run the Norton Identity Safe itself in the future.   

 

ADW report:

# AdwCleaner v4.103 - Report created 04/12/2014 at 12:45:51
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.1 [Local]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : DAW - LENOVO-PC
# Running from : C:\Users\DAW\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v

[C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSLB&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869

*************************

AdwCleaner[R0].txt - [1545 octets] - [02/12/2014 16:02:57]
AdwCleaner[R1].txt - [1605 octets] - [04/12/2014 12:43:41]
AdwCleaner[S0].txt - [1540 octets] - [04/12/2014 12:45:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1600 octets] ##########

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1 Pro
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack:
Computer Name: LENOVO-PC
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\DAW
Current Profile SID: S-1-5-21-1670467332-2357784724-919192203-1001
Current Profile Classes: S-1-5-21-1670467332-2357784724-919192203-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\DAW\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:25:14

Process Count: 29
Commit Total: 787.80 MB
Commit Limit: 7.93 GB
Commit Peak: 899.29 MB
Handle Count: 8184
Kernel Total: 370.73 MB
Kernel Paged: 252.79 MB
Kernel Non Paged: 117.95 MB
System Cache: 3.12 GB
Thread Count: 386
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.93 GB
Memory Used: 920.29 MB(22.8566%)
Memory Avail.: 3.03 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.93 GB
Memory Used: 723.84 MB(17.9775%)
Memory Avail.: 3.23 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (12/4/2014 1:47:17 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 73
 
01 - Reset Registry Permissions
   Restore Windows 8 Default Registry Permissions
   Start (12/4/2014 1:47:18 PM)

Decompressing & Updating Windows 8 Permission File hkud.txt
Done,  0.25 seconds.


Decompressing & Updating Windows 8 Permission File hkcu.txt
Done,  0.22 seconds.


Decompressing & Updating Windows 8 Permission File hkcr.txt
Done,  0.66 seconds.


Decompressing & Updating Windows 8 Permission File hklm.txt
Done,  1.33 seconds.

   Running Repair Under System Account
   Running Repair Under Current User Account
   Done (12/4/2014 1:49:51 PM)

03 - Reset Service Permissions
   Start (12/4/2014 1:49:51 PM)
   Running Repair Under System Account
   Done (12/4/2014 1:49:54 PM)

04 - Register System Files
   Start (12/4/2014 1:49:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:50:04 PM)

05 - Repair WMI
   Start (12/4/2014 1:50:04 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Trend Micro Titanium Internet Security Exported.
   Windows Defender Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   Trend Micro Titanium Internet Security Exported.

   Exporting 3rd Party Firewall Info...
   Privatefirewall Exported.

   Running Repair Under Current User Account
   Done (12/4/2014 1:57:00 PM)

06 - Repair Windows Firewall
   Start (12/4/2014 1:57:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:57:29 PM)

07 - Repair Internet Explorer
   Start (12/4/2014 1:57:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:57:39 PM)

08 - Repair MDAC/MS Jet
   Start (12/4/2014 1:57:39 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:57:43 PM)

09 - Repair Hosts File
   Start (12/4/2014 1:57:43 PM)
   Running Repair Under System Account
   Done (12/4/2014 1:57:44 PM)

10 - Remove Policies Set By Infections
   Start (12/4/2014 1:57:44 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:57:46 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (12/4/2014 1:57:47 PM)
   Running Repair Under System Account
   Done (12/4/2014 1:57:48 PM)

12 - Repair Icons
   Start (12/4/2014 1:57:48 PM)
   Running Repair Under Current User Account
   Done (12/4/2014 1:57:49 PM)

13 - Repair Winsock & DNS Cache
   Start (12/4/2014 1:57:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:57:59 PM)

15 - Repair Proxy Settings
   Start (12/4/2014 1:57:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:01 PM)

17 - Repair Windows Updates
   Start (12/4/2014 1:58:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (12/4/2014 1:58:17 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (12/4/2014 1:58:17 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (12/4/2014 1:58:17 PM)

19 - Repair Volume Shadow Copy Service
   Start (12/4/2014 1:58:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:37 PM)

21 - Repair MSI (Windows Installer)
   Start (12/4/2014 1:58:37 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:45 PM)

23.01 - Repair bat Association
   Start (12/4/2014 1:58:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:47 PM)

23.02 - Repair cmd Association
   Start (12/4/2014 1:58:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:49 PM)

23.03 - Repair com Association
   Start (12/4/2014 1:58:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:51 PM)

23.04 - Repair Directory Association
   Start (12/4/2014 1:58:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:53 PM)

23.05 - Repair Drive Association
   Start (12/4/2014 1:58:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:55 PM)

23.06 - Repair exe Association
   Start (12/4/2014 1:58:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:57 PM)

23.07 - Repair Folder Association
   Start (12/4/2014 1:58:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:58:59 PM)

23.08 - Repair inf Association
   Start (12/4/2014 1:58:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:59:01 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (12/4/2014 1:59:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:59:03 PM)

23.10 - Repair msc Association
   Start (12/4/2014 1:59:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:59:06 PM)

23.11 - Repair reg Association
   Start (12/4/2014 1:59:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:59:08 PM)

23.12 - Repair scr Association
   Start (12/4/2014 1:59:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:59:10 PM)

24 - Repair Windows Safe Mode
   Start (12/4/2014 1:59:10 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:59:12 PM)

25 - Repair Print Spooler
   Start (12/4/2014 1:59:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:59:16 PM)

26 - Restore Important Windows Services
   Start (12/4/2014 1:59:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:59:22 PM)

27 - Set Windows Services To Default Startup
   Start (12/4/2014 1:59:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 1:59:24 PM)

28 - Repair Windows 8 App Store
   Start (12/4/2014 1:59:24 PM)

Decompressing & Updating Windows 8 Permission File hkcu.txt
Done,  0.17 seconds.

   Running Repair Under Current User Account
   Done (12/4/2014 2:00:30 PM)

29 - Repair Windows 8 Component Store
   Start (12/4/2014 2:00:30 PM)
   Running Repair Under Current User Account
   Done (12/4/2014 2:13:38 PM)

30 - Restore Windows 8 COM+ Unmarshalers
   Start (12/4/2014 2:13:38 PM)
   Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>

SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.

   Done (12/4/2014 2:13:40 PM)

31 - Repair Windows 'New' Submenu
   Start (12/4/2014 2:13:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/4/2014 2:13:42 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (12/4/2014 2:13:42 PM)
   Total Repair Time: 00:26:27


...YOU MUST RESTART YOUR SYSTEM...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by DAW (administrator) on LENOVO-PC on 04-12-2014 14:45:15
Running from C:\Users\DAW\Downloads
Loaded Profile: DAW (Available profiles: DAW)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2\ABService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files\Lenovo\LBAI\LBAEvent.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\SystemAgent\SystemAgentService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [26536 2012-08-06] ()
HKLM-x32\...\Run: [CTRegRun] => C:\windows\CTRegRun.EXE [41984 1999-10-10] (Creative Technology Ltd )
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-10-13] (Glarysoft Ltd)
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\MountPoints2: {04f5481a-dd53-11e3-beae-fc4dd43a5e23} - "F:\GSLoader.exe"
Startup: C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TaxACT 2013 - 1040 Edition Readme.lnk
ShortcutTarget: TaxACT 2013 - 1040 Edition Readme.lnk ->  (No File)
Startup: C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TaxACT 2013.lnk
ShortcutTarget: TaxACT 2013.lnk ->  (No File)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> {E73DE8CF-9423-4A38-872B-52025D19BB23} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

FireFox:
========
FF ProfilePath: C:\Users\DAW\AppData\Roaming\Mozilla\Firefox\Profiles\m8rjzhkj.default
FF Homepage: https://startpage.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\DAW\AppData\Roaming\Mozilla\Firefox\Profiles\m8rjzhkj.default\searchplugins\startpage-https.xml
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-01-09]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.6.15\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.6.15\coFFPlgn [2014-09-23]
FF HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-07-05]

Chrome:
=======
CHR Profile: C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-01-15]
CHR Extension: (RoboForm) - C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-05-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S3 FrAgent; C:\Program Files\Dayu\Disk Master Professional\Agent.exe [63720 2014-08-04] (DAYU Technology Co., Ltd.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-24] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.)
S4 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-08-01] (Nitro PDF Software)
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [59304 2012-08-06] (Lenovo)
R2 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186280 2012-08-06] (Lenovo Group Limited)
S2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
S3 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
S3 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2014-08-19] () [File not signed]
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [151480 2014-08-19] () [File not signed]
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-11-29] ()
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [17848 2014-08-19] () [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R0 bdisk; C:\Windows\System32\drivers\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
R0 CBUfs; C:\Windows\System32\drivers\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 diskbckp; C:\Windows\System32\drivers\diskbckp.sys [39656 2014-08-04] (DAYU Technology Co., Ltd.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2014-10-16] (Glarysoft Ltd)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-09] (Lenovo)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [96472 2014-11-24] (Malwarebytes Corporation)
S3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
S3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R0 reparse; C:\Windows\System32\DRIVERS\cbreparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-08-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-08-10] (Acronis)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2013-07-10] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [103712 2013-07-07] (Trend Micro Inc.)
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2013-12-12] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2013-12-12] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700680 2013-12-12] ()
R3 vdbus; C:\Windows\System32\drivers\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
R3 vDisk; C:\Windows\System32\drivers\vDisk.sys [236264 2014-08-04] (DAYU Technology Co., Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 14:45 - 2014-12-04 14:45 - 00024860 _____ () C:\Users\DAW\Downloads\FRST.txt
2014-12-04 14:42 - 2014-12-04 14:43 - 02117632 _____ (Farbar) C:\Users\DAW\Downloads\FRST64.exe
2014-12-04 13:50 - 2014-12-04 13:50 - 00863592 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-12-04 13:20 - 2014-12-04 13:20 - 00001939 _____ () C:\Users\DAW\Desktop\Repair_Windows.exe - Shortcut.lnk
2014-12-04 13:12 - 2014-12-04 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-04 13:12 - 2014-12-04 13:12 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-04 12:56 - 2014-12-04 12:59 - 09817304 _____ () C:\Users\DAW\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-12-02 16:02 - 2014-12-04 12:45 - 00000000 ____D () C:\AdwCleaner
2014-12-02 15:37 - 2014-12-02 15:37 - 02154496 _____ () C:\Users\DAW\Desktop\AdwCleaner.exe
2014-12-02 15:27 - 2014-12-02 15:27 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-12-01 13:47 - 2014-12-01 13:47 - 00039089 _____ () C:\Users\DAW\Desktop\Addition.txt
2014-12-01 13:46 - 2014-12-04 14:45 - 00000000 ____D () C:\FRST
2014-12-01 13:46 - 2014-12-01 13:47 - 00084988 _____ () C:\Users\DAW\Desktop\FRST.txt
2014-12-01 13:44 - 2014-12-01 13:44 - 02117120 _____ (Farbar) C:\Users\DAW\Desktop\FRST64.exe
2014-11-30 09:20 - 2014-11-30 09:20 - 00002290 _____ () C:\Users\DAW\Desktop\FSS_sfmdnet.txt
2014-11-30 09:07 - 2014-11-30 09:07 - 00002290 _____ () C:\Users\DAW\Desktop\OLDFSS.txt
2014-11-30 08:54 - 2014-11-30 08:54 - 00415232 _____ (Farbar) C:\Users\DAW\Desktop\FSS.exe
2014-11-29 19:09 - 2014-11-29 19:09 - 00688992 _____ (Swearware) C:\Users\DAW\Desktop\dds.com
2014-11-29 09:50 - 2014-11-29 09:50 - 00000056 _____ () C:\.directory
2014-11-27 14:13 - 2014-11-28 15:12 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-11-26 17:36 - 2014-11-26 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2014-11-26 17:35 - 2014-11-26 17:35 - 00001078 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-11-26 17:35 - 2014-11-26 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-11-26 17:35 - 2014-11-26 17:35 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-11-26 15:10 - 2014-11-26 15:10 - 00000000 ____D () C:\Users\DAW\barbar
2014-11-26 15:01 - 2014-11-26 15:01 - 00000000 __SHD () C:\Users\DAW\AppData\Local\EmieBrowserModeList
2014-11-26 14:59 - 2014-11-26 14:59 - 00000000 ____D () C:\ProgramData\UVK
2014-11-26 14:53 - 2014-11-26 17:36 - 00001803 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2014-11-26 14:53 - 2014-11-26 14:58 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2014-11-24 11:35 - 2014-11-24 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-24 11:34 - 2014-11-24 11:34 - 00000000 ____D () C:\Users\DAW\Desktop\mbar
2014-11-24 10:49 - 2014-11-24 10:49 - 02476596 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\HousecallLauncher64.exe
2014-11-24 09:46 - 2014-11-24 09:46 - 00001378 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-11-24 09:46 - 2014-11-24 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-11-24 09:14 - 2014-11-24 09:14 - 00019272 _____ () C:\Users\DAW\Downloads\cc_20141124_091358.reg
2014-11-24 09:14 - 2014-11-24 09:14 - 00001544 _____ () C:\Users\DAW\Downloads\cc_20141124_091436.reg
2014-11-23 16:12 - 2014-11-23 16:12 - 00000000 ____D () C:\Users\DAW\Downloads\log
2014-11-23 16:11 - 2014-11-23 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-11-23 16:11 - 2014-11-23 16:11 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-11-23 16:08 - 2014-11-23 16:08 - 00013283 _____ () C:\LENOVO-PC_2014.11.23-1607.42_b97d995f-08bc-4d2a-8506-9094b9158911_17905.zip
2014-11-23 16:07 - 2014-11-23 16:08 - 00000000 ____D () C:\Users\DAW\Downloads\TrendMicro AntiThreat Toolkit
2014-11-23 15:59 - 2014-11-23 15:59 - 32016388 _____ () C:\LENOVO-PC_2014.11.23-1552.39_b97d995f-08bc-4d2a-8506-9094b9158911_17907.zip
2014-11-23 15:03 - 2014-11-23 15:03 - 04831040 _____ () C:\LENOVO-PC_2014.11.23-1448.44_b97d995f-08bc-4d2a-8506-9094b9158911_10568.zip
2014-11-23 14:46 - 2014-11-23 14:46 - 00000044 _____ () C:\Users\DAW\Downloads\HJThis_Adsspy.txt
2014-11-23 14:37 - 2014-11-23 14:37 - 00013023 _____ () C:\Users\DAW\Downloads\PaulBun1123A.log
2014-11-23 14:23 - 2014-11-23 16:08 - 00000328 _____ () C:\Users\DAW\Downloads\TRScn1Line.txt
2014-11-23 13:58 - 2014-11-23 13:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\HolaMe.exe
2014-11-23 13:54 - 2014-11-23 13:55 - 05228804 _____ () C:\Users\DAW\Downloads\BknWshNDreye.zip
2014-11-23 13:49 - 2014-11-23 13:49 - 07890226 _____ () C:\LENOVO-PC_2014.11.23-1334.58_b97d995f-08bc-4d2a-8506-9094b9158911_10568.zip
2014-11-23 13:41 - 2014-11-23 13:49 - 48965584 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\zffl.exe
2014-11-23 13:41 - 2014-11-23 13:44 - 08578872 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\fartr.exe
2014-11-23 13:33 - 2014-11-23 13:37 - 25247888 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\SEnline.exe
2014-11-23 13:33 - 2014-11-23 13:34 - 04572080 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\kcoll.exe
2014-11-23 13:19 - 2014-11-23 13:27 - 73491536 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\cucooD.exe
2014-11-23 13:17 - 2014-11-23 13:18 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\DAW\Downloads\ARBeeSetup.exe
2014-11-23 13:16 - 2014-11-23 13:16 - 00001036 _____ () C:\Users\DAW\Downloads\1416766579.txt
2014-11-23 13:12 - 2014-11-23 16:12 - 00000000 ____D () C:\Users\DAW\Downloads\TMRBLog
2014-11-23 13:12 - 2014-11-23 13:12 - 00000000 ____D () C:\Users\DAW\Downloads\EmptyTrdlog
2014-11-23 13:09 - 2014-11-23 13:11 - 14861360 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\XRBV5.0-1180x64.exe
2014-11-23 11:36 - 2014-11-23 11:36 - 00001108 _____ () C:\Users\DAW\Documents\MY_DATA_112314_1.p2g
2014-11-23 11:11 - 2014-11-23 11:11 - 00053248 _____ () C:\Users\DAW\Documents\bitdefender_isocd.iso
2014-11-23 10:55 - 2014-11-23 14:09 - 00000000 ____D () C:\Users\DAW\Downloads\ISO
2014-11-23 10:36 - 2014-11-23 11:23 - 00000836 _____ () C:\Users\DAW\AppData\Roaming\burnaware.ini
2014-11-23 10:36 - 2014-11-23 10:36 - 00001077 _____ () C:\Users\Public\Desktop\BurnAware Free.lnk
2014-11-23 10:36 - 2014-11-23 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-11-23 10:36 - 2014-11-23 10:36 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free
2014-11-23 10:25 - 2014-11-23 10:26 - 07244992 _____ (Burnaware ) C:\Users\DAW\Downloads\burnaware_free.exe
2014-11-23 09:13 - 2014-11-23 09:13 - 00274912 _____ () C:\WINDOWS\Minidump\112314-72546-01.dmp
2014-11-23 09:11 - 2014-11-23 09:11 - 218738790 _____ () C:\WINDOWS\MEMORY.DMP
2014-11-22 18:03 - 2014-11-22 18:03 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\FixTDSS
2014-11-22 17:57 - 2014-11-22 17:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-22 16:46 - 2014-11-22 16:46 - 00002608 _____ () C:\Users\DAW\Desktop\Rkill_Nov22_T446pm.txt
2014-11-22 16:41 - 2014-11-22 16:42 - 00000855 _____ () C:\Users\DAW\Downloads\Stinger_22112014_164117.html
2014-11-22 16:37 - 2014-11-22 16:37 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-11-22 16:34 - 2014-11-22 16:34 - 00000512 _____ () C:\Users\DAW\Downloads\dmpdsk0nov22
2014-11-22 16:32 - 2014-11-22 16:34 - 00012413 _____ () C:\Users\DAW\Desktop\MBRCheck_11.22.14_16.32.34.txt
2014-11-22 16:29 - 2014-11-22 16:29 - 00001159 _____ () C:\Users\DAW\Documents\gmpass2A.log
2014-11-22 16:21 - 2014-11-22 16:21 - 00002608 _____ () C:\Users\DAW\Desktop\Rkill_1122T4pm.txt
2014-11-22 16:17 - 2014-11-22 16:17 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-11-22 14:27 - 2014-11-23 08:33 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-22 14:12 - 2014-11-22 16:45 - 00002608 _____ () C:\Users\DAW\Desktop\Rkill.txt
2014-11-22 11:57 - 2014-11-22 11:57 - 00024790 _____ () C:\Users\DAW\Documents\mercy3.log
2014-11-22 11:35 - 2014-11-22 11:35 - 00001359 _____ () C:\Users\DAW\Documents\mercyf.log
2014-11-22 11:33 - 2014-11-22 11:33 - 00001359 _____ () C:\Users\DAW\Documents\mercy1.log
2014-11-21 22:14 - 2014-11-23 08:33 - 00000000 ____D () C:\Users\DAW\Downloads\ClamWinPortable
2014-11-21 21:47 - 2014-11-23 08:33 - 00000000 ____D () C:\Users\DAW\Documents\PandaCloudCleaner-1
2014-11-21 19:42 - 2014-11-22 16:43 - 00000110 ___RH () C:\Users\DAW\Downloads\Stinger.opt
2014-11-21 19:32 - 2014-11-21 19:34 - 00000851 _____ () C:\Users\DAW\Downloads\Stinger_21112014_193250.html
2014-11-21 12:32 - 2014-11-23 11:45 - 00000000 ____D () C:\Users\DAW\Downloads\Icon Cache Rebuilder
2014-11-21 12:31 - 2014-11-21 12:31 - 00126756 _____ () C:\Users\DAW\Downloads\Icon Cache Rebuilder.zip
2014-11-21 12:18 - 2014-11-23 11:45 - 00000000 ____D () C:\Users\DAW\Downloads\winx-dvd-ripper-platinum-bf
2014-11-21 11:03 - 2014-11-21 11:07 - 37753327 _____ () C:\Users\DAW\Downloads\winx-dvd-ripper-platinum-bf.zip
2014-11-19 19:02 - 2014-11-19 19:02 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-19 18:51 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-19 18:50 - 2014-10-28 22:59 - 00014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys
2014-11-19 18:50 - 2014-10-28 22:58 - 00014528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2014-11-19 18:50 - 2014-10-28 22:54 - 07474496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-19 18:50 - 2014-10-28 22:53 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-11-19 18:50 - 2014-10-28 22:52 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-19 18:50 - 2014-10-28 22:06 - 01499376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-11-19 18:50 - 2014-10-28 20:22 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-11-19 18:50 - 2014-10-15 03:32 - 02025792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-11-19 18:50 - 2014-09-24 22:42 - 00373568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-11-19 18:49 - 2014-10-28 23:04 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-19 18:49 - 2014-10-28 23:03 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-19 18:49 - 2014-10-28 22:59 - 00415040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-11-19 18:49 - 2014-10-28 22:58 - 01797944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2014-11-19 18:49 - 2014-10-28 22:57 - 01552704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-11-19 18:49 - 2014-10-28 22:57 - 00389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-11-19 18:49 - 2014-10-28 20:24 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-11-19 18:49 - 2014-10-28 20:14 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-11-19 18:49 - 2014-10-28 19:58 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-11-19 18:49 - 2014-10-15 03:32 - 00551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2014-11-19 18:49 - 2014-10-12 21:41 - 01114432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-11-19 18:49 - 2014-10-08 02:32 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-11-19 18:49 - 2014-10-07 01:44 - 00533824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2014-11-19 18:49 - 2014-07-04 16:29 - 00478528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2014-11-19 18:48 - 2014-10-28 22:59 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-11-19 18:48 - 2014-10-28 22:56 - 00089368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2014-11-19 18:48 - 2014-10-28 22:52 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-19 18:48 - 2014-10-28 22:52 - 00100672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2014-11-19 18:48 - 2014-10-28 22:51 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-11-19 18:48 - 2014-10-28 22:51 - 00179736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2014-11-19 18:48 - 2014-10-28 22:06 - 00080016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2014-11-19 18:48 - 2014-10-28 21:47 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2014-11-19 18:48 - 2014-10-28 21:46 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2014-11-19 18:48 - 2014-10-28 21:45 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2014-11-19 18:48 - 2014-10-28 21:45 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rassstp.sys
2014-11-19 18:48 - 2014-10-28 21:14 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2014-11-19 18:48 - 2014-10-28 20:57 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2014-11-19 18:48 - 2014-10-28 20:57 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2014-11-19 18:48 - 2014-10-28 20:57 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2014-11-19 18:48 - 2014-10-28 20:50 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2014-11-19 18:48 - 2014-10-28 20:22 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sstpsvc.dll
2014-11-19 18:48 - 2014-10-28 20:20 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-11-19 18:48 - 2014-10-28 20:16 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2014-11-19 18:48 - 2014-10-28 20:10 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-11-19 18:48 - 2014-10-28 20:06 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2014-11-19 18:48 - 2014-10-28 19:56 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2014-11-19 18:48 - 2014-10-28 19:54 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-11-19 18:48 - 2014-10-28 19:51 - 03317248 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2014-11-19 18:48 - 2014-10-28 19:45 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2014-11-19 18:48 - 2014-10-28 19:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2014-11-19 18:48 - 2014-10-15 03:32 - 00088896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2014-11-19 18:48 - 2014-10-15 03:32 - 00061248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2014-11-19 18:48 - 2014-10-12 21:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-11-19 18:48 - 2014-10-12 21:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-11-19 18:48 - 2014-10-08 04:24 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-11-19 18:48 - 2014-10-07 01:54 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2014-11-19 18:48 - 2014-10-07 01:44 - 00102208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-11-19 18:48 - 2014-09-26 23:59 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-11-19 18:48 - 2014-08-25 22:30 - 00354112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-11-19 18:47 - 2014-10-28 22:59 - 00025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\streamci.dll
2014-11-19 18:47 - 2014-10-28 22:57 - 00027872 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2014-11-19 18:47 - 2014-10-28 22:56 - 00097048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2014-11-19 18:47 - 2014-10-28 22:56 - 00061208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2014-11-19 18:47 - 2014-10-28 22:56 - 00049944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2014-11-19 18:47 - 2014-10-28 22:53 - 00095048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2014-11-19 18:47 - 2014-10-28 22:51 - 00047024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2014-11-19 18:47 - 2014-10-28 22:51 - 00033032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2014-11-19 18:47 - 2014-10-28 22:51 - 00024800 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2014-11-19 18:47 - 2014-10-28 22:05 - 00026304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2014-11-19 18:47 - 2014-10-28 22:05 - 00020120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2014-11-19 18:47 - 2014-10-28 21:48 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2014-11-19 18:47 - 2014-10-28 21:48 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2014-11-19 18:47 - 2014-10-28 21:47 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2014-11-19 18:47 - 2014-10-28 21:47 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2014-11-19 18:47 - 2014-10-28 21:47 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2014-11-19 18:47 - 2014-10-28 21:46 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbGD.sys
2014-11-19 18:47 - 2014-10-28 21:45 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2014-11-19 18:47 - 2014-10-28 21:45 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-11-19 18:47 - 2014-10-28 21:45 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2014-11-19 18:47 - 2014-10-28 21:44 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2014-11-19 18:47 - 2014-10-28 21:43 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2014-11-19 18:47 - 2014-10-28 21:43 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2014-11-19 18:47 - 2014-10-28 21:43 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2014-11-19 18:47 - 2014-10-28 21:42 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2014-11-19 18:47 - 2014-10-28 21:42 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\umdmxfrm.dll
2014-11-19 18:47 - 2014-10-28 21:42 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2014-11-19 18:47 - 2014-10-28 21:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshnetbs.dll
2014-11-19 18:47 - 2014-10-28 21:41 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\serwvdrv.dll
2014-11-19 18:47 - 2014-10-28 21:41 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshirda.dll
2014-11-19 18:47 - 2014-10-28 21:41 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIRCoInst.dll
2014-11-19 18:47 - 2014-10-28 21:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2014-11-19 18:47 - 2014-10-28 21:36 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\traffic.dll
2014-11-19 18:47 - 2014-10-28 21:36 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bridgeunattend.exe
2014-11-19 18:47 - 2014-10-28 21:34 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2014-11-19 18:47 - 2014-10-28 21:33 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2014-11-19 18:47 - 2014-10-28 21:33 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmdCoinstall.dll
2014-11-19 18:47 - 2014-10-28 21:33 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2014-11-19 18:47 - 2014-10-28 21:17 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbGDCoInstaller.dll
2014-11-19 18:47 - 2014-10-28 21:11 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2014-11-19 18:47 - 2014-10-28 21:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\brdgcfg.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2014-11-19 18:47 - 2014-10-28 20:58 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\umdmxfrm.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshrm.dll
2014-11-19 18:47 - 2014-10-28 20:57 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\serwvdrv.dll
2014-11-19 18:47 - 2014-10-28 20:57 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshirda.dll
2014-11-19 18:47 - 2014-10-28 20:56 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\irclass.dll
2014-11-19 18:47 - 2014-10-28 20:53 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\traffic.dll
2014-11-19 18:47 - 2014-10-28 20:51 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2014-11-19 18:47 - 2014-10-28 20:33 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2014-11-19 18:47 - 2014-10-28 20:29 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2014-11-19 18:47 - 2014-10-28 20:28 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshqos.dll
2014-11-19 18:47 - 2014-10-28 20:28 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2014-11-19 18:47 - 2014-10-28 20:27 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhapi.dll
2014-11-19 18:47 - 2014-10-28 20:27 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2014-11-19 18:47 - 2014-10-28 20:20 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2014-11-19 18:47 - 2014-10-28 20:05 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshqos.dll
2014-11-19 18:47 - 2014-10-28 20:05 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2014-11-19 18:47 - 2014-10-28 19:58 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootim.exe
2014-11-19 18:47 - 2014-10-15 03:32 - 00921920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2014-11-19 18:47 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-11-19 18:47 - 2014-10-12 21:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-11-19 18:47 - 2014-10-07 01:54 - 00324928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-11-19 18:47 - 2014-10-07 01:54 - 00189248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2014-11-19 18:47 - 2014-10-07 01:54 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2014-11-19 18:47 - 2014-10-07 01:44 - 00069952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2014-11-19 18:47 - 2014-10-06 22:30 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2014-11-19 18:47 - 2014-10-06 22:29 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2014-11-19 18:47 - 2014-10-06 22:29 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2014-11-19 18:47 - 2014-10-06 22:29 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2014-11-19 16:32 - 2014-11-23 12:08 - 00000000 ____D () C:\Users\DAW\AppData\Local\Archiver 2014
2014-11-19 16:31 - 2014-11-19 16:31 - 00000795 _____ () C:\Users\Public\Desktop\Archiver.lnk
2014-11-18 12:11 - 2014-11-29 10:55 - 00000000 ____D () C:\Program Files\Archiver
2014-11-18 12:11 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Archiver
2014-11-15 20:44 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-15 20:44 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-15 20:44 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-15 20:44 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-15 20:44 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-15 20:44 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-15 20:44 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-15 20:44 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-15 20:44 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-15 20:44 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-15 20:44 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-15 20:44 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-15 20:44 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-15 20:44 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-15 20:44 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-15 20:44 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-15 20:44 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-15 20:44 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-15 20:44 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-15 20:44 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-15 20:44 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-15 20:44 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-15 20:44 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-15 20:44 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-15 20:44 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-15 20:44 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-15 20:44 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-15 20:44 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-15 20:44 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-15 20:44 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-15 20:44 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-15 20:44 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-15 20:44 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-15 20:44 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-15 20:44 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-15 20:44 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-15 20:44 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-15 20:44 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-15 20:44 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-15 20:44 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-15 20:44 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-15 20:44 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-15 20:44 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-15 20:44 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-15 20:44 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-15 20:44 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-15 20:44 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-15 20:44 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-15 20:44 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-15 20:44 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-15 20:44 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-15 20:44 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-15 20:44 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-15 20:44 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-15 20:44 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-15 20:44 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-15 20:44 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-15 20:44 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-15 20:44 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-15 20:44 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-15 20:44 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-15 20:44 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-15 20:44 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-15 20:44 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-15 20:44 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-15 20:44 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-15 20:44 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-15 20:44 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-15 20:44 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-15 20:44 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-15 20:44 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 20:44 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-15 20:44 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-15 20:44 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-15 20:44 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-15 20:44 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-15 20:44 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-15 20:44 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-15 20:44 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-15 20:44 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-15 20:44 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-15 20:44 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-15 20:44 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-15 20:44 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-15 20:44 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-15 20:44 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-15 20:44 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-15 20:44 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-15 20:44 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-15 20:44 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-15 20:44 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-15 20:44 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-15 20:40 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-15 20:40 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-15 20:40 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-15 20:40 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-15 20:40 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-15 20:40 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-15 20:40 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-15 20:37 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-15 20:37 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-15 20:37 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-15 20:37 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-15 20:37 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-15 20:37 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-15 20:37 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-15 20:37 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-15 20:37 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-15 20:37 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-15 20:37 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-15 20:37 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-15 20:37 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-15 20:37 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-15 20:37 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-15 20:37 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-15 20:37 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-15 20:37 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-15 20:37 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-15 20:37 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-15 20:37 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-15 20:37 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-15 20:37 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-15 20:37 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-15 20:35 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-15 20:35 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-15 20:35 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-15 20:35 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-15 20:35 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-15 20:35 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-15 20:35 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-15 20:35 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-15 20:35 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-15 20:35 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-15 20:35 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-15 20:35 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-15 20:35 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-15 20:35 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-15 20:35 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-15 20:34 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-15 20:34 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-15 20:34 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-15 20:34 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-15 20:34 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-15 20:34 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-15 20:34 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-15 20:34 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-15 20:34 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-15 20:34 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-15 20:34 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-15 20:34 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-15 20:34 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-15 20:34 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-15 20:34 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-15 20:34 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-15 20:34 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 19:09 - 2014-11-11 19:09 - 00002098 _____ () C:\Users\DAW\Desktop\VirusTotal Uploader 2.2.lnk
2014-11-11 19:08 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2
2014-11-11 19:07 - 2014-11-11 19:07 - 00142744 _____ () C:\Users\DAW\Downloads\vtuploader2.2.exe
2014-11-10 22:38 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 19:41 - 2014-11-23 12:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 5
2014-11-08 19:41 - 2014-11-23 11:44 - 00000000 ____D () C:\Users\DAW\AppData\Local\Cyberlink
2014-11-08 19:41 - 2014-11-08 19:41 - 00002067 _____ () C:\Users\Public\Desktop\CyberLink PhotoDirector 5 (64-bit).lnk
2014-11-08 19:39 - 2014-11-23 11:43 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-08 19:37 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\install_clap
2014-11-08 19:05 - 2014-11-08 19:05 - 00000000 ____D () C:\ProgramData\complexbackup
2014-11-08 18:58 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 14 Compact
2014-11-08 18:58 - 2014-11-08 18:58 - 00002369 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 14 Compact.lnk
2014-11-07 13:33 - 2014-11-07 14:13 - 298809808 _____ () C:\Users\DAW\Downloads\PhotoDirector_5.0.5715.51476_HE_HE_PTD141020-02.exe
2014-11-07 11:04 - 2014-11-07 11:29 - 223095664 _____ (Paragon Software ) C:\Users\DAW\Downloads\BR14_Compact_ea_x64-November2014.exe
2014-11-04 20:42 - 2014-11-04 20:42 - 00000202 _____ () C:\Users\DAW\Documents\LRey.cpc
2014-11-04 20:37 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\PasswordsPro
2014-11-04 20:37 - 2014-11-04 20:41 - 00000000 ____D () C:\Users\DAW\Documents\PasswordsProData
2014-11-04 20:37 - 2014-11-04 20:37 - 00001078 _____ () C:\Users\Public\Desktop\PasswordsPro.lnk
2014-11-04 20:37 - 2014-11-04 20:37 - 00000184 _____ () C:\Users\DAW\AppData\Local\atidt64.dll
2014-11-04 20:37 - 2014-11-04 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PasswordsPro
2014-11-04 20:36 - 2014-11-04 20:36 - 00000000 ____D () C:\Users\DAW\Downloads\passwords

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 14:40 - 2014-07-27 08:19 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD850610-F9D3-4C5E-9514-08DD5A833AB3}
2014-12-04 14:37 - 2014-07-17 06:01 - 01739750 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-04 14:21 - 2014-03-18 05:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-04 14:19 - 2014-06-22 10:02 - 00000348 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2014-12-04 14:18 - 2014-06-22 10:02 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-12-04 14:18 - 2014-05-03 07:38 - 01820160 ___SH () C:\Users\DAW\Desktop\Thumbs.db
2014-12-04 14:17 - 2013-12-30 13:07 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 14:17 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-04 14:15 - 2014-03-18 04:54 - 00130272 _____ () C:\WINDOWS\PFRO.log
2014-12-04 14:15 - 2013-12-03 21:32 - 00000000 ____D () C:\WINDOWS\CSC
2014-12-04 14:15 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-04 14:15 - 2013-08-22 09:44 - 00369664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-04 14:13 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-04 14:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-04 13:57 - 2013-08-22 08:25 - 00000128 _____ () C:\WINDOWS\win.ini
2014-12-04 13:13 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-04 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-04 12:58 - 2013-12-30 13:07 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-02 16:33 - 2013-12-15 22:14 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1670467332-2357784724-919192203-1001
2014-12-02 15:26 - 2014-05-02 17:58 - 05492736 ___SH () C:\Users\DAW\Downloads\Thumbs.db
2014-11-30 08:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-26 17:38 - 2013-12-16 20:04 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Mozilla
2014-11-26 17:38 - 2013-08-22 08:25 - 00000795 _____ () C:\WINDOWS\system32\Drivers\etc\hosts_bak_918
2014-11-26 15:10 - 2014-07-17 05:49 - 00000000 ____D () C:\Users\DAW
2014-11-26 13:43 - 2013-08-22 09:46 - 00321330 _____ () C:\WINDOWS\setupact.log
2014-11-24 11:39 - 2014-06-28 08:44 - 00135384 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 11:35 - 2014-06-28 08:44 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-24 10:53 - 2014-01-09 16:55 - 00000036 _____ () C:\Users\DAW\AppData\Local\housecall.guid.cache
2014-11-24 10:10 - 2014-09-02 18:12 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2
2014-11-24 10:10 - 2014-07-25 19:34 - 00001024 ____H () C:\SYSTAG.BIN
2014-11-24 10:10 - 2014-07-25 19:32 - 00000082 _____ () C:\WINDOWS\SysWOW64\winsevr.dat
2014-11-24 10:09 - 2014-01-09 16:58 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-11-23 17:23 - 2014-02-12 19:14 - 00000000 ____D () C:\Program Files (x86)\Opera Next
2014-11-23 16:14 - 2014-07-05 10:14 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-11-23 13:12 - 2014-01-09 16:59 - 00305832 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-11-23 12:10 - 2014-03-18 04:46 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents
2014-11-23 12:10 - 2014-03-18 04:46 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\ras
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MSDRM
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\icsxml
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Bthprops
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\ras
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\MSDRM
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Bthprops
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system\Speech
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\addins
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-23 12:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-11-23 12:08 - 2014-11-02 16:21 - 00000000 ____D () C:\Users\DAW\Downloads\ProcessExplorer
2014-11-23 12:08 - 2014-10-31 08:32 - 00000000 ____D () C:\Program Files (x86)\MiniTool Power Data Recovery - Bootable Media Builder
2014-11-23 12:08 - 2014-10-16 13:47 - 00000000 ____D () C:\Program Files (x86)\Kryptel
2014-11-23 12:08 - 2014-09-29 08:07 - 00000000 ____D () C:\Program Files (x86)\Zoom Player
2014-11-23 12:08 - 2014-09-14 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.1
2014-11-23 12:08 - 2014-09-11 08:51 - 00000000 ____D () C:\Program Files (x86)\4Card Recovery
2014-11-23 12:08 - 2014-09-02 13:38 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-11-23 12:08 - 2014-09-01 21:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-23 12:08 - 2014-08-12 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Master Professional
2014-11-23 12:08 - 2014-08-10 16:33 - 00000000 ____D () C:\Program Files (x86)\Seagate File Recovery for Windows
2014-11-23 12:08 - 2014-08-10 08:02 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer
2014-11-23 12:08 - 2014-08-07 10:44 - 00000000 ____D () C:\Program Files (x86)\AOMEI Partition Assistant Pro Edition 5.5
2014-11-23 12:08 - 2014-07-18 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-11-23 12:08 - 2014-07-18 19:50 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-11-23 12:08 - 2014-07-01 20:29 - 00000000 ____D () C:\Program Files\WOT
2014-11-23 12:08 - 2014-06-28 08:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 12:08 - 2014-06-12 10:20 - 00000000 ____D () C:\Program Files\MPC-HC
2014-11-23 12:08 - 2014-03-17 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-23 12:08 - 2014-03-12 10:45 - 00000000 ____D () C:\Users\DAW\AppData\Local\Amazon Cloud Player
2014-11-23 12:08 - 2014-01-09 17:26 - 00000000 ____D () C:\Program Files\Recuva
2014-11-23 12:08 - 2013-12-21 18:49 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Hard Disk Sentinel
2014-11-23 12:08 - 2013-12-21 18:49 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2014-11-23 12:08 - 2013-12-16 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-23 12:08 - 2013-12-15 23:05 - 00000000 ____D () C:\Program Files (x86)\PrtScr
2014-11-23 12:08 - 2013-12-03 21:34 - 00000000 ____D () C:\Program Files (x86)\SugarSync
2014-11-23 12:08 - 2013-12-03 21:33 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-11-23 12:08 - 2013-12-03 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-11-23 12:08 - 2013-12-03 21:32 - 00000000 ____D () C:\Program Files\Intel
2014-11-23 12:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2014-11-23 12:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2014-11-23 12:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
2014-11-23 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-23 11:49 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-23 11:48 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2014-11-23 11:47 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-23 11:45 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-23 11:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME
2014-11-23 11:44 - 2014-09-25 11:37 - 00000000 ____D () C:\Users\DAW\AppData\Local\Downloaded Installations
2014-11-23 11:44 - 2014-06-04 16:18 - 00000000 ____D () C:\ProgramData\Temp
2014-11-23 11:44 - 2014-03-18 04:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-23 11:44 - 2013-12-16 20:04 - 00000000 ____D () C:\Users\DAW\AppData\Local\Mozilla
2014-11-23 11:43 - 2014-09-25 12:35 - 00000000 ____D () C:\Program Files\Paragon Software
2014-11-23 11:43 - 2013-12-03 21:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-23 11:43 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-23 11:39 - 2014-03-29 11:18 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-23 11:31 - 2014-08-12 14:46 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-23 09:13 - 2014-07-29 11:12 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-23 08:08 - 2014-09-29 08:00 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-11-23 08:08 - 2013-12-22 20:25 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Foxit Software
2014-11-23 07:44 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-11-22 13:12 - 2014-09-02 16:00 - 01736704 ___SH () C:\Users\DAW\Documents\Thumbs.db
2014-11-22 10:08 - 2013-12-15 22:50 - 00000000 ____D () C:\Users\DAW\AppData\Local\CrashDumps
2014-11-21 17:00 - 2013-12-16 00:13 - 00007610 _____ () C:\Users\DAW\AppData\Local\resmon.resmoncfg
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-11-19 19:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2014-11-19 19:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2014-11-19 19:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-11-19 11:42 - 2014-09-27 08:38 - 00000000 ____D () C:\Users\DAW\AppData\Local\Clarus
2014-11-16 14:21 - 2013-12-20 09:18 - 00000000 ____D () C:\Users\DAW\AppData\Local\Adobe
2014-11-15 20:48 - 2013-12-16 19:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-15 20:45 - 2013-12-16 19:25 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-15 18:53 - 2013-12-30 13:07 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 18:53 - 2013-12-30 13:07 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:25 - 2014-09-01 21:53 - 00001024 ____H () C:\AMTAG.BIN
2014-11-07 13:28 - 2014-08-28 15:45 - 00000000 ____D () C:\Users\DAW\Downloads\PDFs

Some content of TEMP:
====================
C:\Users\DAW\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\DAW\AppData\Local\Temp\procexp64.exe
C:\Users\DAW\AppData\Local\Temp\Quarantine.exe
C:\Users\DAW\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-04 14:38

==================== End Of Log ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by DAW at 2014-12-04 14:46:07
Running from C:\Users\DAW\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Internet Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3.5.0 (HKLM-x32\...\{AE117F4B-840D-448B-A843-C0AE9F5EE50C}_is1) (Version: 3.5.0 - Arduino Software)
4Card Recovery (HKLM-x32\...\{4D08FCD6-718D-4EAC-83BB-0C647118CDB5}_is1) (Version: 2.0 - 4CardRecovery)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.33 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOMEI Backupper Professional Edition 2.0.2 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF55E6C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Pro Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Archiver 2014 (HKLM\...\{9831A377-4577-4DB8-8670-747CBFFC6172}}_is1) (Version:  - Exeone)
BurnAware Free 7.6 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
Creative WebCam Control (HKLM-x32\...\Creative WebCam Control) (Version:  - )
CrystalDiskInfo 6.2.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.2.1 - Crystal Dew World)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5715.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5715.0 - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719c - CyberLink Corp.)
Dorgem 2.1.0 (HKLM-x32\...\Dorgem_is1) (Version:  - Frank Fesevur)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DxO Optics Pro 8 (HKLM\...\{ECC28C7D-ABF5-4ED1-9B29-6D48BC218393}) (Version: 8.5.0 - DxO Labs)
EaseUS Data Recovery Wizard 8.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 8.0_is1) (Version:  - EaseUS)
EaseUS Partition Master 10.1 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Glary Utilities PRO 5.10 (HKLM-x32\...\Glary Utilities 5) (Version: 5.10.0.17 - Glarysoft Ltd)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Kryptel Standard Edition (HKLM-x32\...\{081617FD-3462-4906-B3C9-50F5CB887169}) (Version: 6.6 - Inv Softworks)
LBAI (HKLM-x32\...\{C5C91B7B-38A6-40B7-84D6-E44885E44B13}) (Version: 1.0.0.6 - Lenovo)
Lenovo QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0022 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0007.00 - Lenovo)
Mac Blu-ray Player (HKLM-x32\...\Mac Blu-ray Player) (Version: 2.10.9.1754 - Macgo Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
MiniTool Power Data Recovery - Bootable Media Builder 6.8 (HKLM-x32\...\{33187B46-F813-428A-8EE0-4B721B838C2C}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden
Nitro Pro 7 (HKLM\...\{31553BDE-BCDF-487A-8EFE-A911DA3D13DB}) (Version: 7.4.1.21 - Nitro PDF Software)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Opera Next 20.0.1387.24 (HKLM-x32\...\Opera 20.0.1387.24) (Version: 20.0.1387.24 - Opera Software ASA)
Opera Next 20.0.1387.24 (HKLM-x32\...\Opera 20.0.1387.241) (Version: 20.0.1387.24 - Opera Software ASA)
Opera Next 20.0.1387.30 (HKLM-x32\...\Opera 20.0.1387.30) (Version: 20.0.1387.30 - Opera Software ASA)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
Paragon Backup and Recovery™ 14 Compact (HKLM\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
Paragon Drive Copy™ 14 Compact (HKLM\...\{24371D30-7CFF-11DE-B053-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon Virtualization Manager™ 14 Compact (HKLM-x32\...\{BF50CF00-7CE6-11DE-A06C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Picturelife (HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\850de4f180aba556) (Version: 1.1.6.47 - Picturelife, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}_is1) (Version: 3.00.0005 - Lenovo Group Limited)
Privatefirewall 7.0 (HKLM-x32\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.3 - PWI, Inc.)
PrtScr 1.7 (HKLM-x32\...\PrtScr_is1) (Version:  - FireStarter)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
RoboForm 7-9-10-1 (HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.172 - Clarus, Inc.)
Seagate DiscWizard (HKLM-x32\...\{AC5BFE42-B72A-467C-B9B2-8BF77C6D4D70}) (Version: 16.0.5840 - Seagate)
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.9835 - Seagate)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 6.8.4.0 - Carifred)
Vibra WebCam Manual (English) (HKLM-x32\...\Vibra WebCam Manual English) (Version:  - )
VIP Access (HKLM-x32\...\{7EB5B9B6-E7BF-4E8F-B478-1266A78CF231}) (Version: 2.2.1.13 - Symantec Corporation)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinX HD Video Converter Deluxe 5.0.8 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{11056249-C369-49CA-B0E8-326B5C32AD3C}\InprocServer32 -> C:\Program Files (x86)\Kryptel\Shx64.dll (Inv Softworks LLC)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{11056249-F58F-4AC8-9FBF-75990E973B6C}\InprocServer32 -> C:\Program Files (x86)\Kryptel\Shx64.dll (Inv Softworks LLC)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{11056249-F7FB-49E6-9BBD-434D74005CF5}\InprocServer32 -> C:\Program Files (x86)\Kryptel\Shx64.dll (Inv Softworks LLC)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1670467332-2357784724-919192203-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DAW\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

20-11-2014 00:25:28 After 11/19 patches (actually 2, not 1) 720Mb
21-11-2014 17:46:22 Restore Operation
01-12-2014 19:43:05 Scheduled Checkpoint
02-12-2014 20:29:49 Removed CouponPrinterPlugin

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-12-04 13:57 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11EAF34A-D436-4A4A-A4B4-1F574B0F186D} - System32\Tasks\CLARUS_DRIVE_MANAGER\Clarus_Drive_Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [2013-12-18] (Clarus, Inc.)
Task: {2196C429-5A81-4AC1-B2B6-FB0778E62C4F} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {25041E55-8523-46C0-AD79-28EDE7036C4D} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-10-13] (Glarysoft Ltd)
Task: {386E2EC5-5F98-495D-89DD-BAB7D391108A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-30] (Google Inc.)
Task: {7AA4EF30-5245-44A9-BAED-58E72751D812} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe
Task: {91CE955B-57BA-43AA-8E10-DAAFB649E184} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe
Task: {9B936FFE-A832-44F8-AC5E-BB37A88B5EFE} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-11-23] (Siber Systems)
Task: {9D0F396B-B3FA-41B7-92F0-A0185BD530C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd)
Task: {9E904503-E47B-4D1C-B77B-9594D9934232} - System32\Tasks\Opera scheduled Autoupdate 1392250451 => C:\Program Files (x86)\Opera Next\launcher.exe [2014-02-04] (Opera Software)
Task: {A4B152ED-BB06-49C7-AA94-6906BA6CA8B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-30] (Google Inc.)
Task: {AA49619A-B65A-47FC-A268-27344E6FB187} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe
Task: {AD88AD76-12AB-480D-9ED0-C1259812E1D0} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-10-13] (Glarysoft Ltd)
Task: {B47FA020-BCDB-43EA-B8C1-C31EC33B0023} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PwmIdTsv.exe [2012-08-06] (Lenovo Group Limited)
Task: {C8B23373-33CC-4968-AEE8-448B6272BDF5} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)
Task: {C94504F8-D58D-4869-BAC4-C06C43DA632C} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D56659D9-C37D-43FD-B723-742811564B17} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D87C47B0-5AD0-4BB0-88C1-19AD7377A004} - System32\Tasks\AOMEI  2014-10-16, 15-35-58 => C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2\Backupper.exe [2014-08-21] (AOMEI Tech Co., Ltd.)
Task: {E9F86D20-196F-488A-A725-0402304CD30D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-15] (Microsoft Corporation)
Task: {EFC3FA31-53A8-41DA-B678-36761AC9718A} - System32\Tasks\Intel\Intel Service Manager => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [2012-07-12] (Intel Corporation)
Task: {F8571104-B82D-418F-AEE9-C59261A55AE3} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe [2014-08-31] (Crystal Dew World)
Task: {FA67BB14-FBAA-4D6B-834D-BB74C49A2CD7} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {FAE87A87-1D74-41C6-8D9F-670158738A45} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMOMPMMJKJNMMJKMGMCNIMKJGMOMCNLMHMKMMJCNHMMJGMGMCNLJJMGMMMOMOMLJPMIMHMGMJJJNJICMIMCNGMCNHMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMLJAJLIPMNMFMOMLMKMJNHICMLJAJLIPMNMJNBJCMLLOLPNIKOJMIHJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFMIMOMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: C:\WINDOWS\Tasks\AOMEI  2014-10-16, 15-35-58.job => C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2\Backupper.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-09 16:58 - 2013-01-15 21:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2014-01-09 16:58 - 2013-04-01 23:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2014-01-09 16:58 - 2013-01-15 21:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2014-01-09 16:58 - 2012-12-18 15:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2014-01-09 16:58 - 2013-01-15 21:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2014-01-09 16:51 - 2013-07-23 10:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll
2014-03-17 18:12 - 2013-10-31 17:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-24 03:09 - 2014-10-07 05:55 - 01508032 _____ () C:\Program Files\COMODO\COMMON\LIBEAY32.dll
2014-07-24 03:09 - 2014-10-07 05:55 - 00338112 _____ () C:\Program Files\COMODO\COMMON\SSLEAY32.dll
2014-06-11 08:21 - 2014-06-11 08:21 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-19 16:31 - 2014-01-21 14:41 - 02512896 _____ () C:\Program Files\Archiver\sysnav_helper.dll
2014-01-09 17:07 - 2013-12-18 08:33 - 00057584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "Power Manager Startup Utility"
HKLM\...\StartupApproved\Run32: => "CTRegRun"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\StartupApproved\StartupFolder: => "Uninstall TaxACT 2013 - 1040 Edition.lnk"
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\StartupApproved\Run: => "GUDelayStartup"

========================= Accounts: ==========================

Administrator (S-1-5-21-1670467332-2357784724-919192203-500 - Administrator - Disabled)
DAW (S-1-5-21-1670467332-2357784724-919192203-1001 - Administrator - Enabled) => C:\Users\DAW
Guest (S-1-5-21-1670467332-2357784724-919192203-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1670467332-2357784724-919192203-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2014 02:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Drive Manager.exe, version: 1.0.172.0, time stamp: 0x52b10a85
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc0000028
Fault offset: 0x000a609f
Faulting process id: 0x1444
Faulting application start time: 0xDrive Manager.exe0
Faulting application path: Drive Manager.exe1
Faulting module path: Drive Manager.exe2
Report Id: Drive Manager.exe3
Faulting package full name: Drive Manager.exe4
Faulting package-relative application ID: Drive Manager.exe5

Error: (12/04/2014 02:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Drive Manager.exe, version: 1.0.172.0, time stamp: 0x52b10a85
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc00001a5
Fault offset: 0x0004059f
Faulting process id: 0x1444
Faulting application start time: 0xDrive Manager.exe0
Faulting application path: Drive Manager.exe1
Faulting module path: Drive Manager.exe2
Report Id: Drive Manager.exe3
Faulting package full name: Drive Manager.exe4
Faulting package-relative application ID: Drive Manager.exe5

Error: (12/04/2014 02:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Drive Manager.exe, version: 1.0.172.0, time stamp: 0x52b10a85
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc00001a5
Fault offset: 0x0004059f
Faulting process id: 0x1444
Faulting application start time: 0xDrive Manager.exe0
Faulting application path: Drive Manager.exe1
Faulting module path: Drive Manager.exe2
Report Id: Drive Manager.exe3
Faulting package full name: Drive Manager.exe4
Faulting package-relative application ID: Drive Manager.exe5

Error: (12/04/2014 02:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNS.exe, version: 8.1.0.1281, time stamp: 0x5007060d
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc0000028
Fault offset: 0x000a609f
Faulting process id: 0xb7c
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
Faulting package full name: UNS.exe4
Faulting package-relative application ID: UNS.exe5

Error: (12/04/2014 02:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UNS.exe, version: 8.1.0.1281, time stamp: 0x5007060d
Faulting module name: ntdll.dll, version: 6.3.9600.17415, time stamp: 0x54504b0d
Exception code: 0xc00001a5
Fault offset: 0x0004059f
Faulting process id: 0xb7c
Faulting application start time: 0xUNS.exe0
Faulting application path: UNS.exe1
Faulting module path: UNS.exe2
Report Id: UNS.exe3
Faulting package full name: UNS.exe4
Faulting package-relative application ID: UNS.exe5


System errors:
=============
Error: (12/04/2014 02:45:31 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Lenovo-PCDAWS-1-5-21-1670467332-2357784724-919192203-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/04/2014 02:45:31 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Lenovo-PCDAWS-1-5-21-1670467332-2357784724-919192203-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/04/2014 02:40:22 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Lenovo-PCDAWS-1-5-21-1670467332-2357784724-919192203-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/04/2014 02:38:39 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/04/2014 02:30:31 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Lenovo-PCDAWS-1-5-21-1670467332-2357784724-919192203-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/04/2014 02:30:31 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-PC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Lenovo-PCDAWS-1-5-21-1670467332-2357784724-919192203-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/04/2014 02:30:31 PM) (Source: DCOM) (EventID: 10001) (User: Lenovo-PC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server5Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (12/04/2014 02:30:31 PM) (Source: DCOM) (EventID: 10001) (User: Lenovo-PC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server5Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (12/04/2014 02:30:31 PM) (Source: DCOM) (EventID: 10001) (User: Lenovo-PC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server5Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (12/04/2014 02:30:31 PM) (Source: DCOM) (EventID: 10001) (User: Lenovo-PC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server5Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024891

Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024891

Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024891

Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024891

Error: (12/04/2014 02:30:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024891

Error: (12/04/2014 02:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Drive Manager.exe1.0.172.052b10a85ntdll.dll6.3.9600.1741554504b0dc0000028000a609f144401d00ff6e7532777C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exeC:\WINDOWS\SYSTEM32\ntdll.dllc9c6eef7-7bea-11e4-bf31-fc4dd43a5e23

Error: (12/04/2014 02:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Drive Manager.exe1.0.172.052b10a85ntdll.dll6.3.9600.1741554504b0dc00001a50004059f144401d00ff6e7532777C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exeC:\WINDOWS\SYSTEM32\ntdll.dllc9bd6578-7bea-11e4-bf31-fc4dd43a5e23

Error: (12/04/2014 02:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Drive Manager.exe1.0.172.052b10a85ntdll.dll6.3.9600.1741554504b0dc00001a50004059f144401d00ff6e7532777C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exeC:\WINDOWS\SYSTEM32\ntdll.dllc9b3dbe0-7bea-11e4-bf31-fc4dd43a5e23

Error: (12/04/2014 02:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UNS.exe8.1.0.12815007060dntdll.dll6.3.9600.1741554504b0dc0000028000a609fb7c01d00ff78b036c96C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\WINDOWS\SYSTEM32\ntdll.dllc8c7d047-7bea-11e4-bf31-fc4dd43a5e23

Error: (12/04/2014 02:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UNS.exe8.1.0.12815007060dntdll.dll6.3.9600.1741554504b0dc00001a50004059fb7c01d00ff78b036c96C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\WINDOWS\SYSTEM32\ntdll.dllc8c0a921-7bea-11e4-bf31-fc4dd43a5e23


CodeIntegrity Errors:
===================================
  Date: 2014-12-04 14:16:41.983
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-30 08:48:08.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.684
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 08:48:08.590
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 36%
Total physical RAM: 4026.35 MB
Available physical RAM: 2552.21 MB
Total Pagefile: 8122.35 MB
Available Pagefile: 6068.37 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:921.55 GB) (Free:795.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6D26FB66)

Partition: GPT Partition Type.

==================== End Of Log ============================



#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:43 AM

Posted 06 December 2014 - 12:39 PM

Hi Eeger33.

 

In your log the TrendMicro Internet Security is gone, is Trend Micro enabled?

 

 

We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

 

  • Catalina Savings Printer

Additional instructions can be found here if needed.

 

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    [attachment=158946:Fixlist.txt]
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After the fix completed, please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 Eeger33

Eeger33
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  

Posted 06 December 2014 - 03:33 PM

Trend Internet Security icon appears in the taskbar box but Nothing happens when I click on it.   On a brighter note,

in researching today how to delete Uninstall programs based on your site's discussion thread,   Trend did pop up and Warn me

not to go to a particular suspicious download site.   So I took it's advice.    So let's say Trend is Barely doing its job.

 

Catalina did  not uninstall until I tried it in Safe Mode with Networking.  So it's gone. 

 

Other comments:     (1) Just as I finished FRST,  I have been getting repeated reminders from  WinPatrol that my PC wants to Automatically Download and Install 

     recommended Windows updates --- and over and over in the last 15 minutes I have Rejected the changes (until you say otherwise).

      (2)  I see the Adobe Flash Plug-in crashes every time my PC needs it.   For example,   I tried playing an instructional video linked

      to by your site's uninstall discussion thread and the video played, but without any sound, and my speaker volume was at maximum.

 

 

FRST log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2014 02
Ran by DAW at 2014-12-06 15:13:25 Run:1
Running from C:\Users\DAW\Desktop
Loaded Profile: DAW (Available profiles: DAW)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TaxACT 2013 - 1040 Edition Readme.lnk
ShortcutTarget: TaxACT 2013 - 1040 Edition Readme.lnk ->  (No File)
Startup: C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TaxACT 2013.lnk
ShortcutTarget: TaxACT 2013.lnk ->  (No File)
BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-01-09]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Homepage: https://startpage.com/
AlternateDataStreams: C:\Windows:nlsPreferences
*****************

C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TaxACT 2013 - 1040 Edition Readme.lnk => Moved successfully.
ShortcutTarget: TaxACT 2013 - 1040 Edition Readme.lnk ->  (No File) not found.
C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TaxACT 2013.lnk => Moved successfully.
ShortcutTarget: TaxACT 2013.lnk ->  (No File) not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}" => Key deleted successfully.
"HKCR\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} => value deleted successfully.
"HKCR\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{724d43a0-0d85-11d4-9908-00400523e39a} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a}" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc} => value deleted successfully.

"C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension" directory move:

Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome.manifest" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\install.rdf" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\defaults\preferences\options.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\TMTBProtocol.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\service_icon.gif" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\TMToolbar.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\close_pop.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\dotline.gif" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\icon_close.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\icon_gray.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\icon_green.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\icon_nolink.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\icon_red.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\icon_yellow.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\ic_tmlogo_web.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\overlay_background.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\red_bottom_left.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\red_bottom_right.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\red_top_left.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\red_top_right.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\trendlogo.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\webicon_gray.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\webicon_green.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\webicon_nolink.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\webicon_red.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\webicon_yellow.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\window_red.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\Tooltip\window_red_small.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\big_warning_icon.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\close_button.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\loading_32-d.gif" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\logo.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\nolink_icon.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\secure_icon.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\small_warning_icon.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\tip_tail.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\trademark.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\privacy_scan\warning_icon.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\images\trendlogo.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\skin\images\trendlogo_disable.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\zh-tw\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\zh-hk\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\zh-cn\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\vi-vn\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\tr-tr\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\th-th\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\sv-se\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\ru-ru\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\pt-br\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\nl-nl\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\nb-no\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\ko-kr\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\JA-JP\TMToolbar.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\JA-JP\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\it-it\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\id-id\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\fr-fr\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\fr-ca\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\es-es\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\en-US\TISProToolbar.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\en-US\TMToolbar.dtd" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\en-US\TMToolbar.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\en-US\TooltipFontsize.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\en-US\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\en-AU\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\default\TISProToolbar.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\default\TMToolbar.dtd" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\default\TMToolbar.properties" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\default\TooltipFontsize.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\default\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\de-de\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\locale\da-dk\TBMenuSearchResult\TISProToolbarLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\ExtensionProxy.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\TMTBFuncContentRating.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\TMTBLib.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\TMTBPrivacyScanner.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\TMTBPrivacyScannerJSLoader.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\TMTBPrivacyScannerWrapper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\TMTBPSPromotion.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\TMTBPSPromotionJSLoader.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\TMTBUrlManualScanner.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\tmtoolbar\content\TMToolbar.xul" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\PSPromotion\PSPromotionLib.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\PSPromotion\locale\en-US\PSPromotionLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\PSPromotion\locale\default\PSPromotionLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\PSPromotion\img\icon_close.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\PSPromotion\img\TM_logo.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\PSPromotion\css\PSPromotion.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\index.html" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\index_FirefoxAddon.html" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\index_IE.html" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\locale\en-US\PSLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\locale\en-US\img\product_name_Titanium.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\locale\default\PSLocalization.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\locale\default\img\product_name_Titanium.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\js\BrowserCompatible.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\js\InitL10N.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\js\jsLoader.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\js\L10NReader.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\js\3rd_party\jQuery-1.7.1.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\js\3rd_party\jquery.json-2.3.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\js\3rd_party\sprintf-0.6.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\arrow.gif" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\arrow.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\arrow_tip.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\arrow_tutorial.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\bg.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\Bg_weball.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\btn_arrow.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\btn_close.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\congrats_page.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\error_page.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\icon_close.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\icon_FB.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\icon_google+.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\icon_tips_info_s1.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\icon_twitter.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\ic_arrow_FB.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\ic_arrow_google+.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\ic_arrow_picasa.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\ic_arrow_twitter.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\ic_lang.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\ic_openarrow.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\ic_tmlogo_web.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\loading_24-r.gif" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\loading_48.gif" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\loading_48_red.gif" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\logo_PrivacyScanner.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\logo_TM.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\overlay_background.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\overlay_background_white.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\privacyscanner.ico" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\product_name_Titanium.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\shadowline.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\shadow_alertOverContentPage.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\img\submit_help.png" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\css\base.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\css\framework.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\css\ie7.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\css\overlay.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\css\page_tab.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\css\page_tabContent.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\css\reset.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\css\responsive.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\local_page\css\share.css" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\version.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Twitter\Constants.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Twitter\Fixer.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Twitter\FixerHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Twitter\OnShare.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Twitter\Scanner.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Twitter\ScannerHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\MFacebook\Constants.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\MFacebook\Fixer.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\MFacebook\FixerHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\MFacebook\Scanner.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\MFacebook\ScannerHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\GooglePlus\Constants.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\GooglePlus\Fixer.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\GooglePlus\FixerHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\GooglePlus\OnShare.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\GooglePlus\Scanner.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\GooglePlus\ScannerHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Facebook\Constants.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Facebook\Fixer.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Facebook\FixerHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Facebook\OnShare.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Facebook\Scanner.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSPattern\Facebook\ScannerHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSEngine\ContextHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSEngine\OnShareLib.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\PSEngine\PUtil.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\LocalPageEngine\constants.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\LocalPageEngine\dom_constructor.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\LocalPageEngine\extension_helper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\LocalPageEngine\trigger.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\LocalPageEngine\UI_helper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\LocalPageEngine\WebsiteHelper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\CommunicatorEngine\ContentCommuicator.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\CommunicatorEngine\ContentCommunicatorWrapper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\CommunicatorEngine\content_helper_common.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\CommunicatorEngine\content_helper_facebook.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\CommunicatorEngine\content_helper_googlePlus.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\CommunicatorEngine\content_helper_twitter.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\CommunicatorEngine\LocalCommunicator.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\PrivacyScanner\content_script\CommunicatorEngine\LocalCommunicatorWrapper.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProFacebook.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProGMailFull.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProGMailFull2.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProGMailHTML.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProGooglePlus.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProLinkedin.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProMixi.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProMyspace.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProPinterest.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProPrepareParse.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSina.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRBaidu.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRBiglobe.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRBing.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRBingKR.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRGoo.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRGoogle.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRGoogleTranslate.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRJPInfoSeek.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRMSNLive.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSROCN.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRYahooCN.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRYahooEN.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRYahooJP.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRYahooKR.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProSRYahooTW.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProTwitter.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProWMMSNLiveMailFull.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProWMMSNLiveMailSimple.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProWMYahooENClassic.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TISProWMYahooENDeluxe.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TMContentRating.ini" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\TMTBContentRatingUrlMatching.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CRPattern\version.ini" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CREngine\jQuery-1.7.1.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CREngine\jquery.json-2.3.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CREngine\TISProAlertFriendLib.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CREngine\TISProToolbarDefine.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CREngine\TISProToolbarFBPSLoader.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CREngine\TISProToolbarLib.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CREngine\TISProToolbarPRLoader.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CREngine\TISProToolbarUMSLoader.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\CREngine\TISProUrlManualScannerLib.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\3rd_party\jQuery-1.7.1.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\chrome\3rd_party\jquery.json-2.3.js" => Scheduled to move on reboot.
Could not move "C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension" directory. => Scheduled to move on reboot.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1670467332-2357784724-919192203-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Firefox homepage deleted successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.
 



#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:43 AM

Posted 08 December 2014 - 11:50 AM

Hi Eeger33.

 

Please follow this guide to remove Trend Micro Toolbar: http://www.trendsecure.com/online_docs/docloader.php?DOCID=TS-TBAR&DOCTAB=FAQ&DOCVER=TS5&DOCLOCALE=en-US

 

For windows update, you can allow Winpatrol to install them.

 

Please create new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 Eeger33

Eeger33
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  

Posted 08 December 2014 - 02:07 PM

I tried to use the method that the TrendMicro website link discussed (and I read other related topics at that website).   But nothing worked.    I cannot even start the Trend program from the desktop or the task bar.    Nothing happens, nothing starts up.

 

I did let Windows do the two security updates.    I skipped the Optional updates. 

 

Here's the FRST (no addition.txt, since you did not ask for it):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by DAW (administrator) on LENOVO-PC on 08-12-2014 13:55:58
Running from C:\Users\DAW\Desktop
Loaded Profile: DAW (Available profiles: DAW)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [26536 2012-08-06] ()
HKLM-x32\...\Run: [CTRegRun] => C:\windows\CTRegRun.EXE [41984 1999-10-10] (Creative Technology Ltd )
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Privatefirewall] => C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-10-13] (Glarysoft Ltd)
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\MountPoints2: {04f5481a-dd53-11e3-beae-fc4dd43a5e23} - "F:\GSLoader.exe"
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll (C-O-M-O-D-O)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1670467332-2357784724-919192203-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1670467332-2357784724-919192203-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> {E73DE8CF-9423-4A38-872B-52025D19BB23} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1670467332-2357784724-919192203-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.0.1313\1.6.1102\TmopIEPlg32.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

FireFox:
========
FF ProfilePath: C:\Users\DAW\AppData\Roaming\Mozilla\Firefox\Profiles\m8rjzhkj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\DAW\AppData\Roaming\Mozilla\Firefox\Profiles\m8rjzhkj.default\searchplugins\startpage-https.xml
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2014-11-19]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.6.15\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.6.15\coFFPlgn [2014-09-23]
FF HKU\S-1-5-21-1670467332-2357784724-919192203-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-07-05]

Chrome:
=======
CHR Profile: C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-01-15]
CHR Extension: (RoboForm) - C:\Users\DAW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-05-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2\ABService.exe [29912 2014-08-21] (AOMEI Tech Co., Ltd.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
S2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S3 FrAgent; C:\Program Files\Dayu\Disk Master Professional\Agent.exe [63720 2014-08-04] (DAYU Technology Co., Ltd.)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
S2 LBAEvent; C:\Program Files\Lenovo\LBAI\LBAEvent.exe [15520 2012-03-24] (Lenovo)
S2 Lenovo System Agent Service; C:\Program Files\lenovo\SystemAgent\SystemAgentService.exe [559504 2012-08-16] (LENOVO INCORPORATED.)
S4 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-08-01] (Nitro PDF Software)
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
S2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [59304 2012-08-06] (Lenovo)
S2 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [186280 2012-08-06] (Lenovo Group Limited)
S2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
S3 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
S3 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [75336 2014-07-14] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad -bt=0 [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2014-08-19] () [File not signed]
S2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [151480 2014-08-19] () [File not signed]
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [17008 2013-11-29] ()
S2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [17848 2014-08-19] () [File not signed]
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R0 bdisk; C:\Windows\System32\drivers\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
R0 CBUfs; C:\Windows\System32\drivers\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
R0 diskbckp; C:\Windows\System32\drivers\diskbckp.sys [39656 2014-08-04] (DAYU Technology Co., Ltd.)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2014-10-16] (Glarysoft Ltd)
R3 LBAI; C:\Windows\System32\Drivers\LBAI.sys [9600 2011-12-09] (Lenovo)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [96472 2014-11-24] (Malwarebytes Corporation)
S3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
S3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R0 reparse; C:\Windows\System32\DRIVERS\cbreparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-08-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-08-10] (Acronis)
S1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2013-07-10] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)
S2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [103712 2013-07-07] (Trend Micro Inc.)
R1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2013-12-12] ()
R1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2013-12-12] ()
R1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700680 2013-12-12] ()
R3 vdbus; C:\Windows\System32\drivers\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
R3 vDisk; C:\Windows\System32\drivers\vDisk.sys [236264 2014-08-04] (DAYU Technology Co., Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 13:55 - 2014-12-08 13:55 - 00000000 _____ () C:\Users\DAW\Desktop\FRST.txt
2014-12-08 13:52 - 2014-12-08 13:52 - 00001147 _____ () C:\Users\DAW\Desktop\FRST64.exe - Shortcut.lnk
2014-12-08 13:52 - 2014-12-08 13:52 - 00001147 _____ () C:\Users\DAW\Desktop\FRST64.exe - Shortcut (2).lnk
2014-12-08 13:14 - 2014-12-08 13:16 - 00016725 _____ () C:\HijackPatrol.log
2014-12-06 15:14 - 2014-12-06 15:26 - 00006052 _____ () C:\WINDOWS\RegBootClean64.CFG
2014-12-06 15:12 - 2014-12-06 15:12 - 00000000 ____D () C:\Users\DAW\Desktop\FRST-OlderVersion
2014-12-06 14:37 - 2014-12-06 14:37 - 00001064 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-12-06 14:37 - 2014-12-06 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-06 14:37 - 2014-12-06 14:37 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-06 14:37 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2014-12-06 14:22 - 2014-12-06 14:22 - 00000000 ____D () C:\Users\DAW\AppData\Local\VS Revo Group
2014-12-06 14:22 - 2014-12-06 14:22 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-06 14:19 - 2014-12-06 14:20 - 10691640 _____ (VS Revo Group ) C:\Users\DAW\Downloads\RevoUninProSetup.exe
2014-12-06 13:59 - 2014-12-06 13:59 - 00000296 _____ () C:\Users\DAW\Downloads\cc_20141206_135911.reg
2014-12-06 13:57 - 2014-12-06 13:58 - 00019516 _____ () C:\Users\DAW\Downloads\cc_20141206_135701.reg
2014-12-06 13:44 - 2014-12-06 13:44 - 00347816 _____ (Microsoft Corporation) C:\Users\DAW\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.1341318504305054.2.1.Run.exe
2014-12-04 15:06 - 2014-12-04 15:06 - 00038122 _____ () C:\Users\DAW\Downloads\Addition_1204.txt
2014-12-04 14:46 - 2014-12-04 14:47 - 00038122 _____ () C:\Users\DAW\Downloads\Addition.txt
2014-12-04 14:45 - 2014-12-04 14:48 - 00085455 _____ () C:\Users\DAW\Downloads\FRST.txt
2014-12-04 14:42 - 2014-12-04 14:43 - 02117632 _____ (Farbar) C:\Users\DAW\Desktop\FRST64.exe
2014-12-04 13:50 - 2014-12-04 13:50 - 00863592 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-12-04 13:20 - 2014-12-04 13:20 - 00001939 _____ () C:\Users\DAW\Desktop\Repair_Windows.exe - Shortcut.lnk
2014-12-04 13:12 - 2014-12-04 13:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-04 13:12 - 2014-12-04 13:12 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-04 12:56 - 2014-12-04 12:59 - 09817304 _____ () C:\Users\DAW\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-12-02 16:02 - 2014-12-04 12:45 - 00000000 ____D () C:\AdwCleaner
2014-12-02 15:37 - 2014-12-02 15:37 - 02154496 _____ () C:\Users\DAW\Desktop\AdwCleaner.exe
2014-12-02 15:27 - 2014-12-06 14:35 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-12-01 13:47 - 2014-12-01 13:47 - 00039089 _____ () C:\Users\DAW\Desktop\Addition.txt
2014-12-01 13:46 - 2014-12-08 13:55 - 00000000 ____D () C:\FRST
2014-12-01 13:46 - 2014-12-01 13:47 - 00084988 _____ () C:\Users\DAW\Desktop\FRST_Dec01.txt
2014-11-30 09:20 - 2014-11-30 09:20 - 00002290 _____ () C:\Users\DAW\Desktop\FSS_sfmdnet.txt
2014-11-30 09:07 - 2014-11-30 09:07 - 00002290 _____ () C:\Users\DAW\Desktop\OLDFSS.txt
2014-11-30 08:54 - 2014-11-30 08:54 - 00415232 _____ (Farbar) C:\Users\DAW\Desktop\FSS.exe
2014-11-29 19:09 - 2014-11-29 19:09 - 00688992 _____ (Swearware) C:\Users\DAW\Desktop\dds.com
2014-11-29 09:50 - 2014-11-29 09:50 - 00000056 _____ () C:\.directory
2014-11-27 14:13 - 2014-12-05 13:09 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-11-26 17:36 - 2014-11-26 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2014-11-26 17:35 - 2014-11-26 17:35 - 00001078 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-11-26 17:35 - 2014-11-26 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-11-26 17:35 - 2014-11-26 17:35 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-11-26 15:10 - 2014-11-26 15:10 - 00000000 ____D () C:\Users\DAW\barbar
2014-11-26 15:01 - 2014-11-26 15:01 - 00000000 __SHD () C:\Users\DAW\AppData\Local\EmieBrowserModeList
2014-11-26 14:59 - 2014-11-26 14:59 - 00000000 ____D () C:\ProgramData\UVK
2014-11-26 14:53 - 2014-11-26 17:36 - 00001803 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2014-11-26 14:53 - 2014-11-26 14:58 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2014-11-24 11:35 - 2014-11-24 11:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-24 11:34 - 2014-11-24 11:34 - 00000000 ____D () C:\Users\DAW\Desktop\mbar
2014-11-24 10:49 - 2014-11-24 10:49 - 02476596 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\HousecallLauncher64.exe
2014-11-24 09:46 - 2014-11-24 09:46 - 00001378 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-11-24 09:46 - 2014-11-24 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-11-24 09:14 - 2014-11-24 09:14 - 00019272 _____ () C:\Users\DAW\Downloads\cc_20141124_091358.reg
2014-11-24 09:14 - 2014-11-24 09:14 - 00001544 _____ () C:\Users\DAW\Downloads\cc_20141124_091436.reg
2014-11-23 16:12 - 2014-11-23 16:12 - 00000000 ____D () C:\Users\DAW\Downloads\log
2014-11-23 16:11 - 2014-11-23 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-11-23 16:11 - 2014-11-23 16:11 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-11-23 16:08 - 2014-11-23 16:08 - 00013283 _____ () C:\LENOVO-PC_2014.11.23-1607.42_b97d995f-08bc-4d2a-8506-9094b9158911_17905.zip
2014-11-23 16:07 - 2014-11-23 16:08 - 00000000 ____D () C:\Users\DAW\Downloads\TrendMicro AntiThreat Toolkit
2014-11-23 15:59 - 2014-11-23 15:59 - 32016388 _____ () C:\LENOVO-PC_2014.11.23-1552.39_b97d995f-08bc-4d2a-8506-9094b9158911_17907.zip
2014-11-23 15:03 - 2014-11-23 15:03 - 04831040 _____ () C:\LENOVO-PC_2014.11.23-1448.44_b97d995f-08bc-4d2a-8506-9094b9158911_10568.zip
2014-11-23 14:46 - 2014-11-23 14:46 - 00000044 _____ () C:\Users\DAW\Downloads\HJThis_Adsspy.txt
2014-11-23 14:37 - 2014-11-23 14:37 - 00013023 _____ () C:\Users\DAW\Downloads\PaulBun1123A.log
2014-11-23 14:23 - 2014-11-23 16:08 - 00000328 _____ () C:\Users\DAW\Downloads\TRScn1Line.txt
2014-11-23 13:58 - 2014-11-23 13:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\HolaMe.exe
2014-11-23 13:54 - 2014-11-23 13:55 - 05228804 _____ () C:\Users\DAW\Downloads\BknWshNDreye.zip
2014-11-23 13:49 - 2014-11-23 13:49 - 07890226 _____ () C:\LENOVO-PC_2014.11.23-1334.58_b97d995f-08bc-4d2a-8506-9094b9158911_10568.zip
2014-11-23 13:41 - 2014-11-23 13:49 - 48965584 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\zffl.exe
2014-11-23 13:41 - 2014-11-23 13:44 - 08578872 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\fartr.exe
2014-11-23 13:33 - 2014-11-23 13:37 - 25247888 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\SEnline.exe
2014-11-23 13:33 - 2014-11-23 13:34 - 04572080 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\kcoll.exe
2014-11-23 13:19 - 2014-11-23 13:27 - 73491536 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\cucooD.exe
2014-11-23 13:17 - 2014-11-23 13:18 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\DAW\Downloads\ARBeeSetup.exe
2014-11-23 13:16 - 2014-11-23 13:16 - 00001036 _____ () C:\Users\DAW\Downloads\1416766579.txt
2014-11-23 13:12 - 2014-11-23 16:12 - 00000000 ____D () C:\Users\DAW\Downloads\TMRBLog
2014-11-23 13:12 - 2014-11-23 13:12 - 00000000 ____D () C:\Users\DAW\Downloads\EmptyTrdlog
2014-11-23 13:09 - 2014-11-23 13:11 - 14861360 _____ (Trend Micro Inc.) C:\Users\DAW\Downloads\XRBV5.0-1180x64.exe
2014-11-23 11:36 - 2014-11-23 11:36 - 00001108 _____ () C:\Users\DAW\Documents\MY_DATA_112314_1.p2g
2014-11-23 11:11 - 2014-11-23 11:11 - 00053248 _____ () C:\Users\DAW\Documents\bitdefender_isocd.iso
2014-11-23 10:55 - 2014-11-23 14:09 - 00000000 ____D () C:\Users\DAW\Downloads\ISO
2014-11-23 10:36 - 2014-11-23 11:23 - 00000836 _____ () C:\Users\DAW\AppData\Roaming\burnaware.ini
2014-11-23 10:36 - 2014-11-23 10:36 - 00001077 _____ () C:\Users\Public\Desktop\BurnAware Free.lnk
2014-11-23 10:36 - 2014-11-23 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-11-23 10:36 - 2014-11-23 10:36 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free
2014-11-23 10:25 - 2014-11-23 10:26 - 07244992 _____ (Burnaware ) C:\Users\DAW\Downloads\burnaware_free.exe
2014-11-23 09:13 - 2014-11-23 09:13 - 00274912 _____ () C:\WINDOWS\Minidump\112314-72546-01.dmp
2014-11-23 09:11 - 2014-11-23 09:11 - 218738790 _____ () C:\WINDOWS\MEMORY.DMP
2014-11-22 18:03 - 2014-11-22 18:03 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\FixTDSS
2014-11-22 17:57 - 2014-11-22 17:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-22 16:46 - 2014-11-22 16:46 - 00002608 _____ () C:\Users\DAW\Desktop\Rkill_Nov22_T446pm.txt
2014-11-22 16:41 - 2014-11-22 16:42 - 00000855 _____ () C:\Users\DAW\Downloads\Stinger_22112014_164117.html
2014-11-22 16:37 - 2014-11-22 16:37 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-11-22 16:34 - 2014-11-22 16:34 - 00000512 _____ () C:\Users\DAW\Downloads\dmpdsk0nov22
2014-11-22 16:32 - 2014-11-22 16:34 - 00012413 _____ () C:\Users\DAW\Desktop\MBRCheck_11.22.14_16.32.34.txt
2014-11-22 16:29 - 2014-11-22 16:29 - 00001159 _____ () C:\Users\DAW\Documents\gmpass2A.log
2014-11-22 16:21 - 2014-11-22 16:21 - 00002608 _____ () C:\Users\DAW\Desktop\Rkill_1122T4pm.txt
2014-11-22 16:17 - 2014-11-22 16:17 - 00000000 ____D () C:\Program Files (x86)\Belarc
2014-11-22 14:27 - 2014-11-23 08:33 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-22 14:12 - 2014-11-22 16:45 - 00002608 _____ () C:\Users\DAW\Desktop\Rkill.txt
2014-11-22 11:57 - 2014-11-22 11:57 - 00024790 _____ () C:\Users\DAW\Documents\mercy3.log
2014-11-22 11:35 - 2014-11-22 11:35 - 00001359 _____ () C:\Users\DAW\Documents\mercyf.log
2014-11-22 11:33 - 2014-11-22 11:33 - 00001359 _____ () C:\Users\DAW\Documents\mercy1.log
2014-11-21 22:14 - 2014-11-23 08:33 - 00000000 ____D () C:\Users\DAW\Downloads\ClamWinPortable
2014-11-21 21:47 - 2014-11-23 08:33 - 00000000 ____D () C:\Users\DAW\Documents\PandaCloudCleaner-1
2014-11-21 19:42 - 2014-11-22 16:43 - 00000110 ___RH () C:\Users\DAW\Downloads\Stinger.opt
2014-11-21 19:32 - 2014-11-21 19:34 - 00000851 _____ () C:\Users\DAW\Downloads\Stinger_21112014_193250.html
2014-11-21 12:32 - 2014-11-23 11:45 - 00000000 ____D () C:\Users\DAW\Downloads\Icon Cache Rebuilder
2014-11-21 12:31 - 2014-11-21 12:31 - 00126756 _____ () C:\Users\DAW\Downloads\Icon Cache Rebuilder.zip
2014-11-21 12:18 - 2014-11-23 11:45 - 00000000 ____D () C:\Users\DAW\Downloads\winx-dvd-ripper-platinum-bf
2014-11-21 11:03 - 2014-11-21 11:07 - 37753327 _____ () C:\Users\DAW\Downloads\winx-dvd-ripper-platinum-bf.zip
2014-11-19 19:02 - 2014-11-19 19:02 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-19 18:51 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-19 18:50 - 2014-10-28 22:59 - 00014144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys
2014-11-19 18:50 - 2014-10-28 22:58 - 00014528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2014-11-19 18:50 - 2014-10-28 22:54 - 07474496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-19 18:50 - 2014-10-28 22:53 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-11-19 18:50 - 2014-10-28 22:52 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-19 18:50 - 2014-10-28 22:06 - 01499376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-11-19 18:50 - 2014-10-28 20:22 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-11-19 18:50 - 2014-10-15 03:32 - 02025792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-11-19 18:50 - 2014-09-24 22:42 - 00373568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-11-19 18:49 - 2014-10-28 23:04 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-19 18:49 - 2014-10-28 23:03 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-19 18:49 - 2014-10-28 22:59 - 00415040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-11-19 18:49 - 2014-10-28 22:58 - 01797944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2014-11-19 18:49 - 2014-10-28 22:57 - 01552704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-11-19 18:49 - 2014-10-28 22:57 - 00389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-11-19 18:49 - 2014-10-28 20:24 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-11-19 18:49 - 2014-10-28 20:14 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-11-19 18:49 - 2014-10-28 19:58 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-11-19 18:49 - 2014-10-15 03:32 - 00551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2014-11-19 18:49 - 2014-10-12 21:41 - 01114432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-11-19 18:49 - 2014-10-08 02:32 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-11-19 18:49 - 2014-10-07 01:44 - 00533824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2014-11-19 18:49 - 2014-07-04 16:29 - 00478528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2014-11-19 18:48 - 2014-10-28 22:59 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-11-19 18:48 - 2014-10-28 22:56 - 00089368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2014-11-19 18:48 - 2014-10-28 22:52 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-19 18:48 - 2014-10-28 22:52 - 00100672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2014-11-19 18:48 - 2014-10-28 22:51 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-11-19 18:48 - 2014-10-28 22:51 - 00179736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2014-11-19 18:48 - 2014-10-28 22:06 - 00080016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2014-11-19 18:48 - 2014-10-28 21:47 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2014-11-19 18:48 - 2014-10-28 21:46 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2014-11-19 18:48 - 2014-10-28 21:45 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pacer.sys
2014-11-19 18:48 - 2014-10-28 21:45 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rassstp.sys
2014-11-19 18:48 - 2014-10-28 21:14 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2014-11-19 18:48 - 2014-10-28 20:57 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2014-11-19 18:48 - 2014-10-28 20:57 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtp.dll
2014-11-19 18:48 - 2014-10-28 20:57 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpdMtpUS.dll
2014-11-19 18:48 - 2014-10-28 20:50 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2014-11-19 18:48 - 2014-10-28 20:22 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\sstpsvc.dll
2014-11-19 18:48 - 2014-10-28 20:20 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-11-19 18:48 - 2014-10-28 20:16 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2014-11-19 18:48 - 2014-10-28 20:10 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-11-19 18:48 - 2014-10-28 20:06 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2014-11-19 18:48 - 2014-10-28 19:56 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2014-11-19 18:48 - 2014-10-28 19:54 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-11-19 18:48 - 2014-10-28 19:51 - 03317248 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2014-11-19 18:48 - 2014-10-28 19:45 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2014-11-19 18:48 - 2014-10-28 19:35 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2014-11-19 18:48 - 2014-10-15 03:32 - 00088896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2014-11-19 18:48 - 2014-10-15 03:32 - 00061248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2014-11-19 18:48 - 2014-10-12 21:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-11-19 18:48 - 2014-10-12 21:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-11-19 18:48 - 2014-10-08 04:24 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-11-19 18:48 - 2014-10-07 01:54 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2014-11-19 18:48 - 2014-10-07 01:44 - 00102208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2014-11-19 18:48 - 2014-09-26 23:59 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-11-19 18:48 - 2014-08-25 22:30 - 00354112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-11-19 18:47 - 2014-10-28 22:59 - 00025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\streamci.dll
2014-11-19 18:47 - 2014-10-28 22:57 - 00027872 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2014-11-19 18:47 - 2014-10-28 22:56 - 00097048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2014-11-19 18:47 - 2014-10-28 22:56 - 00061208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2014-11-19 18:47 - 2014-10-28 22:56 - 00049944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2014-11-19 18:47 - 2014-10-28 22:53 - 00095048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2014-11-19 18:47 - 2014-10-28 22:51 - 00047024 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2014-11-19 18:47 - 2014-10-28 22:51 - 00033032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnsi.dll
2014-11-19 18:47 - 2014-10-28 22:51 - 00024800 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2014-11-19 18:47 - 2014-10-28 22:05 - 00026304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winnsi.dll
2014-11-19 18:47 - 2014-10-28 22:05 - 00020120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2014-11-19 18:47 - 2014-10-28 21:48 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2014-11-19 18:47 - 2014-10-28 21:48 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2014-11-19 18:47 - 2014-10-28 21:47 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2014-11-19 18:47 - 2014-10-28 21:47 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2014-11-19 18:47 - 2014-10-28 21:47 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc63.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2014-11-19 18:47 - 2014-10-28 21:46 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2014-11-19 18:47 - 2014-10-28 21:46 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbGD.sys
2014-11-19 18:47 - 2014-10-28 21:45 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2014-11-19 18:47 - 2014-10-28 21:45 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-11-19 18:47 - 2014-10-28 21:45 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2014-11-19 18:47 - 2014-10-28 21:44 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2014-11-19 18:47 - 2014-10-28 21:43 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2014-11-19 18:47 - 2014-10-28 21:43 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2014-11-19 18:47 - 2014-10-28 21:43 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2014-11-19 18:47 - 2014-10-28 21:42 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2014-11-19 18:47 - 2014-10-28 21:42 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\umdmxfrm.dll
2014-11-19 18:47 - 2014-10-28 21:42 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2014-11-19 18:47 - 2014-10-28 21:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshnetbs.dll
2014-11-19 18:47 - 2014-10-28 21:41 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\serwvdrv.dll
2014-11-19 18:47 - 2014-10-28 21:41 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshirda.dll
2014-11-19 18:47 - 2014-10-28 21:41 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIRCoInst.dll
2014-11-19 18:47 - 2014-10-28 21:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2014-11-19 18:47 - 2014-10-28 21:36 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\traffic.dll
2014-11-19 18:47 - 2014-10-28 21:36 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bridgeunattend.exe
2014-11-19 18:47 - 2014-10-28 21:34 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2014-11-19 18:47 - 2014-10-28 21:33 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetVscCoinstall.dll
2014-11-19 18:47 - 2014-10-28 21:33 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmdCoinstall.dll
2014-11-19 18:47 - 2014-10-28 21:33 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2014-11-19 18:47 - 2014-10-28 21:17 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbGDCoInstaller.dll
2014-11-19 18:47 - 2014-10-28 21:11 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2014-11-19 18:47 - 2014-10-28 21:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\brdgcfg.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2014-11-19 18:47 - 2014-10-28 20:58 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\umdmxfrm.dll
2014-11-19 18:47 - 2014-10-28 20:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshrm.dll
2014-11-19 18:47 - 2014-10-28 20:57 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\serwvdrv.dll
2014-11-19 18:47 - 2014-10-28 20:57 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshirda.dll
2014-11-19 18:47 - 2014-10-28 20:56 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\irclass.dll
2014-11-19 18:47 - 2014-10-28 20:53 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\traffic.dll
2014-11-19 18:47 - 2014-10-28 20:51 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2014-11-19 18:47 - 2014-10-28 20:33 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2014-11-19 18:47 - 2014-10-28 20:29 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2014-11-19 18:47 - 2014-10-28 20:28 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshqos.dll
2014-11-19 18:47 - 2014-10-28 20:28 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2014-11-19 18:47 - 2014-10-28 20:27 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhapi.dll
2014-11-19 18:47 - 2014-10-28 20:27 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2014-11-19 18:47 - 2014-10-28 20:20 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2014-11-19 18:47 - 2014-10-28 20:05 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshqos.dll
2014-11-19 18:47 - 2014-10-28 20:05 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2014-11-19 18:47 - 2014-10-28 19:58 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootim.exe
2014-11-19 18:47 - 2014-10-15 03:32 - 00921920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2014-11-19 18:47 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-11-19 18:47 - 2014-10-12 21:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-11-19 18:47 - 2014-10-07 01:54 - 00324928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-11-19 18:47 - 2014-10-07 01:54 - 00189248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2014-11-19 18:47 - 2014-10-07 01:54 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2014-11-19 18:47 - 2014-10-07 01:44 - 00069952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2014-11-19 18:47 - 2014-10-06 22:30 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2014-11-19 18:47 - 2014-10-06 22:29 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2014-11-19 18:47 - 2014-10-06 22:29 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2014-11-19 18:47 - 2014-10-06 22:29 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2014-11-19 18:01 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-19 18:01 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-19 18:01 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-19 18:01 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-19 16:32 - 2014-11-23 12:08 - 00000000 ____D () C:\Users\DAW\AppData\Local\Archiver 2014
2014-11-19 16:31 - 2014-11-19 16:31 - 00000795 _____ () C:\Users\Public\Desktop\Archiver.lnk
2014-11-18 12:11 - 2014-11-29 10:55 - 00000000 ____D () C:\Program Files\Archiver
2014-11-18 12:11 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Archiver
2014-11-15 20:44 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-15 20:44 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-15 20:44 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-15 20:44 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-15 20:44 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-15 20:44 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-15 20:44 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-15 20:44 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-15 20:44 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-15 20:44 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-15 20:44 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-15 20:44 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-15 20:44 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-15 20:44 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-15 20:44 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-15 20:44 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-15 20:44 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-15 20:44 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-15 20:44 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-15 20:44 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-15 20:44 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-15 20:44 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-15 20:44 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-15 20:44 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-15 20:44 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-15 20:44 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-15 20:44 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-15 20:44 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-15 20:44 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-15 20:44 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-15 20:44 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-15 20:44 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-15 20:44 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-15 20:44 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-15 20:44 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-15 20:44 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-15 20:44 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-15 20:44 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-15 20:44 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-15 20:44 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-15 20:44 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-15 20:44 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-15 20:44 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-15 20:44 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-15 20:44 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-15 20:44 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-15 20:44 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-15 20:44 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-15 20:44 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-15 20:44 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-15 20:44 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-15 20:44 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-15 20:44 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-15 20:44 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-15 20:44 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-15 20:44 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-15 20:44 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-15 20:44 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-15 20:44 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-15 20:44 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-15 20:44 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-15 20:44 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-15 20:44 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-15 20:44 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-15 20:44 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-15 20:44 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-15 20:44 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-15 20:44 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-15 20:44 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-15 20:44 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-15 20:44 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 20:44 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-15 20:44 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-15 20:44 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-15 20:44 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-15 20:44 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-15 20:44 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-15 20:44 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-15 20:44 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-15 20:44 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-15 20:44 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-15 20:44 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-15 20:44 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-15 20:44 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-15 20:44 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-15 20:44 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-15 20:44 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-15 20:44 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-15 20:44 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-15 20:44 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-15 20:44 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-15 20:44 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-15 20:40 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-15 20:40 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-15 20:40 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-15 20:40 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-15 20:40 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-15 20:40 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-15 20:40 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-15 20:37 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-15 20:37 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-15 20:37 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-15 20:37 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-15 20:37 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-15 20:37 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-15 20:37 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-15 20:37 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-15 20:37 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-15 20:37 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-15 20:37 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-15 20:37 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-15 20:37 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-15 20:37 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-15 20:37 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-15 20:37 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-15 20:37 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-15 20:37 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-15 20:37 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-15 20:37 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-15 20:37 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-15 20:37 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-15 20:37 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-15 20:37 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-15 20:35 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-15 20:35 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-15 20:35 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-15 20:35 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-15 20:35 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-15 20:35 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-15 20:35 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-15 20:35 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-15 20:35 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-15 20:35 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-15 20:35 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-15 20:35 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-15 20:35 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-15 20:35 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-15 20:35 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-15 20:34 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-15 20:34 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-15 20:34 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-15 20:34 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-15 20:34 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-15 20:34 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-15 20:34 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-15 20:34 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-15 20:34 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-15 20:34 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-15 20:34 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-15 20:34 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-15 20:34 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-15 20:34 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-15 20:34 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-15 20:34 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-15 20:34 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-11 19:09 - 2014-11-11 19:09 - 00002098 _____ () C:\Users\DAW\Desktop\VirusTotal Uploader 2.2.lnk
2014-11-11 19:08 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2
2014-11-11 19:07 - 2014-11-11 19:07 - 00142744 _____ () C:\Users\DAW\Downloads\vtuploader2.2.exe
2014-11-10 22:38 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 19:41 - 2014-11-23 12:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 5
2014-11-08 19:41 - 2014-11-23 11:44 - 00000000 ____D () C:\Users\DAW\AppData\Local\Cyberlink
2014-11-08 19:41 - 2014-11-08 19:41 - 00002067 _____ () C:\Users\Public\Desktop\CyberLink PhotoDirector 5 (64-bit).lnk
2014-11-08 19:39 - 2014-11-23 11:43 - 00000000 ____D () C:\Program Files\CyberLink
2014-11-08 19:37 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\install_clap
2014-11-08 19:05 - 2014-11-08 19:05 - 00000000 ____D () C:\ProgramData\complexbackup
2014-11-08 18:58 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup and Recovery™ 14 Compact
2014-11-08 18:58 - 2014-11-08 18:58 - 00002369 _____ () C:\Users\Public\Desktop\Paragon Backup and Recovery™ 14 Compact.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 13:53 - 2014-07-17 06:01 - 01152225 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-08 13:53 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-08 13:51 - 2014-03-18 05:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-08 13:49 - 2014-07-27 08:19 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD850610-F9D3-4C5E-9514-08DD5A833AB3}
2014-12-08 13:48 - 2014-06-22 10:02 - 00000348 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2014-12-08 13:48 - 2014-06-22 10:02 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-12-08 13:47 - 2013-12-30 13:07 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 13:47 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-08 13:33 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-08 13:03 - 2013-12-15 22:14 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1670467332-2357784724-919192203-1001
2014-12-08 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-08 12:58 - 2014-05-03 07:38 - 01820160 ___SH () C:\Users\DAW\Desktop\Thumbs.db
2014-12-08 12:58 - 2013-12-30 13:07 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 12:35 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-08 12:11 - 2014-06-11 07:43 - 00000000 _____ () C:\WINDOWS\DCEBOOT.LOG
2014-12-06 15:26 - 2014-06-10 15:48 - 00231960 _____ () C:\WINDOWS\RegBootClean64.exe
2014-12-06 15:26 - 2014-06-10 15:48 - 00021528 _____ () C:\WINDOWS\DCEBoot64.exe
2014-12-06 13:28 - 2013-12-15 22:50 - 00000000 ____D () C:\Users\DAW\AppData\Local\CrashDumps
2014-12-06 13:21 - 2013-12-23 20:55 - 00000000 ____D () C:\Users\DAW\Documents\My Screen Captures
2014-12-04 14:15 - 2014-03-18 04:54 - 00130272 _____ () C:\WINDOWS\PFRO.log
2014-12-04 14:15 - 2013-12-03 21:32 - 00000000 ____D () C:\WINDOWS\CSC
2014-12-04 14:15 - 2013-08-22 09:44 - 00369664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-04 14:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-04 13:57 - 2013-08-22 08:25 - 00000128 _____ () C:\WINDOWS\win.ini
2014-12-02 15:26 - 2014-05-02 17:58 - 05492736 ___SH () C:\Users\DAW\Downloads\Thumbs.db
2014-11-30 08:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-26 17:38 - 2013-12-16 20:04 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Mozilla
2014-11-26 17:38 - 2013-08-22 08:25 - 00000795 _____ () C:\WINDOWS\system32\Drivers\etc\hosts_bak_918
2014-11-26 15:10 - 2014-07-17 05:49 - 00000000 ____D () C:\Users\DAW
2014-11-26 13:43 - 2013-08-22 09:46 - 00321330 _____ () C:\WINDOWS\setupact.log
2014-11-24 11:39 - 2014-06-28 08:44 - 00135384 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 11:35 - 2014-06-28 08:44 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-11-24 10:53 - 2014-01-09 16:55 - 00000036 _____ () C:\Users\DAW\AppData\Local\housecall.guid.cache
2014-11-24 10:10 - 2014-09-02 18:12 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper Professional Edition 2.0.2
2014-11-24 10:10 - 2014-07-25 19:34 - 00001024 ____H () C:\SYSTAG.BIN
2014-11-24 10:10 - 2014-07-25 19:32 - 00000082 _____ () C:\WINDOWS\SysWOW64\winsevr.dat
2014-11-24 10:09 - 2014-01-09 16:58 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-11-23 17:23 - 2014-02-12 19:14 - 00000000 ____D () C:\Program Files (x86)\Opera Next
2014-11-23 16:14 - 2014-07-05 10:14 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-11-23 13:12 - 2014-01-09 16:59 - 00305832 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-11-23 12:10 - 2014-03-18 04:46 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents
2014-11-23 12:10 - 2014-03-18 04:46 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\ras
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MSDRM
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\icsxml
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Bthprops
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\ras
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\MSDRM
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\icsxml
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Bthprops
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system\Speech
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\L2Schemas
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\addins
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-23 12:10 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-23 12:10 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-11-23 12:08 - 2014-11-04 20:37 - 00000000 ____D () C:\Program Files (x86)\PasswordsPro
2014-11-23 12:08 - 2014-11-02 16:21 - 00000000 ____D () C:\Users\DAW\Downloads\ProcessExplorer
2014-11-23 12:08 - 2014-10-31 08:32 - 00000000 ____D () C:\Program Files (x86)\MiniTool Power Data Recovery - Bootable Media Builder
2014-11-23 12:08 - 2014-10-16 13:47 - 00000000 ____D () C:\Program Files (x86)\Kryptel
2014-11-23 12:08 - 2014-09-29 08:07 - 00000000 ____D () C:\Program Files (x86)\Zoom Player
2014-11-23 12:08 - 2014-09-14 19:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.1
2014-11-23 12:08 - 2014-09-11 08:51 - 00000000 ____D () C:\Program Files (x86)\4Card Recovery
2014-11-23 12:08 - 2014-09-02 13:38 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-11-23 12:08 - 2014-09-01 21:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-23 12:08 - 2014-08-12 17:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disk Master Professional
2014-11-23 12:08 - 2014-08-10 16:33 - 00000000 ____D () C:\Program Files (x86)\Seagate File Recovery for Windows
2014-11-23 12:08 - 2014-08-10 08:02 - 00000000 ____D () C:\Program Files (x86)\SoftMaker Viewer
2014-11-23 12:08 - 2014-08-07 10:44 - 00000000 ____D () C:\Program Files (x86)\AOMEI Partition Assistant Pro Edition 5.5
2014-11-23 12:08 - 2014-07-18 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-11-23 12:08 - 2014-07-18 19:50 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-11-23 12:08 - 2014-07-01 20:29 - 00000000 ____D () C:\Program Files\WOT
2014-11-23 12:08 - 2014-06-28 08:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 12:08 - 2014-06-12 10:20 - 00000000 ____D () C:\Program Files\MPC-HC
2014-11-23 12:08 - 2014-03-17 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-23 12:08 - 2014-03-12 10:45 - 00000000 ____D () C:\Users\DAW\AppData\Local\Amazon Cloud Player
2014-11-23 12:08 - 2014-01-09 17:26 - 00000000 ____D () C:\Program Files\Recuva
2014-11-23 12:08 - 2013-12-21 18:49 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Hard Disk Sentinel
2014-11-23 12:08 - 2013-12-21 18:49 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2014-11-23 12:08 - 2013-12-16 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-23 12:08 - 2013-12-15 23:05 - 00000000 ____D () C:\Program Files (x86)\PrtScr
2014-11-23 12:08 - 2013-12-03 21:34 - 00000000 ____D () C:\Program Files (x86)\SugarSync
2014-11-23 12:08 - 2013-12-03 21:33 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-11-23 12:08 - 2013-12-03 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-11-23 12:08 - 2013-12-03 21:32 - 00000000 ____D () C:\Program Files\Intel
2014-11-23 12:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2014-11-23 12:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2014-11-23 12:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\System
2014-11-23 12:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2014-11-23 11:49 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-23 11:48 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2014-11-23 11:47 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-23 11:45 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-23 11:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME
2014-11-23 11:44 - 2014-09-25 11:37 - 00000000 ____D () C:\Users\DAW\AppData\Local\Downloaded Installations
2014-11-23 11:44 - 2014-06-04 16:18 - 00000000 ____D () C:\ProgramData\Temp
2014-11-23 11:44 - 2014-03-18 04:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-23 11:44 - 2013-12-16 20:04 - 00000000 ____D () C:\Users\DAW\AppData\Local\Mozilla
2014-11-23 11:43 - 2014-09-25 12:35 - 00000000 ____D () C:\Program Files\Paragon Software
2014-11-23 11:43 - 2013-12-03 21:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-23 11:43 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-23 11:39 - 2014-03-29 11:18 - 00000000 ____D () C:\ProgramData\CyberLink
2014-11-23 11:31 - 2014-08-12 14:46 - 00000000 ____D () C:\Users\Public\CyberLink
2014-11-23 09:13 - 2014-07-29 11:12 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-23 08:08 - 2014-09-29 08:00 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-11-23 08:08 - 2013-12-22 20:25 - 00000000 ____D () C:\Users\DAW\AppData\Roaming\Foxit Software
2014-11-23 07:44 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-11-22 13:12 - 2014-09-02 16:00 - 01736704 ___SH () C:\Users\DAW\Documents\Thumbs.db
2014-11-21 17:00 - 2013-12-16 00:13 - 00007610 _____ () C:\Users\DAW\AppData\Local\resmon.resmoncfg
2014-11-20 15:51 - 2013-08-22 10:38 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-20 15:51 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-19 19:03 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-11-19 19:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2014-11-19 19:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-19 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2014-11-19 19:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-11-19 11:42 - 2014-09-27 08:38 - 00000000 ____D () C:\Users\DAW\AppData\Local\Clarus
2014-11-16 14:21 - 2013-12-20 09:18 - 00000000 ____D () C:\Users\DAW\AppData\Local\Adobe
2014-11-15 20:48 - 2013-12-16 19:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-15 20:45 - 2013-12-16 19:25 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-15 18:53 - 2013-12-30 13:07 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 18:53 - 2013-12-30 13:07 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:25 - 2014-09-01 21:53 - 00001024 ____H () C:\AMTAG.BIN

Some content of TEMP:
====================
C:\Users\DAW\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\DAW\AppData\Local\Temp\Quarantine.exe
C:\Users\DAW\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-08 13:03

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users