Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows defender wont turn on


  • This topic is locked This topic is locked
16 replies to this topic

#1 kikoman51

kikoman51

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 12 April 2015 - 09:50 PM

Tried to turn on windows defender services, access denied. Tried to turn it on in security center and it sends me to my systems 32 folder. Tried to search around for a couple hours with no luck in fixing it.



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 PM

Posted 13 April 2015 - 02:38 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 2

Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Edited by deeprybka, 13 April 2015 - 02:39 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 kikoman51

kikoman51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 13 April 2015 - 03:22 PM

Step 1

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by DamonLi (administrator) on IDEA-PC on 13-04-2015 16:15:51
Running from C:\Users\DamonLi\Downloads
Loaded Profiles: DamonLi (Available profiles: DamonLi & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Scarlet.Crush Productions) C:\Scarlet\bin\ScpService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\puush\puush.exe
(Flux Software LLC) C:\Users\DamonLi\AppData\Local\FluxSoftware\Flux\flux.exe
(BitTorrent Inc.) C:\Users\DamonLi\AppData\Roaming\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\DamonLi\Desktop\TSMApplication.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M60 Mouse\CorsTra.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\DamonLi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6346312 2013-03-06] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [677104 2013-03-08] (Synaptics)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-03-14] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-07-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-07-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-08] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-03-12] (Razer Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Corsair M60 Mouse] => C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe [1766912 2013-06-05] (Corsair Components  Inc)
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\Run: [f.lux] => C:\Users\DamonLi\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\Run: [iFunBox Price Watch] => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe [7440384 2014-10-15] (i-Funbox.com)
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\Run: [uTorrent] => C:\Users\DamonLi\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-16] (BitTorrent Inc.)
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6780256 2014-12-16] (Binary Fortress Software)
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\Run: [TSMApplication] => C:\Users\DamonLi\Desktop\TSMApplication.exe [16901120 2015-04-05] ()
Startup: C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-394484410-1524753058-406091518-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKU\S-1-5-21-394484410-1524753058-406091518-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-394484410-1524753058-406091518-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-394484410-1524753058-406091518-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\S-1-5-21-394484410-1524753058-406091518-1003 -> DefaultScope {F8B857F6-1EA9-4F93-80FF-DD29E313501C} URL = 
SearchScopes: HKU\S-1-5-21-394484410-1524753058-406091518-1003 -> {F8B857F6-1EA9-4F93-80FF-DD29E313501C} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-23] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-05] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-05] (Oracle Corporation)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Tcpip\..\Interfaces\{E7A6B522-FF3B-4B8C-BBE3-67C5FCA04AEC}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F29E84CF-90CB-4ED9-B292-B1F4246CAA01}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-394484410-1524753058-406091518-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\DamonLi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.ca/
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzuyCzztCyBtBzytBzzyBtBzzyEyE0F0FzytN0D0Tzu0SyByByEtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1674231545&ir="
CHR Profile: C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-03-30]
CHR Extension: (Google Docs) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]
CHR Extension: (Google Drive) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]
CHR Extension: (YouTube) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]
CHR Extension: (Adblock Plus) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-07]
CHR Extension: (Google Search) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]
CHR Extension: (AdBlock) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-07]
CHR Extension: (Hola Better Internet) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-11-29]
CHR Extension: (IE Tab) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-10-24]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-11-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]
CHR Extension: (Gmail) - C:\Users\DamonLi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-03-01] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3075440 2014-12-16] (Binary Fortress Software)
R2 Ds3Service; C:\Scarlet\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-06-18] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-29] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-12] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816656 2014-06-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-12-09] (Disc Soft Ltd)
R1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [30752 2013-12-03] (EldoS Corporation)
S3 Lycosa; C:\Windows\system32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243144 2013-03-06] (Realtek Semiconductor Corp.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [129600 2015-03-03] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-08] (Synaptics Incorporated)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-12] (Microsoft Corporation)
R3 WIMBLEMS; C:\Windows\system32\drivers\WIMBLEMS.sys [25600 2012-03-27] ( )
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 16:15 - 2015-04-13 16:16 - 00027201 _____ () C:\Users\DamonLi\Downloads\FRST.txt
2015-04-13 16:15 - 2015-04-13 16:15 - 00415232 _____ (Farbar) C:\Users\DamonLi\Downloads\FSS.exe
2015-04-13 16:15 - 2015-04-13 16:15 - 00000000 ____D () C:\FRST
2015-04-13 16:14 - 2015-04-13 16:14 - 02096640 _____ (Farbar) C:\Users\DamonLi\Downloads\FRST64.exe
2015-04-13 16:08 - 2015-04-13 16:08 - 00003758 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-04-13 16:04 - 2015-04-13 16:05 - 00000231 _____ () C:\WINDOWS\setupact.log
2015-04-13 16:04 - 2015-04-13 16:04 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-13 16:03 - 2015-04-13 16:03 - 00000372 _____ () C:\WINDOWS\PFRO.log
2015-04-13 06:11 - 2015-04-13 16:13 - 00128071 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-12 22:10 - 2015-04-13 16:06 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 22:10 - 2015-04-12 22:10 - 00001141 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-12 22:10 - 2015-04-12 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-12 22:10 - 2015-04-12 22:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-12 22:10 - 2015-04-12 22:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-12 22:10 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-12 22:10 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-12 22:10 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-12 22:09 - 2015-04-12 22:10 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\DamonLi\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-12 21:52 - 2015-03-04 17:24 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-12 21:52 - 2015-03-04 17:24 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 21:46 - 2015-04-12 21:46 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-12 21:41 - 2015-04-12 21:41 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-04-12 21:29 - 2015-04-12 21:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-12 20:46 - 2015-04-12 20:46 - 11231944 _____ (ESET) C:\Users\DamonLi\Downloads\avremover_nt64_enu.exe
2015-04-12 20:03 - 2015-04-12 20:03 - 00009654 _____ () C:\WINDOWS\SysWOW64\CartSdkTestLog.csv
2015-04-12 19:56 - 2015-04-12 19:56 - 01032740 _____ () C:\Users\DamonLi\Downloads\vrm5.exe
2015-04-12 17:35 - 2015-04-12 17:35 - 00002249 _____ () C:\Users\DamonLi\Desktop\Skype for desktop.lnk
2015-04-12 17:35 - 2015-04-12 17:35 - 00001107 _____ () C:\Users\DamonLi\Desktop\Battle.net.lnk
2015-04-12 17:35 - 2015-04-12 17:35 - 00000794 _____ () C:\Users\DamonLi\Desktop\Grisaia no Kajitsu.lnk
2015-04-12 17:33 - 2015-04-13 16:13 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\ClassicShell
2015-04-12 17:33 - 2015-04-12 17:33 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\ClassicShell
2015-04-12 17:32 - 2015-04-12 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-04-12 17:32 - 2015-04-12 17:32 - 00000000 ____D () C:\Program Files\Classic Shell
2015-04-12 17:28 - 2015-04-12 17:28 - 06590656 _____ (IvoSoft) C:\Users\DamonLi\Downloads\ClassicShellSetup_4_2_1.exe
2015-04-12 15:08 - 2015-04-12 15:08 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\Deployment
2015-04-12 00:56 - 2015-04-12 20:16 - 00000000 ___DC () C:\WINDOWS\Panther
2015-04-12 00:56 - 2015-04-12 00:56 - 00000000 __SHD () C:\Recovery
2015-04-12 00:54 - 2015-04-12 00:54 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-04-12 00:54 - 2015-04-12 00:54 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-04-12 00:54 - 2015-04-12 00:54 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-04-12 00:54 - 2015-04-12 00:54 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-04-12 00:54 - 2015-04-12 00:54 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-04-12 00:54 - 2015-04-12 00:54 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-04-12 00:54 - 2015-04-12 00:54 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-04-12 00:54 - 2015-04-12 00:54 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-04-12 00:54 - 2015-04-12 00:54 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-04-12 00:53 - 2015-04-12 00:53 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-12 00:53 - 2015-04-12 00:53 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-04-12 00:53 - 2015-04-12 00:53 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-04-12 00:53 - 2015-04-12 00:53 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-04-12 00:53 - 2015-04-12 00:53 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-04-12 00:53 - 2015-04-12 00:53 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-04-12 00:52 - 2015-04-12 20:07 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-12 00:52 - 2015-04-12 00:52 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-12 00:52 - 2015-04-12 00:52 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-04-12 00:52 - 2015-04-12 00:52 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-04-12 00:52 - 2015-04-12 00:52 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-04-12 00:52 - 2015-04-12 00:52 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-04-12 00:52 - 2015-04-12 00:52 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-04-12 00:52 - 2015-04-12 00:52 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-04-12 00:52 - 2015-04-12 00:52 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-04-12 00:52 - 2015-04-12 00:52 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-04-12 00:52 - 2015-04-12 00:52 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-04-12 00:52 - 2015-04-12 00:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-04-12 00:52 - 2015-04-12 00:52 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-04-12 00:52 - 2015-04-12 00:52 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-12 00:51 - 2015-04-12 00:51 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-04-12 00:51 - 2015-04-12 00:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-04-12 00:51 - 2015-04-12 00:51 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-12 00:51 - 2015-04-12 00:51 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-04-12 00:51 - 2015-04-12 00:51 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-04-12 00:51 - 2015-04-12 00:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-04-12 00:50 - 2015-04-12 00:50 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-04-12 00:50 - 2015-04-12 00:50 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-04-12 00:50 - 2015-04-12 00:50 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-04-12 00:49 - 2015-04-12 00:49 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-04-12 00:49 - 2015-04-12 00:49 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-04-12 00:49 - 2015-04-12 00:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-12 00:49 - 2015-04-12 00:49 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-04-12 00:49 - 2015-04-12 00:49 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-04-12 00:49 - 2015-04-12 00:49 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-04-12 00:49 - 2015-04-12 00:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-04-12 00:49 - 2015-04-12 00:49 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-04-12 00:49 - 2015-04-12 00:49 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-04-12 00:49 - 2015-04-12 00:49 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-04-12 00:48 - 2015-04-12 00:48 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-04-12 00:48 - 2015-04-12 00:48 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-04-12 00:48 - 2015-04-12 00:48 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-04-12 00:48 - 2015-04-12 00:48 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-04-12 00:48 - 2015-04-12 00:48 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-04-12 00:48 - 2015-04-12 00:48 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-04-12 00:48 - 2015-04-12 00:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-04-12 00:48 - 2015-04-12 00:48 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-04-12 00:48 - 2015-04-12 00:48 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-04-12 00:48 - 2015-04-12 00:48 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-04-12 00:48 - 2015-04-12 00:48 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-04-12 00:47 - 2015-04-12 00:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-12 00:47 - 2015-04-12 00:47 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-04-12 00:47 - 2015-04-12 00:47 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-04-12 00:47 - 2015-04-12 00:47 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-04-12 00:47 - 2015-04-12 00:47 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-04-12 00:47 - 2015-04-12 00:47 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-12 00:47 - 2015-04-12 00:47 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-04-12 00:47 - 2015-04-12 00:47 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-04-12 00:47 - 2015-04-12 00:47 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-04-12 00:43 - 2015-04-12 00:43 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-04-12 00:43 - 2015-04-12 00:43 - 00000000 ____D () C:\Program Files\MSBuild
2015-04-12 00:43 - 2015-04-12 00:43 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-04-12 00:43 - 2015-04-11 21:19 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-12 00:42 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-04-12 00:42 - 2013-08-03 00:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-12 00:42 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-04-12 00:42 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-11 23:34 - 2015-03-10 22:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-11 23:34 - 2015-03-10 18:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-11 23:34 - 2015-03-10 18:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-11 23:34 - 2015-03-10 18:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-11 23:34 - 2015-03-10 18:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-11 23:34 - 2015-03-10 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-11 23:34 - 2015-03-10 18:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-11 23:34 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-11 23:27 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-04-11 23:27 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-04-11 23:25 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-04-11 23:25 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2015-04-11 23:12 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-04-11 23:12 - 2014-11-09 19:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-04-11 23:12 - 2014-11-09 19:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-04-11 23:12 - 2014-11-09 19:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-11 23:12 - 2014-11-09 19:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-11 23:08 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-04-11 23:08 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-04-11 22:13 - 2015-04-11 22:13 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\RzStats
2015-04-11 22:02 - 2015-04-11 22:02 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-11 22:00 - 2015-04-13 16:06 - 00000000 ___RD () C:\Users\DamonLi\OneDrive
2015-04-11 21:57 - 2015-04-11 21:57 - 00001776 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-11 21:57 - 2015-04-11 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-11 21:56 - 2015-04-11 21:57 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-11 21:56 - 2015-04-11 21:57 - 00000000 ____D () C:\Program Files\iTunes
2015-04-11 21:56 - 2015-04-11 21:56 - 00000000 ____D () C:\Program Files\iPod
2015-04-11 21:56 - 2015-04-11 21:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-11 21:45 - 2015-04-11 21:45 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-04-11 21:44 - 2013-08-22 08:40 - 00040664 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2015-04-11 21:43 - 2015-04-11 21:43 - 00001453 _____ () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-11 21:42 - 2015-04-11 21:42 - 00000020 ___SH () C:\Users\DamonLi\ntuser.ini
2015-04-11 21:39 - 2015-04-11 21:39 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-04-11 21:23 - 2015-04-11 21:23 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-11 21:23 - 2015-04-11 21:23 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-11 21:23 - 2015-04-11 21:23 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-04-11 21:23 - 2015-04-11 21:23 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-11 21:23 - 2015-04-11 21:23 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-04-11 21:12 - 2015-04-11 21:12 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-04-11 21:11 - 2015-04-11 21:40 - 00032388 _____ () C:\WINDOWS\diagwrn.xml
2015-04-11 21:11 - 2015-04-11 21:40 - 00032388 _____ () C:\WINDOWS\diagerr.xml
2015-04-11 21:10 - 2015-04-11 22:00 - 00000000 ____D () C:\Users\DamonLi
2015-04-11 21:10 - 2015-04-11 21:35 - 00000000 ____D () C:\Users\Administrator
2015-04-11 21:10 - 2015-04-11 21:12 - 00000000 ___RD () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-11 21:10 - 2015-04-11 21:12 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-11 21:10 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 21:10 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-11 21:10 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 21:10 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-11 21:10 - 2014-11-21 04:52 - 00000369 _____ () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-11 21:10 - 2014-11-21 04:52 - 00000369 _____ () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-11 21:10 - 2014-11-21 04:52 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-11 21:10 - 2014-11-21 04:52 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-11 21:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-11 21:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-11 21:09 - 2015-03-03 13:47 - 00129600 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpnk.sys
2015-04-11 21:09 - 2015-02-04 19:24 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2015-04-11 21:07 - 2015-04-11 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-04-11 21:01 - 2015-04-11 21:43 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-04-11 21:01 - 2015-04-11 21:19 - 00000000 ____D () C:\ProgramData\Razer
2015-04-11 21:01 - 2015-04-11 21:01 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-04-11 21:01 - 2015-04-11 21:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-04-11 21:01 - 2015-04-11 21:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-04-11 21:01 - 2015-04-11 21:01 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2015-04-11 21:01 - 2015-04-11 21:01 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-04-11 21:01 - 2015-04-11 21:01 - 00000000 ____D () C:\Program Files\Synaptics
2015-04-11 21:01 - 2015-04-11 21:01 - 00000000 ____D () C:\Program Files\Realtek
2015-04-11 21:00 - 2015-04-11 21:19 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-11 21:00 - 2015-04-11 21:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-11 21:00 - 2015-03-13 12:16 - 06861968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-04-11 21:00 - 2015-03-13 12:16 - 03526856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-04-11 21:00 - 2015-03-13 12:16 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-04-11 21:00 - 2015-03-13 12:16 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-04-11 21:00 - 2015-03-13 12:16 - 00630416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2015-04-11 21:00 - 2015-03-13 12:16 - 00386248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-04-11 21:00 - 2015-03-13 12:16 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-04-11 21:00 - 2015-03-11 09:10 - 04246327 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-04-11 18:43 - 2015-04-12 19:59 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-04-11 18:32 - 2015-04-11 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-11 18:20 - 2015-04-11 18:20 - 02350912 _____ (Torch Media, Inc) C:\Users\DamonLi\Downloads\TorchSetup-r93-n-bc.exe
2015-04-11 17:42 - 2015-03-09 14:48 - 02508440 _____ (Sysinternals - www.sysinternals.com) C:\Users\DamonLi\Desktop\procexp.exe
2015-04-11 17:41 - 2015-04-11 17:41 - 01190415 _____ () C:\Users\DamonLi\Downloads\ProcessExplorer.zip
2015-04-10 21:49 - 2015-04-10 21:49 - 00016103 _____ () C:\Users\DamonLi\Downloads\Fela Pure (1).torrent
2015-04-09 23:08 - 2015-04-09 23:08 - 00288448 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2015-04-09 23:08 - 2015-04-09 23:08 - 00247488 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
2015-04-08 09:25 - 2015-04-08 09:25 - 00000035 _____ () C:\Users\DamonLi\Desktop\Farming spot.txt
2015-04-08 03:00 - 2015-04-08 03:00 - 00001062 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft Logs Uploader.lnk
2015-04-08 03:00 - 2015-04-08 03:00 - 00000000 ____D () C:\Program Files (x86)\Warcraft Logs Uploader
2015-04-07 16:54 - 2015-04-08 00:39 - 00016189 _____ () C:\Users\DamonLi\Desktop\Primal Worksheet.xlsx
2015-04-07 16:03 - 2015-04-07 16:03 - 00253901 _____ () C:\Users\DamonLi\Downloads\Notepad lua profile (1).rar
2015-04-07 15:49 - 2015-04-07 15:49 - 00253901 _____ () C:\Users\DamonLi\Downloads\Notepad lua profile.rar
2015-04-07 15:47 - 2015-04-07 15:48 - 00000000 ____D () C:\Users\DamonLi\Desktop\TSM
2015-04-07 15:29 - 2015-04-07 15:29 - 00438799 _____ () C:\Users\DamonLi\Downloads\TSM files.rar
2015-04-07 12:50 - 2015-04-07 16:54 - 00016166 _____ () C:\Users\DamonLi\Downloads\Primal Worksheet.xlsx
2015-04-05 22:01 - 2015-04-05 22:01 - 16901120 _____ () C:\Users\DamonLi\Desktop\TSMApplication.exe
2015-04-01 10:11 - 2015-04-01 10:12 - 00000000 ____D () C:\Users\DamonLi\Desktop\[Chibiki]_THE_iDOLM@STER
2015-03-31 02:04 - 2015-03-31 02:04 - 01383842 _____ () C:\Users\DamonLi\Downloads\Realtime Sniping Spreadsheet 1.02.xlsx
2015-03-31 00:22 - 2015-03-30 17:10 - 16900608 _____ () C:\Users\DamonLi\Desktop\TSMApplication_Old.exe
2015-03-31 00:21 - 2015-03-31 00:21 - 07688780 _____ () C:\Users\DamonLi\Downloads\TSMApplication (1).zip
2015-03-30 01:16 - 2015-03-30 03:35 - 00014743 _____ () C:\Users\DamonLi\Desktop\Worthwhile enchants.xlsx
2015-03-30 01:15 - 2015-03-30 01:15 - 00004435 _____ () C:\Users\DamonLi\Downloads\us_sargeras_alliance_2015_3_30_4_44.csv
2015-03-30 01:15 - 2015-03-30 01:15 - 00000000 ____D () C:\Users\DamonLi\Desktop\Wow money calculations
2015-03-30 00:17 - 2015-03-30 03:58 - 00000426 _____ () C:\Users\DamonLi\Desktop\New Text Document (3).txt
2015-03-29 22:38 - 2015-03-29 22:38 - 00024576 _____ () C:\Users\DamonLi\Downloads\Assignment_7_Data.xls
2015-03-29 17:43 - 2015-03-29 17:43 - 00071680 _____ () C:\Users\DamonLi\Downloads\Farming-Guo-Lai-Sheet-Blank-Protected.xls
2015-03-28 03:09 - 2015-03-28 03:09 - 00000962 _____ () C:\Users\DamonLi\Desktop\Anki.lnk
2015-03-28 03:08 - 2015-03-28 03:08 - 23237295 _____ () C:\Users\DamonLi\Downloads\anki-2.0.32.exe
2015-03-28 00:05 - 2015-03-28 00:05 - 01962493 _____ () C:\Users\DamonLi\Downloads\us_sargeras_alliance_2015_3_28_4_5.csv
2015-03-27 23:13 - 2015-03-27 23:13 - 01962493 _____ () C:\Users\DamonLi\Downloads\us_sargeras_alliance_2015_3_28_3_13.csv
2015-03-27 05:38 - 2015-03-27 05:38 - 00000000 ____D () C:\Users\DamonLi\Desktop\Pillars of Eternity
2015-03-26 19:33 - 2015-03-26 20:08 - 00000000 ____D () C:\Users\DamonLi\Desktop\pillars_of_eternity
2015-03-25 21:49 - 2015-03-25 21:50 - 00000019 _____ () C:\Users\DamonLi\Desktop\New Text Document (2).txt
2015-03-25 00:26 - 2015-03-04 03:26 - 00011105 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2015-03-24 23:45 - 2015-03-24 23:45 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\TradeSkillMaster
2015-03-24 23:44 - 2015-03-24 23:44 - 07677516 _____ () C:\Users\DamonLi\Downloads\TSMApplication.zip
2015-03-24 15:15 - 2015-03-24 15:15 - 01934933 _____ () C:\Users\DamonLi\Downloads\us_sargeras_alliance_2015_3_24_19_15.csv
2015-03-23 20:12 - 2015-03-23 20:12 - 00016525 _____ () C:\Users\DamonLi\Downloads\Assignment_6_data.xlsx
2015-03-21 02:35 - 2015-03-26 17:21 - 00000017 _____ () C:\Users\DamonLi\Desktop\New Text Document.txt
2015-03-19 22:57 - 2015-03-13 11:38 - 00622224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-03-19 22:54 - 2015-03-13 15:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 14121624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-19 22:54 - 2015-03-13 15:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 03303448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 02906928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00400584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00390288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00346824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00195728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-03-19 22:54 - 2015-03-13 15:41 - 00030536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-03-19 22:54 - 2015-03-13 15:41 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-03-19 22:35 - 2015-04-03 03:14 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\CrashDumps
2015-03-19 22:29 - 2015-03-19 22:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ioloGovernor
2015-03-19 21:22 - 2015-03-19 21:39 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\DisplayFusion
2015-03-19 21:20 - 2015-04-11 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2015-03-19 21:20 - 2015-03-19 21:20 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\DisplayFusion
2015-03-19 21:20 - 2015-03-19 21:20 - 00000000 ____D () C:\ProgramData\Binary Fortress Software
2015-03-19 21:20 - 2015-03-19 21:20 - 00000000 ____D () C:\Program Files (x86)\DisplayFusion
2015-03-19 21:08 - 2015-03-19 21:08 - 00003120 _____ () C:\WINDOWS\System32\Tasks\{06EC43D3-33DC-4A4A-9AE8-E6174F1BB58F}
2015-03-19 20:44 - 2015-03-19 20:44 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Actual Tools
2015-03-19 20:44 - 2015-03-19 20:44 - 00000000 ____D () C:\ProgramData\Actual Tools
2015-03-14 01:49 - 2015-03-14 01:49 - 00009728 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzStats.IPC.dll
2015-03-14 01:27 - 2015-03-14 01:27 - 00000000 ____D () C:\Users\DamonLi\Documents\Colossal Order
2015-03-14 01:27 - 2015-03-14 01:27 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Colossal Order
2015-03-14 01:27 - 2015-03-14 01:27 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\.mono
2015-03-14 01:27 - 2015-03-14 01:27 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\Colossal Order
2015-03-14 01:27 - 2015-03-14 01:27 - 00000000 ____D () C:\ProgramData\.mono
2015-03-14 01:11 - 2015-04-11 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities Skylines
2015-03-14 01:11 - 2015-03-14 01:11 - 00001947 _____ () C:\Users\Public\Desktop\Cities Skylines.lnk
2015-03-14 01:08 - 2015-03-14 16:09 - 00000000 ____D () C:\Program Files (x86)\Cities Skylines
2015-03-14 01:05 - 2015-03-14 01:05 - 00000000 ____D () C:\Users\DamonLi\Desktop\Cities Skylines [RePack]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 16:14 - 2014-12-18 13:09 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\uTorrent
2015-04-13 16:12 - 2014-08-07 17:24 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-394484410-1524753058-406091518-1003
2015-04-13 16:11 - 2014-11-21 04:44 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-13 16:11 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-13 16:06 - 2015-02-05 02:28 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0410cfd06d36a.job
2015-04-13 16:06 - 2015-02-05 02:28 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 16:04 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-13 16:04 - 2013-07-05 13:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-13 16:03 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-13 16:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-13 16:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-04-13 16:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-04-13 16:00 - 2014-08-24 19:47 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\Battle.net
2015-04-13 15:59 - 2014-08-07 14:11 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\TS3Client
2015-04-13 08:10 - 2014-08-14 01:33 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\vlc
2015-04-13 07:33 - 2015-02-05 02:28 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 07:20 - 2014-08-09 21:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-12 22:21 - 2014-08-07 12:52 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\Packages
2015-04-12 21:56 - 2013-07-05 14:24 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2015-04-12 21:50 - 2013-08-22 10:44 - 00480512 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-12 21:46 - 2014-11-21 11:56 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-12 21:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-12 21:45 - 2014-08-18 17:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-12 21:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-12 21:44 - 2012-07-26 01:26 - 00000167 _____ () C:\WINDOWS\win.ini
2015-04-12 21:42 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-12 21:09 - 2013-07-05 13:38 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-12 19:59 - 2014-08-07 20:32 - 00000000 ____D () C:\Program Files (x86)\Sunbelt Software
2015-04-12 19:59 - 2014-08-07 20:09 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\GFI Software
2015-04-12 19:58 - 2014-08-09 18:50 - 00000422 _____ () C:\WINDOWS\system32\SBRC.dat
2015-04-12 17:35 - 2015-01-14 13:26 - 00000000 ____D () C:\Users\DamonLi\Documents\Anki
2015-04-12 17:35 - 2014-09-04 16:41 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\frontwing
2015-04-12 17:33 - 2014-08-18 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-12 17:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-04-12 10:47 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-12 00:55 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-04-12 00:53 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-12 00:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-12 00:52 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-12 00:52 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-12 00:52 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-12 00:52 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-12 00:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-12 00:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-04-12 00:48 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-04-11 22:14 - 2014-08-17 20:47 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\Razer
2015-04-11 21:56 - 2014-08-07 17:13 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-11 21:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-11 21:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-11 21:36 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-04-11 21:36 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-11 21:34 - 2013-07-05 13:50 - 00880342 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-04-11 21:25 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-11 21:23 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-04-11 21:23 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-04-11 21:23 - 2014-09-07 20:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\STRING
2015-04-11 21:23 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-04-11 21:23 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-04-11 21:23 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-04-11 21:23 - 2012-07-26 01:37 - 00000000 ____D () C:\Users\Default.migrated
2015-04-11 21:22 - 2014-12-03 04:23 - 00000000 ____D () C:\WINDOWS\SysWOW64\1033
2015-04-11 21:22 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-04-11 21:22 - 2014-09-07 18:18 - 00000000 ____D () C:\WINDOWS\system32\STRING
2015-04-11 21:22 - 2014-08-07 14:56 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-04-11 21:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-04-11 21:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-04-11 21:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-11 21:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-04-11 21:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-04-11 21:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-11 21:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-04-11 21:22 - 2013-07-05 13:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\Atheros_L1e
2015-04-11 21:20 - 2014-12-03 04:23 - 00000000 ____D () C:\WINDOWS\system32\1033
2015-04-11 21:20 - 2014-11-21 04:25 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-04-11 21:20 - 2014-09-07 18:18 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2015-04-11 21:20 - 2013-08-22 11:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-04-11 21:20 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help
2015-04-11 21:19 - 2015-02-24 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-04-11 21:19 - 2015-02-23 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2015-04-11 21:19 - 2015-02-14 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-04-11 21:19 - 2015-01-15 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eManga
2015-04-11 21:19 - 2014-12-17 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp
2015-04-11 21:19 - 2014-12-09 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-04-11 21:19 - 2014-12-07 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valkyria Chronicles
2015-04-11 21:19 - 2014-12-05 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iFunBox 2014
2015-04-11 21:19 - 2014-12-03 04:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-04-11 21:19 - 2014-12-03 04:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-04-11 21:19 - 2014-12-02 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-04-11 21:19 - 2014-12-02 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2015-04-11 21:19 - 2014-12-02 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-11 21:19 - 2014-12-01 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-04-11 21:19 - 2014-11-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin-X
2015-04-11 21:19 - 2014-11-04 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-04-11 21:19 - 2014-11-03 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2015-04-11 21:19 - 2014-10-18 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-04-11 21:19 - 2014-10-13 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-04-11 21:19 - 2014-09-27 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-11 21:19 - 2014-09-12 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-04-11 21:19 - 2014-09-11 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
2015-04-11 21:19 - 2014-09-03 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-11 21:19 - 2014-08-24 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-04-11 21:19 - 2014-08-24 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-04-11 21:19 - 2014-08-24 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-04-11 21:19 - 2014-08-23 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2015-04-11 21:19 - 2014-08-10 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-11 21:19 - 2014-08-07 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-11 21:19 - 2014-08-07 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-11 21:19 - 2014-08-07 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunbelt Software
2015-04-11 21:19 - 2014-08-07 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2015-04-11 21:19 - 2014-08-07 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-11 21:19 - 2014-08-07 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair
2015-04-11 21:19 - 2014-08-07 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-04-11 21:19 - 2014-08-07 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-04-11 21:19 - 2014-08-07 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-11 21:19 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-04-11 21:19 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-04-11 21:19 - 2013-07-05 14:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery
2015-04-11 21:19 - 2013-07-05 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
2015-04-11 21:19 - 2013-07-05 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance
2015-04-11 21:19 - 2013-07-05 13:49 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-11 21:19 - 2013-03-25 17:03 - 00000000 ____D () C:\ProgramData\PRICache
2015-04-11 21:12 - 2015-02-22 17:56 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2015-04-11 21:12 - 2015-01-25 23:48 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2015-04-11 21:12 - 2014-11-20 05:31 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HOTSLogsUploader
2015-04-11 21:12 - 2014-10-21 20:46 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-04-11 21:12 - 2014-08-19 01:56 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-04-11 21:12 - 2014-08-07 15:55 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-04-11 21:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-04-11 21:11 - 2013-03-25 17:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2015-04-11 21:01 - 2013-07-05 14:04 - 00000000 ____D () C:\Temp
2015-04-11 20:58 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2015-04-11 19:47 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-04-11 18:10 - 2014-08-08 03:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-11 12:54 - 2014-11-04 19:27 - 00000000 ____D () C:\Users\DamonLi\Documents\Heroes of the Storm
2015-04-11 12:53 - 2014-11-04 18:40 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2015-04-11 12:51 - 2014-08-24 19:47 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Battle.net
2015-04-07 13:45 - 2014-08-24 21:48 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-04-06 23:49 - 2014-08-24 19:47 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-04-06 20:02 - 2014-10-18 18:40 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-04-04 06:07 - 2014-08-27 14:37 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Skype
2015-04-03 03:14 - 2015-02-23 11:32 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\Ventrilo
2015-04-03 03:14 - 2014-08-07 23:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-31 21:50 - 2014-08-07 13:58 - 00000000 ____D () C:\Users\DamonLi\AppData\Local\VirtualStore
2015-03-31 14:34 - 2014-10-13 14:27 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-31 06:29 - 2014-08-23 00:47 - 00000000 ____D () C:\Program Files (x86)\osu!
2015-03-30 00:38 - 2014-08-07 16:47 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\puush
2015-03-30 00:38 - 2014-08-07 16:47 - 00000000 ____D () C:\Program Files (x86)\puush
2015-03-28 03:09 - 2015-01-14 13:15 - 00000974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2015-03-28 03:09 - 2015-01-14 13:15 - 00000962 _____ () C:\Users\Administrator\Desktop\Anki.lnk
2015-03-24 12:54 - 2014-08-24 19:49 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-03-18 03:22 - 2015-02-05 06:04 - 00000000 ____D () C:\Users\DamonLi\AppData\Roaming\SimulationCraft
 
==================== Files in the root of some directories =======
 
2014-11-03 01:06 - 2014-11-03 02:00 - 0000132 _____ () C:\Users\DamonLi\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-11-03 00:41 - 2014-12-03 03:06 - 0000600 _____ () C:\Users\DamonLi\AppData\Roaming\winscp.rnd
2014-09-11 18:37 - 2014-09-11 18:38 - 0000600 _____ () C:\Users\DamonLi\AppData\Local\PUTTY.RND
2014-11-07 21:59 - 2014-11-07 21:59 - 0001226 _____ () C:\Users\DamonLi\AppData\Local\recently-used.xbel
2014-10-20 21:29 - 2015-01-29 14:50 - 0007602 _____ () C:\Users\DamonLi\AppData\Local\Resmon.ResmonCfg
2013-07-05 14:20 - 2013-07-05 14:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-07-05 14:24 - 2013-07-05 14:24 - 0000198 ____H () C:\ProgramData\Lenovo-22729.vbs
2013-07-05 14:24 - 2013-07-05 14:24 - 0000198 ____H () C:\ProgramData\Lenovo-22798.vbs
 
Files to move or delete:
====================
C:\ProgramData\Lenovo-22729.vbs
C:\ProgramData\Lenovo-22798.vbs
C:\Users\DamonLi\jagex_cl_oldschool_LIVE.dat
C:\Users\DamonLi\jagex_cl_runescape_LIVE.dat
C:\Users\DamonLi\random.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-11 20:58
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by DamonLi at 2015-04-13 16:16:48
Running from C:\Users\DamonLi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - Canon Inc.)
CCleaner (HKLM-x32\...\CCleaner_is1) (Version: 5.0.0.5050 - Piriform)
Cities Skylines (HKLM-x32\...\Cities Skylines_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Corsair M60 Gaming Mouse Driver V1.0 (HKLM-x32\...\{337CDF25-8F3C-4DEF-8A94-5A9BFC961368}_is1) (Version: 1.00.00.37 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 15.1 - Illustrate)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 11 - Illustrate)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DisplayFusion 7.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.0.0.0 - Binary Fortress Software)
eManga 1.1.0 (HKLM-x32\...\{42292E05-CC9B-4218-9501-B194A42D51C5}_is1) (Version:  - BrawerSoft)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
f.lux (HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\Flux) (Version:  - )
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HOTSLogsUploader (HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\99a83d131490dc73) (Version: 1.0.0.10 - HOTSLogsUploader)
iFunBox 2014 (v3.4.697.652), iFunbox DevTeam (HKLM-x32\...\iFunBox 2014_is1) (Version: v3.4.697.652 - )
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7a06df8f-4c5a-4207-aa9e-019406e3a46d}) (Version: 17.1.0 - Intel Corporation)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10220 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Mumble 1.3.0 (HKLM\...\{02FAC477-9EE8-472C-BCD0-32761CC1C8AF}) (Version: 1.3.0 - The Mumble team)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{9f8e227e-2036-45a3-99ce-346d01351ab7}) (Version: latest - ppy Pty Ltd)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.24735 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_is1) (Version:  - )
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Warcraft Logs Uploader (HKLM-x32\...\com.warcraft.logs) (Version: 3.52 - UNKNOWN)
Warcraft Logs Uploader (x32 Version: 3.52 - UNKNOWN) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.11 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.1 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
僌儕僓僀傾偺壥幚 (HKLM-x32\...\FW_Grisaia) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-394484410-1524753058-406091518-1003_Classes\CLSID\{3bd6e358-13d4-4358-b57c-74c0db5bd22a}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
12-04-2015 17:29:21 Installed Classic Shell
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0FA8EB22-55D8-4A37-821A-6622664F8C0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1DF570AA-D5D1-4640-A441-1DE9794766C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2209F45A-8CA5-4C24-B201-2BF5DFCE0C0F} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-04-12] (Microsoft Corporation)
Task: {226BE068-399D-4CB6-97D1-B50666E24A3A} - System32\Tasks\{06EC43D3-33DC-4A4A-9AE8-E6174F1BB58F} => pcalua.exe -a "C:\Program Files (x86)\Actual Multiple Monitors\unins000.exe"
Task: {3BD3F720-0882-4167-9C3C-1072CF9C5D54} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {4E752BB4-67E9-4BAA-925A-C28636EDFF4C} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2013-12-03] (iolo technologies, LLC)
Task: {4FD83532-839A-4655-BEED-3F56DC9998FF} - System32\Tasks\{FB2F4FDE-0296-4D22-8861-29685B51AC8E} => pcalua.exe -a C:\Games\bin\ScpService.exe -d C:\Games\bin
Task: {56791F06-B51F-4E19-8D54-06307AFFE869} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {601C7B8E-471A-496E-87C7-084A24F6521B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-12] (Microsoft Corporation)
Task: {688E1FA4-9235-4291-90BC-B243AD6719DD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6EFA8CF9-B360-43B6-8A53-3B27747F9E06} - System32\Tasks\Lenovo\Lenovo-22729 => C:\ProgramData\Lenovo-22729.vbs [2013-07-05] ()
Task: {74986C66-A197-4FE3-8995-27D8D7CEAF13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)
Task: {79B304A1-DCB4-4680-A0FC-C8514EBA4A55} - System32\Tasks\Lenovo\Lenovo-22798 => C:\ProgramData\Lenovo-22798.vbs [2013-07-05] ()
Task: {85F73654-64C3-4A26-AEBC-0A18E3753A22} - System32\Tasks\GoogleUpdateTaskMachineCore1d0410cfd06d36a => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)
Task: {9F29306C-D801-4F2B-851E-C131622087A2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {A1329856-4E98-4824-8FC4-A6CCEE205D9A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-08] (Synaptics Incorporated)
Task: {A1949511-424E-4EFE-B73C-5E5F32B19FB4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {BFF11F85-75BA-4E94-9B9F-2697A28335B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
Task: {CD4F00CF-6D2C-4AFD-9F33-94A2A3DBDE98} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-12] (Microsoft Corporation)
Task: {CFE2E4F3-1983-4789-944B-0135AAC9A9E0} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe [2014-08-18] ()
Task: {DB408CA2-B654-426B-AE75-11DD3EC4F3A5} - System32\Tasks\{B29487A7-968C-49A8-B1C7-F70EACD427E5} => pcalua.exe -a C:\windows\AppPatch\AppLoc.exe -d E:\Love×Evolution -c "E:\Love×Evolution\Setup.exe" "/L0411"
Task: {DC95E673-F095-402D-9588-86CF7526853F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {E3F54126-7A6F-43D4-8F6B-0A64D18E9281} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)
Task: {F17DFCDA-2EA9-48F1-867A-15DBC999EFE4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-12] (Microsoft Corporation)
Task: {FB85718B-B0D8-4119-A0F9-E7EB39F4CCD3} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0410cfd06d36a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-11 21:00 - 2015-03-13 12:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-04 19:24 - 2015-02-04 19:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-01-21 15:01 - 2015-01-21 15:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-07-05 14:04 - 2013-03-14 05:46 - 00040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-03-30 00:38 - 2015-03-30 00:38 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2014-12-02 15:59 - 2014-04-15 02:11 - 00039192 _____ () C:\Program Files (x86)\CCleaner\branding.dll
2015-04-05 22:01 - 2015-04-05 22:01 - 16901120 _____ () C:\Users\DamonLi\Desktop\TSMApplication.exe
2015-03-14 01:49 - 2015-03-14 01:49 - 00291840 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2015-01-21 15:01 - 2015-01-21 15:01 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-05 05:20 - 2015-02-05 05:20 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2014-08-07 15:11 - 2012-05-14 12:41 - 00043008 _____ () C:\Program Files (x86)\Corsair\M60 Mouse\hidGetKey.dll
2015-04-03 05:35 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 05:35 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 05:35 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-03 05:35 - 2015-03-30 17:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2015-04-11 22:14 - 2014-11-25 21:12 - 40622592 _____ () C:\Users\DamonLi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2015-04-11 22:14 - 2014-11-25 21:12 - 00911360 _____ () C:\Users\DamonLi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2015-04-11 22:14 - 2014-11-25 21:12 - 00134144 _____ () C:\Users\DamonLi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\DamonLi\OneDrive:ms-properties
AlternateDataStreams: C:\Users\DamonLi\Desktop\Image (3).jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\DamonLi\Desktop\Image (3).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-394484410-1524753058-406091518-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\DamonLi\AppData\Local\DisplayFusion\Wallpaper_2
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
MSCONFIG\startupreg: NvBackend => "c:\program files (x86)\nvidia corporation\update core\nvbackend.exe"
HKLM\...\StartupApproved\Run32: => "Ardoise"
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-394484410-1524753058-406091518-1003\...\StartupApproved\Run: => "iFunBox Price Watch"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-394484410-1524753058-406091518-500 - Administrator - Enabled) => C:\Users\Administrator
DamonLi (S-1-5-21-394484410-1524753058-406091518-1003 - Administrator - Enabled) => C:\Users\DamonLi
Guest (S-1-5-21-394484410-1524753058-406091518-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-394484410-1524753058-406091518-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Visual Studio Location Simulator Sensor
Description: Microsoft Visual Studio Location Simulator Sensor
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft Corporation
Service: SensorsSimulatorDriver
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2015 08:10:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.3.9600.17668, time stamp: 0x54c850f5
Exception code: 0xc0000005
Fault offset: 0x00000000000582bb
Faulting process id: 0x513c
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
Faulting package full name: vlc.exe4
Faulting package-relative application ID: vlc.exe5
 
Error: (04/13/2015 03:30:41 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.
 
Error: (04/12/2015 09:47:43 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]
 
Error: (04/12/2015 07:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2015 07:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2015 07:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2015 06:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2015 06:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2015 06:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/12/2015 05:05:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (04/13/2015 04:08:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (04/13/2015 04:06:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (04/13/2015 04:05:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (04/13/2015 04:04:22 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (04/13/2015 03:58:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (04/13/2015 03:58:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (04/12/2015 09:56:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (04/12/2015 09:54:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (04/12/2015 09:52:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1058
 
Error: (04/12/2015 09:51:13 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
 
Microsoft Office Sessions:
=========================
Error: (04/13/2015 08:10:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1766854c850f5c000000500000000000582bb513c01d075e1567f2bceC:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll0abab17b-e1d6-11e4-beb8-28d24415ff98
 
Error: (04/13/2015 03:30:41 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: c:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exec:\program files\windowsapps\c59ad0af.lenovocloudstoragebysugarsync_1.3.0.889_neutral__m3tnjedffpfhj\SugarSyncWin8.exe2
 
Error: (04/12/2015 09:47:43 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]
 
Error: (04/12/2015 07:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (04/12/2015 07:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (04/12/2015 07:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (04/12/2015 06:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (04/12/2015 06:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (04/12/2015 06:35:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
Error: (04/12/2015 05:05:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147023174
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-13 15:59:07.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-12 23:28:24.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-12 21:27:04.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-12 21:12:00.694
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-12 20:35:57.535
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-12 20:17:46.277
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-11 22:05:52.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-11 22:02:42.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-11 22:02:41.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-11 19:02:24.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 7986.27 MB
Available physical RAM: 4959.3 MB
Total Pagefile: 9906.27 MB
Available Pagefile: 5894.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:542.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5C31B43A)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Step 2
 
Farbar Service Scanner Version: 17-01-2015
Ran by DamonLi (administrator) on 13-04-2015 at 16:21:53
Running from "C:\Users\DamonLi\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 PM

Posted 13 April 2015 - 03:49 PM

Hi there,

warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 1

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 kikoman51

kikoman51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 13 April 2015 - 07:20 PM

Malware Bytes Scan:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/13/2015
Scan Time: 5:04:54 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.13.08
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: DamonLi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 467345
Time Elapsed: 10 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Posting this first. The Eset scanner is taking pretty long.


#6 kikoman51

kikoman51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 13 April 2015 - 07:49 PM

Eset scanner

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=40e97b5817851e4dab6717cc36c85bd4
# engine=23366
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-14 12:47:10
# local_time=2015-04-13 08:47:10 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 23780284 0 0
# scanned=438410
# found=1
# cleaned=0
# scan_time=12394
sh=6FCE8AD93FA1CD4208933305B90995E42EA08F44 ft=1 fh=466993fa18ca0ab3 vn="Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\Users\DamonLi\Downloads\TorchSetup-r93-n-bc.exe"
 
A virus was found but it says clean=0 does that mean it wasn't removed?

Edited by kikoman51, 13 April 2015 - 07:53 PM.


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 PM

Posted 14 April 2015 - 02:55 AM

A virus was found but it says clean=0 does that mean it wasn't removed?


A potentially unwanted application isn't a virus. :)
You can delete this file manually "C:\Users\DamonLi\Downloads\TorchSetup-r93-n-bc.exe"

Step 1

wraioneu.PNGWindows Repair (All-in-One)tweaking2.png

  • Please download and install Windows Repair.
  • Right-Click Windows Repair and select Run as administrator to run the tool.
  • Please follow the instructions of the pictures.
  • Note: Do NOT use your computer whilst the programme is running.
  • Upon completion, start your computer and re-enable your Anti-Virusprogram.
  • Using Windows Explorer, navigate to the following folder:
    • 64-bit Systems: C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    • 32-bit Systems: C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
  • Open the log. Copy the contents and paste in your next reply.

1.png
2.png
3.png
4.png
5.png


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 kikoman51

kikoman51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 14 April 2015 - 10:24 AM

Do i restart my computer for SFC? Ive been doing the repair for 2 hours without restarting its still stuck on the first repair job.



#9 kikoman51

kikoman51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 14 April 2015 - 11:23 AM

Ok so i got the repair running it completed and restarted my computer but now its stuck on the windows is getting ready screen

#10 kikoman51

kikoman51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 14 April 2015 - 11:38 AM

Tweaking.com - Windows Repair v3.0.0
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack: 
Computer Name: IDEA-PC
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\DamonLi
Current Profile SID: S-1-5-21-394484410-1524753058-406091518-1003
Current Profile Classes: S-1-5-21-394484410-1524753058-406091518-1003_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\DamonLi\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 18:33:55
 
Process Count: 95
Commit Total: 2.53 GB
Commit Limit: 9.67 GB
Commit Peak: 8.70 GB
Handle Count: 37955
Kernel Total: 692.49 MB
Kernel Paged: 481.06 MB
Kernel Non Paged: 211.43 MB
System Cache: 4.29 GB
Thread Count: 984
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.80 GB
Memory Used: 1.27 GB(16.333%)
Memory Avail.: 6.53 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.80 GB
Memory Used: 1.21 GB(15.5704%)
Memory Avail.: 6.58 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (4/14/2015 11:26:18 AM)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 0
 
01 - Reset Registry Permissions
   Restore Windows 8 Default Registry Permissions
   Start (4/14/2015 11:26:19 AM)
 
 
Decompressing & Updating Windows Permission File hkud.txt
Done,  0.12 seconds.
 
 
Decompressing & Updating Windows Permission File hkcu.txt
Done,  0.16 seconds.
 
 
Decompressing & Updating Windows Permission File hkcr.txt
Done,  0.45 seconds.
 
 
Decompressing & Updating Windows Permission File hklm.txt
Done,  1.01 seconds.
 
   Running Repair Under System Account
   Running Repair Under Current User Account
   Done (4/14/2015 11:28:35 AM)
 
03 - Reset Service Permissions
   Start (4/14/2015 11:28:35 AM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:28:40 AM)
 
04 - Register System Files
   Start (4/14/2015 11:28:40 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:28:58 AM)
 
05 - Repair WMI
   Start (4/14/2015 11:28:58 AM)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   No Antivirus Products Reported.
 
   Exporting AntiSpyware Info...
   No AntiSpyware Products Reported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (4/14/2015 11:32:57 AM)
 
06 - Repair Windows Firewall
   Start (4/14/2015 11:32:57 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:33:22 AM)
 
07 - Repair Internet Explorer
   Start (4/14/2015 11:33:22 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:33:35 AM)
 
08 - Repair MDAC/MS Jet
   Start (4/14/2015 11:33:35 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:33:41 AM)
 
09 - Repair Hosts File
   Start (4/14/2015 11:33:41 AM)
   Running Repair Under System Account
   Done (4/14/2015 11:33:42 AM)
 
10 - Remove Policies Set By Infections
   Start (4/14/2015 11:33:42 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:33:44 AM)
 
12 - Repair Icons
   Start (4/14/2015 11:33:44 AM)
   Running Repair Under Current User Account
   Done (4/14/2015 11:33:45 AM)
 
13 - Repair Winsock & DNS Cache
   Start (4/14/2015 11:33:45 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:33:57 AM)
 
15 - Repair Proxy Settings
   Start (4/14/2015 11:33:57 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:33:59 AM)
 
17 - Repair Windows Updates
   Start (4/14/2015 11:33:59 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (4/14/2015 11:34:18 AM)
 
18 - Repair CD/DVD Missing/Not Working
   Start (4/14/2015 11:34:18 AM)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (4/14/2015 11:34:18 AM)
 
19 - Repair Volume Shadow Copy Service
   Start (4/14/2015 11:34:18 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:34:36 AM)
 
21 - Repair MSI (Windows Installer)
   Start (4/14/2015 11:34:36 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:34:44 AM)
 
23.01 - Repair bat Association
   Start (4/14/2015 11:34:44 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:34:46 AM)
 
23.02 - Repair cmd Association
   Start (4/14/2015 11:34:46 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:34:49 AM)
 
23.03 - Repair com Association
   Start (4/14/2015 11:34:49 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:34:51 AM)
 
23.04 - Repair Directory Association
   Start (4/14/2015 11:34:51 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:34:53 AM)
 
23.05 - Repair Drive Association
   Start (4/14/2015 11:34:53 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:34:55 AM)
 
23.06 - Repair exe Association
   Start (4/14/2015 11:34:55 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:34:57 AM)
 
23.07 - Repair Folder Association
   Start (4/14/2015 11:34:57 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:34:59 AM)
 
23.08 - Repair inf Association
   Start (4/14/2015 11:34:59 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:35:02 AM)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (4/14/2015 11:35:02 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:35:04 AM)
 
23.10 - Repair msc Association
   Start (4/14/2015 11:35:04 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:35:06 AM)
 
23.11 - Repair reg Association
   Start (4/14/2015 11:35:06 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:35:08 AM)
 
23.12 - Repair scr Association
   Start (4/14/2015 11:35:08 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:35:10 AM)
 
24 - Repair Windows Safe Mode
   Start (4/14/2015 11:35:10 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:35:12 AM)
 
25 - Repair Print Spooler
   Start (4/14/2015 11:35:12 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:35:25 AM)
 
26 - Restore Important Windows Services
   Start (4/14/2015 11:35:25 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:35:29 AM)
 
27 - Set Windows Services To Default Startup
   Start (4/14/2015 11:35:29 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:35:31 AM)
 
28.01 - Repair Windows 8 App Store
   Start (4/14/2015 11:35:31 AM)
 
Decompressing & Updating Windows Permission File hkcu.txt
Done,  0.16 seconds.
 
   Running Repair Under Current User Account
   Done (4/14/2015 11:36:00 AM)
 
29 - Repair Windows 8 Component Store
   Start (4/14/2015 11:36:00 AM)
   Running Repair Under Current User Account
   Done (4/14/2015 11:40:11 AM)
 
30 - Restore Windows 8 COM+ Unmarshalers
   Start (4/14/2015 11:40:11 AM)
   Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>
 
SetACL finished with error(s): 
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.
 
   Done (4/14/2015 11:40:12 AM)
 
31 - Repair Windows 'New' Submenu
   Start (4/14/2015 11:40:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (4/14/2015 11:40:15 AM)
 
33 - Repair Performance Counters
   Start (4/14/2015 11:40:15 AM)
   Running Repair Under Current User Account
   Done (4/14/2015 11:40:19 AM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (4/14/2015 11:40:19 AM)
   Total Repair Time: 00:14:02
 
 
...YOU MUST RESTART YOUR SYSTEM...

This is the chkdsk log:

 

Microsoft Windows [Version 6.3.9600]
© 2013 Microsoft Corporation. All rights reserved.
 
C:\Users\DamonLi\Desktop>CD /D C:\
 
C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
 
C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Windows8_OS.
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 646656 done; Stage:  0%; Total:  0%; ETA:   0:31:06    
Progress: 1887 of 646656 done; Stage:  0%; Total:  0%; ETA:   0:31:05 .  
Progress: 14081 of 646656 done; Stage:  2%; Total:  0%; ETA:   0:30:52 .. 
Progress: 15621 of 646656 done; Stage:  2%; Total:  0%; ETA:   0:02:42 ...
Progress: 18288 of 646656 done; Stage:  2%; Total:  0%; ETA:   0:03:12    
Progress: 31140 of 646656 done; Stage:  4%; Total:  1%; ETA:   0:02:22 .  
Progress: 55008 of 646656 done; Stage:  8%; Total:  2%; ETA:   0:01:37 .. 
Progress: 69374 of 646656 done; Stage: 10%; Total:  3%; ETA:   0:01:29 ...
Progress: 90881 of 646656 done; Stage: 14%; Total:  4%; ETA:   0:01:18    
Progress: 114945 of 646656 done; Stage: 17%; Total:  6%; ETA:   0:01:08 .  
Progress: 131073 of 646656 done; Stage: 20%; Total:  6%; ETA:   0:01:05 .. 
Progress: 156929 of 646656 done; Stage: 24%; Total:  8%; ETA:   0:01:00 ...
Progress: 183606 of 646656 done; Stage: 28%; Total:  9%; ETA:   0:00:55    
Progress: 221953 of 646656 done; Stage: 34%; Total: 11%; ETA:   0:00:49 .  
Progress: 251905 of 646656 done; Stage: 38%; Total: 13%; ETA:   0:00:46 .. 
Progress: 275836 of 646656 done; Stage: 42%; Total: 14%; ETA:   0:00:44 ...
Progress: 314625 of 646656 done; Stage: 48%; Total: 16%; ETA:   0:00:39    
Progress: 358258 of 646656 done; Stage: 55%; Total: 18%; ETA:   0:00:36 .  
Progress: 390145 of 646656 done; Stage: 60%; Total: 20%; ETA:   0:00:35 .. 
Progress: 414721 of 646656 done; Stage: 64%; Total: 21%; ETA:   0:00:35 ...
Progress: 438017 of 646656 done; Stage: 67%; Total: 23%; ETA:   0:00:33    
Progress: 457890 of 646656 done; Stage: 70%; Total: 24%; ETA:   0:00:33 .  
Progress: 468341 of 646656 done; Stage: 72%; Total: 24%; ETA:   0:00:33 .. 
Progress: 476177 of 646656 done; Stage: 73%; Total: 25%; ETA:   0:00:33 ...
Progress: 476975 of 646656 done; Stage: 73%; Total: 25%; ETA:   0:00:35    
Progress: 480042 of 646656 done; Stage: 74%; Total: 25%; ETA:   0:00:35 .  
Progress: 495105 of 646656 done; Stage: 76%; Total: 26%; ETA:   0:00:36 .. 
Progress: 528385 of 646656 done; Stage: 81%; Total: 27%; ETA:   0:00:35 ...
Progress: 559900 of 646656 done; Stage: 86%; Total: 29%; ETA:   0:00:33    
Progress: 570604 of 646656 done; Stage: 88%; Total: 30%; ETA:   0:00:33 .  
Progress: 577793 of 646656 done; Stage: 89%; Total: 30%; ETA:   0:00:33 .. 
Progress: 587888 of 646656 done; Stage: 90%; Total: 31%; ETA:   0:00:33 ...
Progress: 610305 of 646656 done; Stage: 94%; Total: 32%; ETA:   0:00:33    
Progress: 646656 of 646656 done; Stage: 100%; Total: 34%; ETA:   0:00:31 .  
                                                                                       
                                                                                       
  646656 file records processed.                                                        
 
File verification completed.
Progress: 1 of 3601 done; Stage:  0%; Total: 34%; ETA:   0:00:31 .. 
Progress: 3601 of 3601 done; Stage: 100%; Total: 29%; ETA:   0:00:38 ...
                                                                                       
                                                                                       
  3601 large file records processed.                                   
 
Progress: 0 of 0 done; Stage: 99%; Total: 29%; ETA:   0:00:38    
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
Progress: 86694 of 795912 done; Stage: 10%; Total: 33%; ETA:   0:00:35 .  
Progress: 165168 of 795912 done; Stage: 20%; Total: 36%; ETA:   0:00:30 .. 
Progress: 266917 of 795912 done; Stage: 33%; Total: 41%; ETA:   0:00:25 ...
Progress: 390732 of 795912 done; Stage: 49%; Total: 46%; ETA:   0:00:22    
Progress: 465791 of 795912 done; Stage: 58%; Total: 50%; ETA:   0:00:19 .  
Progress: 532363 of 795912 done; Stage: 66%; Total: 53%; ETA:   0:00:17 .. 
Progress: 602016 of 795912 done; Stage: 75%; Total: 56%; ETA:   0:00:15 ...
                                                                                       
Error detected in index $I30 for file 30.
Error detected in index $I30 for file 30.
Error detected in index $I30 for file 30.
Progress: 646738 of 795912 done; Stage: 81%; Total: 58%; ETA:   0:00:15    
Progress: 646992 of 795912 done; Stage: 81%; Total: 58%; ETA:   0:00:15 .  
Progress: 647069 of 795912 done; Stage: 81%; Total: 58%; ETA:   0:00:15 .. 
Progress: 647340 of 795912 done; Stage: 81%; Total: 58%; ETA:   0:00:15 ...
Progress: 647722 of 795912 done; Stage: 81%; Total: 58%; ETA:   0:00:15    
Progress: 648335 of 795912 done; Stage: 81%; Total: 59%; ETA:   0:00:15 .  
Progress: 648948 of 795912 done; Stage: 81%; Total: 59%; ETA:   0:00:16 .. 
Progress: 649229 of 795912 done; Stage: 81%; Total: 59%; ETA:   0:00:16 ...
Progress: 649501 of 795912 done; Stage: 81%; Total: 59%; ETA:   0:00:16    
Progress: 649640 of 795912 done; Stage: 81%; Total: 59%; ETA:   0:00:16 .  
Progress: 649839 of 795912 done; Stage: 81%; Total: 59%; ETA:   0:00:16 .. 
Progress: 650459 of 795912 done; Stage: 81%; Total: 59%; ETA:   0:00:16 ...
Progress: 650929 of 795912 done; Stage: 81%; Total: 59%; ETA:   0:00:17    
Progress: 650985 of 795912 done; Stage: 81%; Total: 59%; ETA:   0:00:17 .  
Progress: 651250 of 795912 done; Stage: 81%; Total: 60%; ETA:   0:00:17 .. 
Progress: 651386 of 795912 done; Stage: 81%; Total: 60%; ETA:   0:00:17 ...
Progress: 651705 of 795912 done; Stage: 81%; Total: 60%; ETA:   0:00:17    
Progress: 651880 of 795912 done; Stage: 81%; Total: 61%; ETA:   0:00:17 .  
Progress: 652262 of 795912 done; Stage: 81%; Total: 61%; ETA:   0:00:17 .. 
Progress: 652887 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:17 ...
Progress: 653057 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:19    
Progress: 653312 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:19 .  
Progress: 653401 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:19 .. 
Progress: 653924 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:19 ...
Progress: 654099 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:19    
Progress: 654258 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:19 .  
Progress: 654347 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:19 .. 
Progress: 654433 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:20 ...
Progress: 654595 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:20    
Progress: 654623 of 795912 done; Stage: 82%; Total: 61%; ETA:   0:00:20 .  
Progress: 654862 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:20 .. 
Progress: 655118 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:20 ...
Progress: 655223 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:20    
Progress: 655391 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:20 .  
Progress: 655673 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:22 .. 
Progress: 656189 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:22 ...
Progress: 656500 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:22    
Progress: 656976 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:22 .  
Progress: 657559 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:22 .. 
Progress: 658377 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:22 ...
Progress: 659200 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:22    
Progress: 659667 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:24 .  
Progress: 659934 of 795912 done; Stage: 82%; Total: 62%; ETA:   0:00:24 .. 
Progress: 660295 of 795912 done; Stage: 82%; Total: 63%; ETA:   0:00:24 ...
Progress: 661038 of 795912 done; Stage: 83%; Total: 63%; ETA:   0:00:24    
Progress: 661983 of 795912 done; Stage: 83%; Total: 63%; ETA:   0:00:24 .  
Progress: 662041 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:24 .. 
Progress: 662529 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:24 ...
Progress: 662930 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:24    
Progress: 663051 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:24 .  
Progress: 663287 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:24 .. 
Progress: 663343 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:24 ...
Progress: 663384 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:24    
Progress: 663649 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:24 .  
Progress: 663799 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:25 .. 
Progress: 664061 of 795912 done; Stage: 83%; Total: 64%; ETA:   0:00:25 ...
Progress: 664564 of 795912 done; Stage: 83%; Total: 65%; ETA:   0:00:25    
Progress: 664728 of 795912 done; Stage: 83%; Total: 65%; ETA:   0:00:25 .  
Progress: 664978 of 795912 done; Stage: 83%; Total: 65%; ETA:   0:00:25 .. 
Progress: 665117 of 795912 done; Stage: 83%; Total: 65%; ETA:   0:00:25 ...
Progress: 665300 of 795912 done; Stage: 83%; Total: 65%; ETA:   0:00:25    
Progress: 665513 of 795912 done; Stage: 83%; Total: 65%; ETA:   0:00:25 .  
Progress: 665670 of 795912 done; Stage: 83%; Total: 65%; ETA:   0:00:25 .. 
Progress: 668573 of 795912 done; Stage: 84%; Total: 65%; ETA:   0:00:27 ...
Progress: 675539 of 795912 done; Stage: 84%; Total: 65%; ETA:   0:00:27    
Progress: 675865 of 795912 done; Stage: 84%; Total: 66%; ETA:   0:00:27 .  
Progress: 676073 of 795912 done; Stage: 84%; Total: 66%; ETA:   0:00:27 .. 
Progress: 676296 of 795912 done; Stage: 84%; Total: 66%; ETA:   0:00:27 ...
Progress: 676372 of 795912 done; Stage: 84%; Total: 66%; ETA:   0:00:27    
Progress: 676644 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:27 .  
Progress: 676695 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:27 .. 
Progress: 676724 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:27 ...
Progress: 676745 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:27    
Progress: 676937 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:28 .  
Progress: 677846 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:28 .. 
Progress: 678475 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:28 ...
Progress: 678790 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:28    
Progress: 678999 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:28 .  
Progress: 679267 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:28 .. 
Progress: 679534 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:28 ...
Progress: 679681 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:28    
Progress: 680456 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:28 .  
Progress: 680554 of 795912 done; Stage: 85%; Total: 66%; ETA:   0:00:30 .. 
Progress: 680656 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30 ...
Progress: 680704 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30    
Progress: 680911 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30 .  
Progress: 681213 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30 .. 
Progress: 681381 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30 ...
Progress: 681420 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30    
Progress: 681625 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30 .  
Progress: 681806 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30 .. 
Progress: 681964 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30 ...
Progress: 681998 of 795912 done; Stage: 85%; Total: 67%; ETA:   0:00:30    
Progress: 682130 of 795912 done; Stage: 85%; Total: 68%; ETA:   0:00:30 .  
Progress: 682548 of 795912 done; Stage: 85%; Total: 68%; ETA:   0:00:30 .. 
Progress: 682679 of 795912 done; Stage: 85%; Total: 69%; ETA:   0:00:30 ...
Progress: 682680 of 795912 done; Stage: 85%; Total: 69%; ETA:   0:00:30    
Progress: 682922 of 795912 done; Stage: 85%; Total: 69%; ETA:   0:00:30 .  
Progress: 683217 of 795912 done; Stage: 85%; Total: 69%; ETA:   0:00:30 .. 
Progress: 683473 of 795912 done; Stage: 85%; Total: 69%; ETA:   0:00:30 ...
Progress: 683634 of 795912 done; Stage: 85%; Total: 69%; ETA:   0:00:30    
Progress: 684497 of 795912 done; Stage: 86%; Total: 69%; ETA:   0:00:30 .  
Progress: 684704 of 795912 done; Stage: 86%; Total: 69%; ETA:   0:00:30 .. 
Progress: 684780 of 795912 done; Stage: 86%; Total: 69%; ETA:   0:00:30 ...
Progress: 687079 of 795912 done; Stage: 86%; Total: 69%; ETA:   0:00:30    
Progress: 687696 of 795912 done; Stage: 86%; Total: 69%; ETA:   0:00:30 .  
Progress: 688484 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:30 .. 
Progress: 688873 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:30 ...
Progress: 689422 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:30    
Progress: 689560 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:30 .  
Progress: 689847 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:30 .. 
Progress: 690015 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:30 ...
Progress: 690134 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:30    
Progress: 690433 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:31 .  
Progress: 690580 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:32 .. 
Progress: 690634 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:32 ...
Progress: 690677 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:32    
Progress: 690947 of 795912 done; Stage: 86%; Total: 70%; ETA:   0:00:32 .  
Progress: 691218 of 795912 done; Stage: 86%; Total: 71%; ETA:   0:00:32 .. 
Progress: 691684 of 795912 done; Stage: 86%; Total: 71%; ETA:   0:00:32 ...
Progress: 691723 of 795912 done; Stage: 86%; Total: 71%; ETA:   0:00:32    
Progress: 691763 of 795912 done; Stage: 86%; Total: 71%; ETA:   0:00:32 .  
Progress: 692082 of 795912 done; Stage: 86%; Total: 71%; ETA:   0:00:32 .. 
Progress: 692231 of 795912 done; Stage: 86%; Total: 71%; ETA:   0:00:32 ...
Progress: 692533 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:32    
Progress: 692698 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:32 .  
Progress: 692886 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:32 .. 
Progress: 693183 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:32 ...
Progress: 693751 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:32    
Progress: 694003 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:32 .  
Progress: 694447 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:33 .. 
Progress: 694642 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:33 ...
Progress: 694714 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:33    
Progress: 694816 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:33 .  
Progress: 694922 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:33 .. 
Progress: 695094 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:33 ...
                                                                                       
Index entry Local State in index $I30 of file 345242 is incorrect.
Progress: 695257 of 795912 done; Stage: 87%; Total: 71%; ETA:   0:00:33    
                                                                                       
Index entry Preferences in index $I30 of file 345258 is incorrect.
Progress: 695448 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:33 .  
Progress: 695608 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:33 .. 
Progress: 695856 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:33 ...
Progress: 696134 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:33    
Progress: 696276 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35 .  
Progress: 696693 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35 .. 
Progress: 697152 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35 ...
Progress: 697303 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35    
Progress: 697594 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35 .  
Progress: 697761 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35 .. 
Progress: 698089 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35 ...
Progress: 698290 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35    
Progress: 698598 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35 .  
Progress: 699614 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35 .. 
Progress: 699966 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35 ...
Progress: 700095 of 795912 done; Stage: 87%; Total: 72%; ETA:   0:00:35    
Progress: 700453 of 795912 done; Stage: 88%; Total: 72%; ETA:   0:00:35 .  
Progress: 700587 of 795912 done; Stage: 88%; Total: 72%; ETA:   0:00:35 .. 
Progress: 701060 of 795912 done; Stage: 88%; Total: 72%; ETA:   0:00:35 ...
Progress: 701156 of 795912 done; Stage: 88%; Total: 72%; ETA:   0:00:35    
Progress: 701811 of 795912 done; Stage: 88%; Total: 72%; ETA:   0:00:36 .  
Progress: 701965 of 795912 done; Stage: 88%; Total: 73%; ETA:   0:00:36 .. 
Progress: 702074 of 795912 done; Stage: 88%; Total: 73%; ETA:   0:00:36 ...
Progress: 702314 of 795912 done; Stage: 88%; Total: 73%; ETA:   0:00:36    
Progress: 702580 of 795912 done; Stage: 88%; Total: 73%; ETA:   0:00:36 .  
Progress: 702714 of 795912 done; Stage: 88%; Total: 73%; ETA:   0:00:36 .. 
Progress: 702739 of 795912 done; Stage: 88%; Total: 73%; ETA:   0:00:36 ...
Progress: 702740 of 795912 done; Stage: 88%; Total: 73%; ETA:   0:00:36    
Progress: 702744 of 795912 done; Stage: 88%; Total: 76%; ETA:   0:00:36 .  
Progress: 703058 of 795912 done; Stage: 88%; Total: 76%; ETA:   0:00:31 .. 
Progress: 703564 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31 ...
Progress: 703983 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31    
Progress: 704546 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31 .  
Progress: 704784 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31 .. 
Progress: 705392 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31 ...
Progress: 705851 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31    
Progress: 705909 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31 .  
Progress: 706057 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31 .. 
Progress: 706074 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31 ...
Progress: 706325 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31    
Progress: 706617 of 795912 done; Stage: 88%; Total: 77%; ETA:   0:00:31 .  
Progress: 707063 of 795912 done; Stage: 88%; Total: 78%; ETA:   0:00:31 .. 
Progress: 707364 of 795912 done; Stage: 88%; Total: 78%; ETA:   0:00:31 ...
Progress: 707739 of 795912 done; Stage: 88%; Total: 78%; ETA:   0:00:31    
Progress: 708612 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 .  
Progress: 708662 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 .. 
Progress: 708738 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 ...
Progress: 708772 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31    
Progress: 708802 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 .  
Progress: 709472 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 .. 
Progress: 709901 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 ...
Progress: 710457 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31    
Progress: 711089 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 .  
Progress: 711485 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 .. 
Progress: 711916 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 ...
Progress: 712143 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31    
Progress: 713042 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 .  
Progress: 713182 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 .. 
Progress: 713212 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:32 ...
Progress: 713726 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31    
Progress: 715101 of 795912 done; Stage: 89%; Total: 78%; ETA:   0:00:31 .  
Progress: 715537 of 795912 done; Stage: 89%; Total: 79%; ETA:   0:00:31 .. 
Progress: 716201 of 795912 done; Stage: 89%; Total: 79%; ETA:   0:00:31 ...
Progress: 716249 of 795912 done; Stage: 89%; Total: 79%; ETA:   0:00:32    
Progress: 716283 of 795912 done; Stage: 89%; Total: 79%; ETA:   0:00:32 .  
                                                                                       
Index entry CHKDSK.EXE-F8936D0B.pf in index $I30 of file 586757 is incorrect.
Progress: 716366 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 .. 
Progress: 716407 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 ...
Progress: 716461 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32    
Progress: 716704 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 .  
Progress: 716787 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 .. 
Progress: 716861 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 ...
Progress: 718222 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32    
Progress: 718373 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 .  
Progress: 718416 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 .. 
Progress: 718677 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 ...
Progress: 718805 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32    
Progress: 718974 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 .  
Progress: 718997 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 .. 
Progress: 719017 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 ...
Progress: 719072 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32    
Progress: 719203 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 .  
Progress: 719335 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 .. 
Progress: 719431 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:32 ...
Progress: 719539 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:33    
Progress: 719843 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:33 .  
Progress: 720069 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:33 .. 
Progress: 720097 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:33 ...
Progress: 720334 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:33    
Progress: 720776 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:33 .  
Progress: 721016 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:33 .. 
Progress: 721160 of 795912 done; Stage: 90%; Total: 79%; ETA:   0:00:33 ...
Progress: 795912 of 795912 done; Stage: 100%; Total: 79%; ETA:   0:00:33    
                                                                                       
                                                                                       
  795912 index entries processed.                                                       
 
Index verification completed.
 
Errors found.  CHKDSK cannot continue in read-only mode.
 
C:\>


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 PM

Posted 14 April 2015 - 03:13 PM


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 kikoman51

kikoman51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 14 April 2015 - 06:18 PM

Same problem persists



#13 kikoman51

kikoman51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 14 April 2015 - 07:04 PM

Ok so I figured it out and fixed the problem. I had vipre antivirus before and upgraded to windows 8.1 I wanted to uninstall vipre a while after that but couldnt find it in add or remove programs so I found a vipre removal tool somewhere. So I think it didnt remove vipre properly so I couldnt turn on windows defender. The way I fixed it was install vipre then uninstall it using the add or remove programs. Thanks for the help! 

 

Another problem im having is sometimes the system process in task manager uses up 100% disk and lags me. Do you know anything about this issue?



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:51 PM

Posted 15 April 2015 - 06:18 AM

So I think it didnt remove vipre properly so I couldnt turn on windows defender.

 
Correct! :thumbup2:
 

Do you know anything about this issue?


 This is not my forte to fix. :)

 
Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-394484410-1524753058-406091518-1003 -> DefaultScope {F8B857F6-1EA9-4F93-80FF-DD29E313501C} URL =
    SearchScopes: HKU\S-1-5-21-394484410-1524753058-406091518-1003 -> {F8B857F6-1EA9-4F93-80FF-DD29E313501C} URL =
    Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} -  No File
    CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?
    Task: {CFE2E4F3-1983-4789-944B-0135AAC9A9E0} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe [2014-08-18] ()
    C:\windows\AutoKMS\AutoKMS.exe
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Adobe Flash Player 16 NPAPI
Java 7 Update 67
Java 8 Update 25
Java 8 Update 25
Java SE Development Kit 8 Update 20

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 kikoman51

kikoman51
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 15 April 2015 - 10:17 AM

Thanks a lot for your time! Do you have any antivirus programs that you recommend? Im using windows defender now after uninstalling vipre


Edited by kikoman51, 15 April 2015 - 10:19 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users