# sudden inability to connect



## Brigham (Aug 24, 2010)

I have, just this morning, discovered an inability to connect to the internet. On websites I get the message "Server not found" I can get the firefox start page and nothing else. On start up it takes a long time and the internet icon shows a yellow exclamation mark. I am writing this post on another computer, that is why no TSG SysInfo. I did get a warning that emsisoft was interfering with something (I don't know what) so I tried to delete it, but couldn't find it. I have just noticed that the firewall is turned off and won't turn on when I try to.


----------



## etaf (Oct 2, 2003)

> and the internet icon shows a yellow exclamation mark


if you click on the icon 
do you see any wireless networks



> On start up it takes a long time


 is this new

You may have a virus/malware - if the security suite cannot turn on

did you install emsisoft ?


----------



## Brigham (Aug 24, 2010)

Start up used to be very quick, now it is quite a bit longer. When I click on the connection icon. a yellow panel appears on the right of the screen. Three messages are listed. "View connection Settings" "No connections are available" and "Troubleshoot" I cant' try any of them, as the curser is the spinning circle. I think I must have installed Emsisoft Emergency Kit. I have just had my laptop(this machine) given a going over for viruses. See "remnants of a virus" In Malware section.


----------



## Cookiegal (Aug 27, 2003)

There was still a driver leftover from Emsisoft that may be interfering.

While Wayne is troubleshooting this with you John would you please run FRST64 and post the log here so I can take a look?


----------



## Brigham (Aug 24, 2010)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Brigham (administrator) on GEMINI on 08-04-2015 14:20:44
Running from C:\Users\Brigham\Desktop
Loaded Profiles: Brigham (Available profiles: Brigham)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Ruiware LLC) C:\Program Files (x86)\WinPatrol\WinPatrol\WinPatrol.exe
(Fujitsu Technology Solutions) C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WinPrivacy] => C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe [905560 2015-03-13] (WinPatrol)
HKLM-x32\...\Run: [DeskUpdateNotifier] => C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [101728 2013-12-11] (Fujitsu Technology Solutions)
HKU\S-1-5-21-3140029632-2552320932-1006077804-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-26] (SUPERAntiSpyware)
HKU\S-1-5-21-3140029632-2552320932-1006077804-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3140029632-2552320932-1006077804-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3140029632-2552320932-1006077804-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U218DHP&pc=U218
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-04] (Oracle Corporation)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Brigham\AppData\Roaming\Mozilla\Firefox\Profiles\qu6xg9d3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2011-05-17] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Brigham\AppData\Roaming\Mozilla\Firefox\Profiles\qu6xg9d3.default\Extensions\[email protected] [2015-02-03]
FF Extension: Adblock Plus - C:\Users\Brigham\AppData\Roaming\Mozilla\Firefox\Profiles\qu6xg9d3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected] [2014-09-03]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Brigham\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Brigham\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Brigham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1943832 2015-03-11] (IBM Corp.)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinPrivacySvc; C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe [453976 2015-03-13] (WinPatrol)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-06] (Emsisoft GmbH)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R1 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-02-18] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445816 2015-03-11] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [535576 2015-03-11] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [558872 2015-03-11] (IBM Corp.)
S3 rstescu; C:\Windows\system32\drivers\rstescu.sys [607256 2011-03-25] (Intel Corporation)
S3 rstescu1; C:\Windows\system32\drivers\rstescu1.sys [607256 2011-03-25] (Intel Corporation)
R0 rstfltr; C:\Windows\System32\drivers\rstfltr.sys [22552 2011-03-25] (Intel Corporation)
R1 ruinetf; C:\Windows\System32\drivers\ruinetf.sys [48408 2014-12-29] (Windows (R) Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 14:20 - 2015-04-08 14:21 - 00014786 _____ () C:\Users\Brigham\Desktop\FRST.txt
2015-04-08 11:21 - 2015-04-08 11:22 - 00509440 _____ (Tech Support Guy System) C:\Users\Brigham\Desktop\SysInfo.exe
2015-04-07 21:51 - 2015-04-07 21:51 - 02208768 _____ () C:\Users\Brigham\Desktop\adwcleaner_4.200(1).exe
2015-04-07 09:43 - 2015-04-07 09:43 - 00000854 _____ () C:\Windows\PFRO.log
2015-04-06 17:37 - 2015-04-08 14:20 - 00000000 ___DC () C:\FRST
2015-04-06 17:36 - 2015-04-06 17:36 - 02095616 _____ (Farbar) C:\Users\Brigham\Desktop\FRST64.exe
2015-04-06 15:45 - 2015-04-06 15:45 - 02208768 _____ () C:\Users\Brigham\Desktop\adwcleaner_4.200.exe
2015-04-06 15:29 - 2015-04-06 15:29 - 00000722 ____C () C:\look.txt
2015-04-06 11:01 - 2015-04-06 14:36 - 00000000 ___DC () C:\EEK
2015-04-04 21:48 - 2015-04-04 21:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 21:48 - 2015-04-04 21:48 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-31 11:41 - 2015-04-08 11:06 - 00001680 _____ () C:\Windows\setupact.log
2015-03-31 11:41 - 2015-03-31 11:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-31 11:40 - 2015-03-31 11:41 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-30 17:55 - 2015-03-30 17:55 - 00058408 _____ () C:\Users\Brigham\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-27 07:26 - 2015-04-02 21:34 - 00000000 ____D () C:\Users\Brigham\AppData\Roaming\WinPatrol
2015-03-27 07:26 - 2015-03-27 07:26 - 00000000 ____D () C:\Program Files (x86)\WinPatrol
2015-03-27 07:24 - 2015-03-27 08:03 - 00001035 _____ () C:\Users\Public\Desktop\WinPrivacy Explorer.lnk
2015-03-27 07:24 - 2015-03-27 08:02 - 00000000 ____D () C:\ProgramData\InstallMate
2015-03-27 07:24 - 2015-03-27 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-03-27 07:24 - 2015-03-27 07:24 - 00000000 ____D () C:\Users\Brigham\AppData\Local\WinPatrol
2015-03-27 07:24 - 2015-03-27 07:24 - 00000000 ____D () C:\ProgramData\WinPatrol
2015-03-27 07:24 - 2015-03-27 07:24 - 00000000 ____D () C:\Program Files\WinPatrol
2015-03-27 07:24 - 2015-03-27 07:24 - 00000000 ____D () C:\Program Files\Ruiware
2015-03-27 07:24 - 2014-12-29 18:30 - 00048408 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\ruinetf.sys
2015-03-25 13:04 - 2015-03-25 13:04 - 00001079 _____ () C:\Users\Brigham\Desktop\Secunia PSI.lnk
2015-03-25 11:13 - 2015-03-11 05:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 11:13 - 2015-03-11 05:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 11:13 - 2015-03-11 05:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 11:13 - 2015-03-11 05:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 11:13 - 2015-03-11 05:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 11:13 - 2015-03-11 05:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 11:13 - 2015-03-11 05:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 11:13 - 2015-03-11 05:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 15:11 - 2015-03-24 15:11 - 00001079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-03-23 16:59 - 2015-04-08 11:07 - 01079476 _____ () C:\Windows\WindowsUpdate.log
2015-03-22 16:16 - 2015-03-22 16:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-03-13 18:54 - 2015-03-13 18:54 - 00000222 _____ () C:\Users\Brigham\Desktop\Home Littlestone is a unique and atmospheric Championship Links Course laid out on the natural undulating links.URL
2015-03-13 11:50 - 2015-03-13 11:50 - 00000223 _____ () C:\Users\Brigham\Desktop\thesaurus.URL
2015-03-10 21:49 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 21:49 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 21:49 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 21:49 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 21:49 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-10 21:49 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-10 21:49 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-10 21:49 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-10 21:49 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 21:49 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-10 21:49 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 21:49 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-10 21:49 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 21:49 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-10 21:49 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-10 21:49 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-10 21:49 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-10 21:49 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 21:49 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 21:49 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 21:49 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 21:49 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-10 21:49 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 21:49 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-10 21:49 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 21:49 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 21:49 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 21:49 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 21:49 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 21:49 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 21:49 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 21:49 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 21:49 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 21:49 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-10 21:49 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-10 21:49 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-10 21:49 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-10 21:49 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-10 21:49 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-10 21:49 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-10 21:49 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 21:49 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 21:49 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 21:49 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 21:49 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 21:48 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 21:48 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 21:48 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 21:48 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 21:48 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 21:48 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 21:48 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 21:48 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 21:48 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 21:48 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 21:48 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 21:48 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 21:48 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 21:48 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 21:48 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 21:48 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 21:48 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 21:48 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 21:48 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 21:48 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 21:48 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 21:48 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 21:48 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 21:48 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 21:48 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 21:48 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 21:48 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 21:48 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 21:48 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 21:48 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 21:47 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 21:47 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 21:47 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 21:47 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 21:47 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 21:47 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 21:47 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 21:47 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 21:47 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 21:47 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 21:47 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 21:47 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 21:47 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 21:47 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 21:47 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 21:47 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 21:47 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 21:47 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 21:47 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 21:47 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 21:47 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 21:47 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 21:47 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 21:47 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 21:47 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 21:47 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 21:47 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 21:47 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 21:47 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 21:47 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 21:47 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 21:47 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 21:47 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 21:47 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 21:47 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 21:47 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 21:47 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 21:47 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 21:47 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 21:47 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 21:47 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 21:47 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 21:47 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 21:47 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 21:47 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 21:47 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 21:47 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 21:47 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 21:47 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 21:47 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 21:47 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 21:47 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 21:47 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 21:47 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 21:47 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 21:47 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 21:47 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 21:47 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 21:47 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 21:47 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 21:47 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 21:47 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 21:47 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 14:08 - 2012-07-10 23:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 13:35 - 2014-10-22 14:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-08 11:35 - 2014-10-22 14:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-08 11:11 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-08 11:11 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-08 11:10 - 2009-07-14 06:13 - 00782320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 11:07 - 2012-07-08 16:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-08 11:06 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-08 11:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-07 21:54 - 2015-03-01 23:31 - 00000000 ___DC () C:\AdwCleaner
2015-04-07 19:06 - 2013-09-22 15:30 - 00000000 ___RD () C:\Users\Brigham\Desktop\New folder
2015-04-07 09:43 - 2014-05-31 19:17 - 00000000 ____D () C:\Program Files (x86)\BlueSprig
2015-04-06 22:45 - 2014-03-29 20:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 20:37 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-04 19:05 - 2014-09-03 16:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 23:37 - 2014-10-22 14:05 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 23:37 - 2012-07-09 15:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-02 23:36 - 2012-07-09 15:14 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-03-30 22:22 - 2012-07-08 15:12 - 00000000 ____D () C:\Users\Brigham
2015-03-29 16:28 - 2013-09-05 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-03-27 23:09 - 2013-05-23 15:42 - 00000788 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-27 23:09 - 2013-05-23 15:42 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-25 11:43 - 2014-12-10 16:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 11:43 - 2014-05-06 20:32 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-24 15:11 - 2012-07-22 20:51 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-03-22 12:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-03-21 22:12 - 2010-11-21 08:16 - 00000000 ____D () C:\Windows\ShellNew
2015-03-21 17:58 - 2014-08-27 19:56 - 00000000 ____D () C:\Users\Brigham\AppData\Local\Adobe
2015-03-18 18:55 - 2012-07-08 21:15 - 00000000 ____D () C:\Windows\System32\Tasks\Fujitsu
2015-03-17 08:51 - 2012-07-10 23:02 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-17 08:51 - 2012-07-10 23:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-17 08:51 - 2012-07-10 23:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-14 22:23 - 2012-07-08 16:21 - 00759042 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-13 23:52 - 2014-10-22 12:57 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-12 20:22 - 2012-10-11 19:31 - 00000000 ____D () C:\Windows\rescache
2015-03-11 17:04 - 2013-09-05 10:14 - 00535576 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2015-03-11 12:26 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 12:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 12:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-10 23:59 - 2013-07-27 23:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-10 23:55 - 2012-07-08 16:36 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2013-04-22 15:11 - 2013-04-22 15:11 - 0000000 _____ () C:\Users\Brigham\AppData\Roaming\SharedSettings.ccs
2013-06-22 19:02 - 2013-06-22 19:02 - 0028160 ___SH () C:\Users\Brigham\AppData\Roaming\Thumbs.db
2012-07-22 19:53 - 2012-09-05 19:30 - 0019414 _____ () C:\Users\Brigham\AppData\Roaming\UserTile.png
2012-11-29 12:35 - 2012-12-05 19:51 - 0096638 _____ () C:\Users\Brigham\AppData\Local\ars.cache
2012-11-29 12:35 - 2012-12-05 20:13 - 11059049 _____ () C:\Users\Brigham\AppData\Local\census.cache
2012-11-29 12:28 - 2012-11-29 12:28 - 0000036 _____ () C:\Users\Brigham\AppData\Local\housecall.guid.cache
2012-07-26 19:51 - 2012-07-28 17:55 - 0007597 _____ () C:\Users\Brigham\AppData\Local\resmon.resmoncfg

Some content of TEMP:
====================
C:\Users\Brigham\AppData\Local\Temp\Quarantine.exe
C:\Users\Brigham\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-04 16:47

==================== End Of Log ============================


----------



## Brigham (Aug 24, 2010)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Brigham at 2015-04-08 14:21:29
Running from C:\Users\Brigham\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Bluetooth Feature Pack 5.0 (HKLM\...\{B2F4C332-2359-4ADE-AF0C-C631768BBB89}) (Version: 5.0.14 - CSR Plc.)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.15.0134 - Fujitsu Technology Solutions)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}) (Version: - )
Fujitsu Display Manager (Version: 7.01.00.210 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}) (Version: 3.60.1.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.60.1.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: - )
Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: - )
Fujitsu System Extension Utility (Version: 3.1.1.0 - FUJITSU LIMITED) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM-x32\...\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}) (Version: 6.0.3.2197 - Google)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java 7 Update 76 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LifeBook Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: - )
LifeBook Application Panel (Version: 8.1.0.0 - FUJITSU LIMITED) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 5.3.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 5.3.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}) (Version: - )
Power Saving Utility (Version: 31.01.11.013 - FUJITSU LIMITED) Hidden
Quick Bridge 3.1 (remove only) (HKLM-x32\...\Quick Bridge 3.1) (Version: - )
Rapport (x32 Version: 3.5.1404.84 - Trusteer) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
SystemDiagnostics (HKLM-x32\...\{80B0B731-5FAE-475D-8844-20F46373780D}) (Version: 3.02.0010 - Fujitsu Technology Solutions)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.84 - Trusteer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinPrivacy (HKLM-x32\...\{18605281-BFFE-4968-9B86-05322D5FBB33}) (Version: 2015.1.537.0 - WinPatrol)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

08-04-2015 10:45:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-10-09 12:58 - 00449910 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {193A109B-D8A2-4F44-ACB7-7EAB264F238D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3140029632-2552320932-1006077804-1000
Task: {217C811A-A5B0-4FBC-AD8E-A00BE65AA1B3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2CD54DA6-C261-40FC-8A0B-E450CADFBBFB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {2D7182E0-9873-4804-ADCD-C0C826955CA2} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMKJOJPMPMJJNMJMJJCNJMIMOMLMCNLMOMLJLJCNHMIMHMHMCNOJJMOJIMKJMMOJHMIMGMJMGMJNJICMIMCNGMCNLMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMJMLMPMJNHICMJJMJPINIAJJNBJCMFLAJHJBJPNNLOJNILIAJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFMPMJNFICMNIJJIIGJPIKJAJKILIBNKJHIKJ"
Task: {3ADE8A8E-FA7C-4EF8-B671-251B53CA6131} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {44457B73-889A-4C9E-BAD7-3D6C20252B56} - System32\Tasks\{B99CF00E-7933-4680-A5D3-45399B04FF8B} => pcalua.exe -a C:\Users\Brigham\Downloads\HijackThis.exe -d C:\Users\Brigham\Downloads
Task: {51A2D5FF-2B40-4E86-9F39-6EF1B615B8A1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {533EF92F-4AC2-41B3-BD0F-9D8319E705DC} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {634729C5-E574-4162-B52B-5939FEC1B131} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-17] (Adobe Systems Incorporated)
Task: {78514C36-A235-4CDB-A953-E78DB319742D} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files (x86)\BlueSprig\JetBoost\AutoUpdate.exe
Task: {9F29CC50-1F5F-447B-B953-020075749EF7} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2013-12-11] (Fujitsu Technology Solutions)
Task: {A36DC0E4-1B33-4372-964F-3A075502EBF9} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
Task: {ACBB039F-1820-4CCE-A3EB-91EFD7FC112C} - System32\Tasks\{E7CF86D0-8210-44FB-9E4C-85F29D347B76} => pcalua.exe -a C:\Windows\iun506.exe -c c:\bm2000demo\irunin.ini
Task: {B98141AC-4D9D-44A8-A80E-165C1BF2021B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {BA56916C-441D-4711-947A-55F02E8E0DF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {BCE620EA-8B89-4D3F-A1A3-C7A73A2B0369} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {E1EF09C1-0474-48B6-888B-E9A45A45A2E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {E6C3B5B2-60B1-419E-B2C9-0D72E5A63A82} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-27 07:24 - 2015-02-18 04:47 - 00482648 _____ () C:\Program Files\Ruiware\WinPrivacy\ProtocolFilters.DLL
2015-03-27 07:24 - 2015-02-18 04:47 - 00114008 _____ () C:\Program Files\Ruiware\WinPrivacy\nfapi.DLL
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-07 18:58 - 2013-11-07 18:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 18:58 - 2013-11-07 18:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 18:57 - 2013-11-07 18:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3140029632-2552320932-1006077804-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BthSyncServ => "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe"
MSCONFIG\startupreg: ConMgr => "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe"
MSCONFIG\startupreg: CSRSkype => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
MSCONFIG\startupreg: DeskUpdateNotifier => "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
MSCONFIG\startupreg: Driver Manager => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: FDM7 => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Brigham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndicatorUtility => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
MSCONFIG\startupreg: LoadBtnHnd => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
MSCONFIG\startupreg: LoadFUJ02E3 => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
MSCONFIG\startupreg: LoadFujitsuQuickTouch => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PfNet => "C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe" /r
MSCONFIG\startupreg: PSUTility => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Accounts: =============================

Administrator (S-1-5-21-3140029632-2552320932-1006077804-500 - Administrator - Disabled)
Brigham (S-1-5-21-3140029632-2552320932-1006077804-1000 - Administrator - Enabled) => C:\Users\Brigham
Guest (S-1-5-21-3140029632-2552320932-1006077804-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2015 10:04:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x726f7461
Faulting process id: 0xf88
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/31/2015 08:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x354
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/30/2015 00:26:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd9c
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/21/2015 05:28:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner.exe version 4.1.1.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7c4

Start Time: 01d063f3f4764236

Termination Time: 16

Application Path: C:\Users\Brigham\Desktop\AdwCleaner.exe

Report Id:

Error: (03/21/2015 03:05:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x9e8
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/20/2015 08:40:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xfac
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/20/2015 08:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSIA.exe, version: 3.0.0.10004, time stamp: 0x54784a82
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x036bb5a8
Faulting process id: 0x398
Faulting application start time: 0xPSIA.exe0
Faulting application path: PSIA.exe1
Faulting module path: PSIA.exe2
Report Id: PSIA.exe3

Error: (03/20/2015 02:24:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/19/2015 08:30:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/18/2015 03:39:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (04/08/2015 11:16:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5

Error: (04/08/2015 11:16:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5

Error: (04/07/2015 10:04:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (04/07/2015 09:54:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/07/2015 09:54:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/07/2015 09:54:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/07/2015 09:54:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/07/2015 09:54:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WinPrivacySvc service terminated unexpectedly. It has done this 1 time(s).

Error: (04/07/2015 09:54:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Feature Support service terminated unexpectedly. It has done this 1 time(s).

Error: (04/07/2015 09:54:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PowerSavingUtilityService service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (04/07/2015 10:04:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005726f7461f8801d07175aa0a652aC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown9dde3974-dd69-11e4-9d55-e0ca94754d19

Error: (03/31/2015 08:54:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c00000050000000035401d06bebe183f483C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknownb13950a1-d7df-11e4-9faf-e0ca94754d19

Error: (03/30/2015 00:26:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c000000500000000d9c01d06adb974a552fC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown8b537770-d6cf-11e4-a0d7-e0ca94754d19

Error: (03/21/2015 05:28:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AdwCleaner.exe4.1.1.27c401d063f3f476423616C:\Users\Brigham\Desktop\AdwCleaner.exe

Error: (03/21/2015 03:05:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005000000009e801d063df8b78e61dC:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown62ab4a72-cfd3-11e4-965a-e0ca94754d19

Error: (03/20/2015 08:40:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c000000500000000fac01d06344f9e8c5f2C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknownee212a60-cf38-11e4-9312-e0ca94754d19

Error: (03/20/2015 08:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.1000454784a82unknown0.0.0.000000000c0000005036bb5a839801d063417d2414c9C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown72b1b765-cf35-11e4-9312-e0ca94754d19

Error: (03/20/2015 02:24:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/19/2015 08:30:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/18/2015 03:39:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

CodeIntegrity Errors:
===================================
Date: 2014-05-20 22:52:07.665
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-20 22:52:07.571
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-10 12:28:13.051
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-10 12:28:12.989
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-25 19:24:30.104
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-25 19:24:30.057
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-25 19:24:29.995
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-25 19:24:29.948
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-25 19:01:52.232
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-25 19:01:52.185
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 42%
Total physical RAM: 3892.55 MB
Available physical RAM: 2224.56 MB
Total Pagefile: 7783.3 MB
Available Pagefile: 5998.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:50 GB) (Free:11.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:246.09 GB) (Free:14.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B477DB1C)
Partition 1: (Active) - (Size=2 GB) - (Type=27)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=246.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 5829B9A3)

==================== End Of Log ============================


----------



## Brigham (Aug 24, 2010)

I sent them separately. Hello Cookiegal long time no see!!


----------



## etaf (Oct 2, 2003)

based on post #3 - i would have suggested posting in the virus forum, so i will leave with Cookiegal and the log


----------



## Cookiegal (Aug 27, 2003)

This is the driver I'm referring to:

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-06] (Emsisoft GmbH)

Do you still have Emsisoft Emergency Kit on your desktop or did you delete it?

Once I hear back from you I'll prepare a fix to run to remove that driver as well as the Emsisoft folder.


----------



## Cookiegal (Aug 27, 2003)

Brigham said:


> I sent them separately. Hello Cookiegal long time no see!!


Yeah, we need to stop meeting like this.


----------



## Brigham (Aug 24, 2010)

I deleted it.


----------



## Cookiegal (Aug 27, 2003)

OK.

Please remove any fixlist.txt file that you had previously downloaded to your desktop (you may not see the .txt file extension if they are hidden so it will just look like fixlist) before proceeding.

\Please download the attached *fixlist.txt* file and save it where you saved FRST (which should be the desktop).

*NOTE:* It's important that both files, *FRST64* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST64* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## Brigham (Aug 24, 2010)

I am doing all this on the machine that you fixed for me. I can't get on to the machine that has the problem.That machine doesn't have FRST at all.


----------



## Cookiegal (Aug 27, 2003)

Whoops. I thought you were talking about the same machine that you're having connectivity issues with? No?


----------



## Brigham (Aug 24, 2010)

My fault, I did explain in my first post but that was before you got involved. Sorry about that.


----------



## Cookiegal (Aug 27, 2003)

I apologize for misreading. It was clearer in your post no. 3. 

However, you can transfer FRST64 (assuming the problem machine is 64-bit as well) to the other machine using a flash drive, run it and then transfer the log back to the machine that's working.


----------



## Brigham (Aug 24, 2010)

I have a "sandisk" will that do? I've never done this before, so, if the sandisk is ok, could you talk me through it?


----------



## Brigham (Aug 24, 2010)

I have managed to get into the system information. One thing concerns me is "system directory C:windows\system32" does this mean the fixes won't work?


----------



## Cookiegal (Aug 27, 2003)

Brigham said:


> I have managed to get into the system information. One thing concerns me is "system directory C:windows\system32" does this mean the fixes won't work?


I assume you meant "C:\windows\system32"? You were missing the backslash between : and windows. This is normal even on a 64-bit machine.

What type of drive is the Sandisk?


----------



## Brigham (Aug 24, 2010)

On the back is says Cruzer Force 32Gb, and it is a usb connection. It was sold to me as a flash drive.


----------



## Cookiegal (Aug 27, 2003)

Yes, that should do nicely.

Insert it into the Windows 7 machine then you can right-click FRST64 (assuming the Windows 8 machine is 64-bit) and select copy.

Then open the Sandisk drive through My Computer and you should see your primary C drive and also the Sandisk with a different drive letter. Double-click the SanDisk drive to open it then right-click anywhere and select "new" and then "folder" to create a new folder (give it a name). You will drop FRST64 into this new folder so there's no danger of overwriting anything that's already on the drive.

So open the new folder that you just created which will be empty and then right-click and select "paste" and FRST64 will be copied there. 

Now right-click the safely remove hardware icon in the taskbar and select the option to eject the SanDisk and once it says you can safely do so remove it and then insert it into the "sick" Windows 8 machine. Open it on that machine through ThisPC and open the folder and you can then drag FRST64 from the SanDisk over to your desktop and release it there.

Double-click FRST64 on the desktop of the sick machine to run it and use the same method to either copy or drag the logs from the desktop of the sick machine over to the SanDisk. Again, use the safely remove hardware wizard to eject the SanDisk and then insert it back into the Windows 7 machine. You can just open the logs directly from the SanDisk and copy/paste them here.


----------



## Brigham (Aug 24, 2010)

I have no "My computer" "computer" takes me to "devices with removable Storage" all there is there is "DVD RW Drive (E) As the SanDisk is not there would the DVD do instead? Oh I have only got CD's Will they do?


----------



## Brigham (Aug 24, 2010)

I have started with the CD and it is Formatting so it tells me. I will try to follow your instructions using the CD instead of the SanDisk. If this is likely to cause harm just tell me to stop.


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but I don't have a Windows 7 machine so I'm only going by what I find on Google.

This might help:

http://kb.sandisk.com/app/answers/detail/a_id/104/~/transferring-files-onto-a-usb-flash-drive

Are you sure you inserted the flash drive into a USB port first? If so and it still doesn't appear then try a different port please.


----------



## Brigham (Aug 24, 2010)

The formatting is going to take a long time so it tells me. I don't know why the Sandisk didn't appear among the storage item place. Tomorrow I will try to buy a flash drive.


----------



## Cookiegal (Aug 27, 2003)

You shouldn't need to format a CD.


----------



## Cookiegal (Aug 27, 2003)

Did you select the option to format? I'm confused as to what is being formatted, hopefully not your C drive.


----------



## Brigham (Aug 24, 2010)

I have tried the CD but it didn't work. That was the disc that windows tried to format and failed. I have tried the SanDisk in two other ports all to no avail. I'll have another go tomorrow by buying a flash drive. Any advise on that?


----------



## Cookiegal (Aug 27, 2003)

Hardware is not my strong suit but I may have some advice.

First, are you doing regular backups to some external media?

Is that what you use the SanDisk for?

If not then I would recommend that you buy a good quality (like Western Digital) external 1 or 2 TB hard drive that you can use for backups.


----------



## Cookiegal (Aug 27, 2003)

Here's a good choice:

http://www.newegg.com/Product/Product.aspx?Item=9SIA4P01ZC9807


----------



## Brigham (Aug 24, 2010)

Can the hard drive do what the flash drive will in this case, or do I need to get the flash drive separately?


----------



## Cookiegal (Aug 27, 2003)

Yes, the external hard drive can do the same that a flash drive can do.

BTW, Happy Birthday.


----------



## Brigham (Aug 24, 2010)

OK. I'll see what's available tomorrow. Thanks for the birthday greetings. I have been trying to forget them for many years, but it is nice to get them.


----------



## Cookiegal (Aug 27, 2003)

Brigham said:


> OK. I'll see what's available tomorrow. Thanks for the birthday greetings. *I have been trying to forget them for many years*, but it is nice to get them.


Yeah, I know the feeling.


----------



## Brigham (Aug 24, 2010)

Cookiegal 
I got up in the middle of the night with an idea. (don't groan). I tried the "one key recovery" I think it's like the recovery to an earlier time on other OS's. I have managed to get on to the internet, with a fair amount of data loss, but I have downloaded the FRST and ran it. Unfortunately the two notepad results have disappeared. That is because I don't know how to get them on the desktop, and I don't want to fiddle about without your advise, in case I do something which would undo what I have done.
All I am doing is allowing windows updates to install. I normally use firefox as my browser, but I have not downloaded it until you have seen the scan logs, as this was the first thing I noticed "non responding"


----------



## Brigham (Aug 24, 2010)

I have downloaded and ran the FRST. I have got the results (2) on notepads. They are all in the task bar at the bottom of the desktop screen. I don't know how to get them onto the desktop itself. I cannot send you the results as I can't get them in to explorer which is also on the same task bar. This win 8 is very different from its predecessors.


----------



## Cookiegal (Aug 27, 2003)

I'm using Classic Shell so my Windows 8 doesn't look anything like yours. If you double-click those report .txt files do they not open in Notepad?


----------



## Brigham (Aug 24, 2010)

Yes they do open, and I can get then on the desktop, but what do I do then? I have them open in front of me, but what now?


----------



## Cookiegal (Aug 27, 2003)

Copy and paste their contents here please.


----------



## Brigham (Aug 24, 2010)

Cookiegal said:


> Copy and paste their contents here please.


I can't do that. I have no browser on the desktop. This is the machine I can now get into. I could do it on the machine on which I am typing. The machine that is faulty is the win 8 that has the problems. Although I am able to do certain things on it, I need to be able to contact you from the desktop.

IGNORE THIS.


----------



## Brigham (Aug 24, 2010)

IScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Brigham (administrator) on LENOVO-P on 09-04-2015 15:21:17
Running from C:\Users\Brigham\AppData\Local\Microsoft\Windows\INetCache\IE\KHOGDE38
Loaded Profiles: Brigham (Available profiles: Brigham)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
() C:\Windows\jmesoft\Service.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUicnt.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Farbar) C:\Users\Brigham\AppData\Local\Microsoft\Windows\INetCache\IE\KHOGDE38\FRST64 (1).exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1360600 2013-10-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-07-24] (McAfee, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FamilySafetyGuide.lnk
ShortcutTarget: FamilySafetyGuide.lnk -> C:\Program Files\lenovo\LenovoFamilySecurity\LenovoFamilySecurity.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1638164624-1541004899-62986585-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1638164624-1541004899-62986585-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1638164624-1541004899-62986585-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-1638164624-1541004899-62986585-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1638164624-1541004899-62986585-1002 -> DefaultScope {D3552B32-1444-4146-9193-07A39A7D901B} URL = 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2013-07-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2013-07-24] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2013-07-24] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2013-07-24] ()
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-08-18] (Nitro PDF)
FF Plugin HKU\S-1-5-21-1638164624-1541004899-62986585-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-1638164624-1541004899-62986585-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-03-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-26] ()
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [84280 2013-08-19] (Maxthon)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [175464 2013-07-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-07-06] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-10-31] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-09-30] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-08-18] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [390680 2013-10-31] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95856 2013-10-31] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [15872 2013-04-23] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-09 15:16 - 2015-04-09 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-04-09 14:33 - 2015-04-09 14:43 - 00000000 ___DC () C:\Users\Brigham\AppData\Local\MigWiz
2015-04-09 14:18 - 2015-04-09 14:18 - 00000000 ____D () C:\Users\Brigham\Desktop\New folder
2015-04-09 11:42 - 2015-04-09 11:46 - 00000000 ____D () C:\windows\system32\MRT
2015-04-09 11:42 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-09 10:55 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2015-04-09 10:55 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\windows\system32\mfsvr.dll
2015-04-09 10:55 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-04-09 10:55 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2015-04-09 10:55 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncHost.exe
2015-04-09 10:55 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncCore.dll
2015-04-09 10:55 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2015-04-09 10:55 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2015-04-09 10:54 - 2014-01-08 02:46 - 00325464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-04-09 10:54 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2015-04-09 10:54 - 2014-01-04 16:54 - 00138240 _____ () C:\windows\system32\OEMLicense.dll
2015-04-09 10:54 - 2014-01-04 16:08 - 00103936 _____ () C:\windows\SysWOW64\OEMLicense.dll
2015-04-09 10:54 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2015-04-09 10:54 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2015-04-09 10:54 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2015-04-09 10:54 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2015-04-09 10:54 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-09 10:54 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-09 10:54 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfsvr.dll
2015-04-09 10:54 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2015-04-09 10:54 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\sti.dll
2015-04-09 10:54 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
2015-04-09 10:54 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\sti.dll
2015-04-09 10:54 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2015-04-09 10:54 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\windows\system32\ReAgent.dll
2015-04-09 10:54 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2015-04-09 10:54 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.dll
2015-04-09 10:54 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsSpellCheckingFacility.dll
2015-04-09 10:54 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncHost.exe
2015-04-09 10:54 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncCore.dll
2015-04-09 10:54 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\windows\system32\pnrpsvc.dll
2015-04-09 10:54 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2015-04-09 10:54 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\windows\system32\easinvoker.exe
2015-04-09 10:54 - 2013-12-13 08:24 - 00121088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2015-04-09 10:54 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\windows\system32\easwrt.dll
2015-04-09 10:54 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\windows\SysWOW64\easwrt.dll
2015-04-09 10:54 - 2013-11-04 12:50 - 02143744 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-04-09 10:54 - 2013-11-04 02:30 - 01765376 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-04-09 10:54 - 2013-10-05 15:21 - 02140888 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2015-04-09 10:54 - 2013-10-05 15:21 - 00516496 _____ (Microsoft Corporation) C:\windows\system32\dxgi.dll
2015-04-09 10:54 - 2013-10-05 13:05 - 01765384 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2015-04-09 10:54 - 2013-10-05 13:05 - 00406400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxgi.dll
2015-04-09 10:53 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-04-09 10:53 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-04-09 10:53 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2015-04-09 10:53 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2015-04-09 10:52 - 2014-05-08 08:14 - 23134208 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-09 10:52 - 2014-05-08 06:52 - 17073152 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-09 10:52 - 2014-05-08 05:57 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-09 10:52 - 2014-05-08 05:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-09 10:52 - 2013-12-11 08:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winbici.dll
2015-04-09 10:52 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2015-04-09 10:52 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\WSCollect.exe
2015-04-09 10:52 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-09 10:52 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-09 10:52 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-04-09 10:52 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-04-09 10:52 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2015-04-09 10:52 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2015-04-09 10:51 - 2014-01-31 17:15 - 00311640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2015-04-09 10:51 - 2014-01-31 17:07 - 00233920 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-04-09 10:51 - 2014-01-31 17:06 - 02133208 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2015-04-09 10:51 - 2014-01-31 14:47 - 02143960 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2015-04-09 10:51 - 2014-01-31 10:06 - 00716288 _____ (Microsoft Corporation) C:\windows\system32\swprv.dll
2015-04-09 10:51 - 2014-01-29 09:53 - 00458616 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-04-09 10:51 - 2014-01-29 09:53 - 00407024 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-04-09 10:51 - 2014-01-29 09:49 - 01928144 _____ (Microsoft Corporation) C:\windows\system32\combase.dll
2015-04-09 10:51 - 2014-01-29 09:47 - 02543960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-04-09 10:51 - 2014-01-29 08:44 - 01371824 _____ (Microsoft Corporation) C:\windows\SysWOW64\combase.dll
2015-04-09 10:51 - 2014-01-29 08:44 - 00408480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-04-09 10:51 - 2014-01-29 08:44 - 00369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-04-09 10:51 - 2014-01-29 07:41 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpencom.dll
2015-04-09 10:51 - 2014-01-29 01:36 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\rdpencom.dll
2015-04-09 10:51 - 2014-01-27 20:07 - 04175360 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2015-04-09 10:51 - 2014-01-27 20:06 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-04-09 10:51 - 2014-01-27 20:04 - 00160256 _____ (Microsoft Corporation) C:\windows\system32\DWWIN.EXE
2015-04-09 10:51 - 2014-01-27 19:23 - 02873344 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2015-04-09 10:51 - 2014-01-27 19:21 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-04-09 10:51 - 2014-01-27 19:20 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWWIN.EXE
2015-04-09 10:51 - 2014-01-27 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-04-09 10:51 - 2014-01-27 18:43 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-04-09 10:51 - 2014-01-27 18:18 - 01486848 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
2015-04-09 10:51 - 2014-01-27 18:00 - 01238016 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
2015-04-09 10:51 - 2014-01-27 16:58 - 05770752 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-04-09 10:51 - 2014-01-27 16:50 - 06640640 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-04-09 10:51 - 2014-01-27 12:45 - 00386722 _____ () C:\windows\system32\ApnDatabase.xml
2015-04-09 10:51 - 2014-01-18 00:04 - 00764864 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2015-04-09 10:51 - 2014-01-17 22:54 - 00669352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2015-04-09 10:51 - 2013-12-21 15:51 - 06353960 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2015-04-09 10:51 - 2013-12-21 09:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\sppcomapi.dll
2015-04-09 10:51 - 2013-10-31 01:29 - 00236888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-04-09 10:51 - 2013-10-31 01:29 - 00124760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-04-09 10:51 - 2013-10-31 01:28 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-04-09 10:49 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\windows\system32\mispace.dll
2015-04-09 10:49 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\windows\SysWOW64\mispace.dll
2015-04-09 10:49 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-04-09 10:49 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2015-04-09 10:49 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2015-04-09 10:49 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2015-04-09 10:49 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipnat.sys
2015-04-09 10:49 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2015-04-09 10:49 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2015-04-09 10:49 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2015-04-09 10:49 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2015-04-09 10:49 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\Windows.Graphics.dll
2015-04-09 10:49 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2015-04-09 10:49 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Graphics.dll
2015-04-09 10:49 - 2013-11-27 09:20 - 04106240 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll
2015-04-09 10:49 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2015-04-09 10:49 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2015-04-09 10:49 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
2015-04-09 10:49 - 2013-11-25 02:45 - 00142680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2015-04-09 10:49 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-04-09 10:49 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2015-04-09 10:49 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2015-04-09 10:49 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\windows\system32\ploptin.dll
2015-04-09 10:49 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\bi.dll
2015-04-09 10:49 - 2013-11-23 08:13 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BtaMPM.sys
2015-04-09 10:49 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-04-09 10:49 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2015-04-09 10:49 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-04-09 10:49 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-04-09 10:49 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\deviceregistration.dll
2015-04-09 10:49 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-09 10:49 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2015-04-09 10:49 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2015-04-09 10:49 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-04-09 10:49 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-04-09 10:49 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-04-09 10:49 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-04-09 10:47 - 2014-04-19 12:15 - 21186352 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-04-09 10:47 - 2014-04-19 07:49 - 18644072 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-04-09 10:47 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-09 10:47 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-09 10:46 - 2014-02-11 04:04 - 04189184 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-04-09 10:46 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\pcaui.exe
2015-04-09 10:46 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\pcaui.exe
2015-04-09 10:46 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-09 10:46 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-09 10:46 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-04-09 10:46 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2015-04-09 10:45 - 2014-02-11 03:43 - 00488448 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2015-04-09 10:45 - 2014-02-11 03:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2015-04-09 10:45 - 2013-11-08 11:26 - 00358896 _____ (Microsoft Corporation) C:\windows\system32\dcomp.dll
2015-04-09 10:45 - 2013-11-05 14:17 - 00565248 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe
2015-04-09 10:45 - 2013-11-04 11:32 - 02570240 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2015-04-09 10:45 - 2013-11-01 07:08 - 00747008 _____ (Microsoft Corporation) C:\windows\system32\wlidcli.dll
2015-04-09 10:45 - 2013-10-31 01:42 - 07399256 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-09 10:45 - 2013-10-17 12:21 - 02896896 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-04-09 10:44 - 2013-11-11 03:48 - 00039768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys
2015-04-09 10:44 - 2013-11-09 07:37 - 01756160 _____ (Microsoft Corporation) C:\windows\system32\WMPDMC.exe
2015-04-09 10:44 - 2013-11-09 06:56 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPDMC.exe
2015-04-09 10:44 - 2013-11-08 05:43 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentClient.dll
2015-04-09 10:44 - 2013-11-08 05:16 - 00225792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dcomp.dll
2015-04-09 10:44 - 2013-11-08 05:15 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppXDeploymentClient.dll
2015-04-09 10:44 - 2013-11-08 04:41 - 01302528 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2015-04-09 10:44 - 2013-11-08 04:14 - 00922624 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2015-04-09 10:44 - 2013-11-05 15:19 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wpncore.dll
2015-04-09 10:44 - 2013-11-04 14:07 - 01843712 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
2015-04-09 10:44 - 2013-11-04 03:28 - 01816576 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
2015-04-09 10:44 - 2013-11-01 12:39 - 00086872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2015-04-09 10:44 - 2013-11-01 06:57 - 00544768 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlidcli.dll
2015-04-09 10:44 - 2013-10-31 01:58 - 00372568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2015-04-09 10:44 - 2013-10-26 02:54 - 00146776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\SerCx2.sys
2015-04-09 10:44 - 2013-10-24 10:31 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\CredentialMigrationHandler.dll
2015-04-09 10:44 - 2013-10-24 10:12 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\CredentialMigrationHandler.dll
2015-04-09 10:44 - 2013-10-17 11:36 - 02266624 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-04-09 10:42 - 2014-03-10 11:35 - 02008408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-04-09 10:42 - 2014-03-10 11:35 - 00377176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2015-04-09 10:42 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2015-04-09 10:42 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2015-04-09 10:41 - 2014-03-06 10:19 - 01287576 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-09 10:41 - 2014-03-06 10:02 - 01109424 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-09 10:41 - 2014-03-06 07:17 - 00835584 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-09 10:41 - 2014-03-06 07:10 - 01036288 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-09 10:41 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-09 10:41 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-09 10:41 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-09 10:41 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-09 10:41 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-09 10:41 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-09 10:41 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-09 10:41 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-09 10:41 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-09 10:41 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-09 10:41 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-09 10:41 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-09 10:41 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-09 10:41 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-09 10:41 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-09 10:41 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-09 10:41 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-09 10:41 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-09 10:41 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-09 10:41 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-09 10:41 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-09 10:41 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-09 10:41 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-09 10:41 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-09 10:41 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-09 10:41 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-04-09 10:41 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-09 10:41 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-09 10:41 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-09 10:41 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-09 10:41 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-04-09 10:41 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-09 10:41 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-09 10:41 - 2013-12-20 11:18 - 01643584 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-04-09 10:41 - 2013-12-20 11:18 - 01507704 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-04-09 10:41 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-04-09 10:41 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-04-09 10:41 - 2013-10-31 01:33 - 01476184 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-04-09 10:41 - 2013-10-31 01:33 - 01345536 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-04-09 10:40 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\windows\system32\propsys.dll
2015-04-09 10:40 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\windows\SysWOW64\propsys.dll
2015-04-09 10:40 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2015-04-09 10:40 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2015-04-09 10:40 - 2014-01-04 15:03 - 00919040 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll
2015-04-09 10:40 - 2014-01-04 14:47 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll
2015-04-09 10:40 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\windows\system32\SearchFolder.dll
2015-04-09 10:40 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Search.dll
2015-04-09 10:40 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFolder.dll
2015-04-09 10:40 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Search.dll
2015-04-09 10:40 - 2013-12-21 03:10 - 00009701 _____ () C:\windows\SysWOW64\connectedsearch-results.searchconnector-ms
2015-04-09 10:40 - 2013-12-21 03:10 - 00009701 _____ () C:\windows\system32\connectedsearch-results.searchconnector-ms
2015-04-09 10:39 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\windows\system32\uDWM.dll
2015-04-09 10:38 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\windows\system32\mdmregistration.dll
2015-04-09 10:37 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\MDMAgent.exe
2015-04-09 10:37 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\windows\SysWOW64\mdmregistration.dll
2015-04-09 10:36 - 2015-04-09 10:36 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-09 10:36 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-04-09 10:36 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-04-09 10:22 - 2015-04-09 10:22 - 00000000 ____D () C:\Users\Brigham\AppData\Local\LSC
2015-04-09 10:22 - 2015-04-09 10:22 - 00000000 ____D () C:\Users\Brigham\AppData\Local\Adobe
2015-04-09 10:21 - 2015-04-09 10:21 - 00000000 ____D () C:\Users\Brigham\AppData\Roaming\LSC
2015-04-09 10:13 - 2015-04-09 15:21 - 00000000 ____D () C:\FRST
2015-04-09 10:09 - 2015-04-09 15:12 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{FADCDAB8-CABC-454E-A3E2-4DE8A29AA7CF}
2015-04-09 10:02 - 2015-04-09 15:18 - 00003594 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1638164624-1541004899-62986585-1002
2015-04-09 10:02 - 2015-04-09 10:02 - 02356592 _____ (Microsoft Corporation) C:\windows\system32\WudfUpdate_01011.dll
2015-04-09 09:58 - 2015-04-09 10:05 - 00000000 ____D () C:\Users\Brigham\AppData\Local\Lenovo
2015-04-09 09:58 - 2015-04-09 09:58 - 00000000 ____D () C:\Users\Brigham\AppData\Roaming\ATI
2015-04-09 09:58 - 2015-04-09 09:58 - 00000000 ____D () C:\Users\Brigham\AppData\Local\Power2Go
2015-04-09 09:58 - 2015-04-09 09:58 - 00000000 ____D () C:\Users\Brigham\AppData\Local\ATI
2015-04-09 09:58 - 2015-04-09 09:58 - 00000000 ____D () C:\Users\Brigham\AppData\Local\AMD
2015-04-09 09:57 - 2015-04-09 10:21 - 00000000 ____D () C:\Users\Brigham\AppData\Roaming\Adobe
2015-04-09 09:57 - 2015-04-09 09:57 - 00001453 _____ () C:\Users\Brigham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-09 09:57 - 2015-04-09 09:57 - 00000193 _____ () C:\Users\Brigham\AppData\Local\RegisteredPackageInformation.xml
2015-04-09 09:57 - 2015-04-09 09:57 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-04-09 09:57 - 2015-04-09 09:57 - 00000000 ____D () C:\Users\Brigham\AppData\Roaming\Lenovo
2015-04-09 09:57 - 2015-04-09 09:57 - 00000000 ____D () C:\Users\Brigham\AppData\Local\VirtualStore
2015-04-09 09:56 - 2015-04-09 15:23 - 00000000 ____D () C:\Users\Brigham\AppData\Local\Packages
2015-04-09 09:56 - 2015-04-09 09:57 - 00000000 ____D () C:\Users\Brigham
2015-04-09 09:56 - 2015-04-09 09:56 - 00000139 _____ () C:\Users\Public\Desktop\eBay.url
2015-04-09 09:56 - 2015-04-09 09:56 - 00000020 ___SH () C:\Users\Brigham\ntuser.ini
2015-04-09 09:56 - 2015-04-09 09:56 - 00000000 ____D () C:\ProgramData\eBay
2015-04-09 09:56 - 2014-03-19 01:56 - 00000000 ____D () C:\Users\Brigham\AppData\Roaming\Macromedia
2015-04-09 09:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Brigham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-09 09:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Brigham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-09 09:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Brigham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-09 09:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Brigham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-09 17:48 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache
2015-04-09 15:21 - 2014-03-19 00:59 - 01342023 _____ () C:\windows\WindowsUpdate.log
2015-04-09 15:16 - 2014-03-19 01:40 - 00001871 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-04-09 15:14 - 2013-08-31 16:40 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-09 15:12 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF
2015-04-09 15:08 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-09 15:08 - 2013-08-22 15:44 - 00344624 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-09 15:07 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-04-09 15:06 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-09 15:06 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-09 15:06 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\WinStore
2015-04-09 15:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-09 15:06 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-09 15:06 - 2013-08-22 14:36 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-04-09 15:06 - 2013-08-22 14:36 - 00000000 ____D () C:\windows\system32\Dism
2015-04-09 15:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\windows\ToastData
2015-04-09 15:05 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2015-04-09 15:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-09 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-04-09 14:57 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-04-09 11:47 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-04-09 11:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-04-09 11:28 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\MediaViewer
2015-04-09 11:28 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\FileManager
2015-04-09 11:28 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\Camera
2015-04-09 11:06 - 2014-03-19 01:38 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-09 11:05 - 2014-03-19 01:07 - 00000000 ____D () C:\windows\System32\Tasks\Lenovo
2015-04-09 10:59 - 2014-03-19 01:38 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-04-09 10:59 - 2013-08-31 16:36 - 00002536 _____ () C:\windows\PFRO.log
2015-04-09 10:55 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\restore
2015-04-09 10:36 - 2013-08-22 15:46 - 00016026 _____ () C:\windows\setupact.log
2015-04-09 10:06 - 2014-03-19 01:07 - 00000000 ____D () C:\ProgramData\Lenovo
2015-04-09 10:04 - 2014-03-19 01:40 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-04-09 10:02 - 2014-03-19 01:07 - 00000000 ____D () C:\Program Files\lenovo
2015-04-09 09:56 - 2014-03-19 03:05 - 00057588 _____ () C:\windows\modules.log
==================== Files in the root of some directories =======
2015-04-09 09:57 - 2015-04-09 09:57 - 0000193 _____ () C:\Users\Brigham\AppData\Local\RegisteredPackageInformation.xml
2014-03-19 01:04 - 2014-03-19 01:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Brigham\AppData\Local\Temp\Lenovo.TVT.CustomerFeedback.Agent.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2013-08-31 16:36
==================== End Of Log ============================


----------



## Brigham (Aug 24, 2010)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Brigham at 2015-04-09 15:28:18
Running from C:\Users\Brigham\AppData\Local\Microsoft\Windows\INetCache\IE\KHOGDE38
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{C8DFFDE4-58AF-D12B-202E-BDCD255289BF}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dependency Package Update (Version: 1.6.30.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0711 - lenovo)
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.18 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.3.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.2.4000 - Maxthon International Limited)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 12.8.412 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{392C767D-4EE2-49B5-A3B4-A4C3AB6DC145}) (Version: 8.5.7.1 - Nitro)
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0227 - REALTEK Semiconductor Corp.)
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1638164624-1541004899-62986585-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-1638164624-1541004899-62986585-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
==================== Restore Points =========================
09-04-2015 10:55:39 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {359DC3A0-DB7D-4168-89BD-E6F2D26FE084} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-26] ()
Task: {4C1975C0-C678-4DAC-A275-804DA51423F8} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)
Task: {5375AE69-3E88-4737-B7E6-19E7FDE3AC2A} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {567FDC63-FB08-439F-BE1C-F0EC713EA7B8} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-08-01] (Maxthon International ltd.)
Task: {68FE1F1E-EA76-4604-8EB6-4C97151CB28D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-26] (Lenovo)
Task: {93D6AEC8-94D5-4EC0-8683-8B986BC93AC1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-03-06] (Lenovo)
Task: {9FFA6323-BB98-4F80-A048-E4173EB0AAED} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
Task: {CC50D485-C4EB-4857-9B3A-9343F8AC736A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {DC6A2E4E-51BC-4DCB-9429-CCA041535F69} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-26] (Lenovo)
==================== Loaded Modules (whitelisted) ==============
2013-08-22 09:38 - 2013-08-22 09:38 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-03-19 01:04 - 2011-08-17 04:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-03-19 01:47 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-09-09 21:13 - 2013-09-09 21:13 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-03-19 01:04 - 2011-08-17 04:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2013-08-22 09:38 - 2013-08-22 09:38 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-19 01:04 - 2011-05-17 21:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-05 00:59 - 2009-12-05 00:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 01:04 - 2009-12-05 01:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1638164624-1541004899-62986585-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.1.254
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== Accounts: =============================
Administrator (S-1-5-21-1638164624-1541004899-62986585-500 - Administrator - Disabled)
Brigham (S-1-5-21-1638164624-1541004899-62986585-1002 - Administrator - Enabled) => C:\Users\Brigham
Guest (S-1-5-21-1638164624-1541004899-62986585-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1638164624-1541004899-62986585-1004 - Limited - Enabled)
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/09/2015 03:16:09 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Lenovo-P)
Description: Application or service 'Lenovo System Agent Service' could not be restarted.
Error: (04/09/2015 03:16:07 PM) (Source: MsiInstaller) (EventID: 11316) (User: Lenovo-P)
Description: Product: Dependency Package Update -- Error 1316. A network error occurred while attempting to read from the file C:\Program Files\Lenovo\iMController\PluginUpdates\LenSysAgntSvc.msi
Error: (04/09/2015 11:22:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 10fc
Start Time: 01d072ae9bf67428
Termination Time: 312
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 3e2a6b4d-dea2-11e4-8257-0025ab549d71
Faulting package full name: 
Faulting package-relative application ID:
Error: (04/09/2015 10:45:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 724
Start Time: 01d072a8d56cd099
Termination Time: 4294967295
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id: 203f03cd-de9c-11e4-8256-0025ab549d71
Faulting package full name: 
Faulting package-relative application ID:
Error: (04/09/2015 10:38:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Lenovo-P)
Description: App DefaultBrowser_NOPUBLISHERID+Microsoft.InternetExplorer.Default did not launch within its allotted time.
Error: (04/09/2015 10:09:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 934
Start Time: 01d072a4d2ffcc03
Termination Time: 124
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 1905dd7a-de98-11e4-8256-0025ab549d71
Faulting package full name: 
Faulting package-relative application ID:
Error: (04/09/2015 10:07:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-P)
Description: Activation of app Microsoft.XboxLIVEGames_8wekyb3d8bbwe!Microsoft.XboxLIVEGames failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (04/09/2015 10:05:34 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Lenovo-P)
Description: Application or service 'Lenovo System Agent Service' could not be restarted.
Error: (04/09/2015 10:05:33 AM) (Source: MsiInstaller) (EventID: 11316) (User: Lenovo-P)
Description: Product: Dependency Package Update -- Error 1316. A network error occurred while attempting to read from the file C:\Program Files\Lenovo\iMController\PluginUpdates\LenSysAgntSvc.msi
Error: (04/09/2015 09:50:25 AM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: Unable to remove Windows Search Service indexed data for user '<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-04-09T08:50:25.000000000Z'/><EventRecordID>783</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Lenovo-P</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4C0065006E006F0076006F002D0050005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>' in response to user profile deletion. Error code %2.
%3.

System errors:
=============
Error: (04/09/2015 02:02:51 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330
Error: (04/09/2015 02:02:51 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330
Error: (04/09/2015 02:01:14 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330
Error: (04/09/2015 02:01:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330
Error: (04/09/2015 02:01:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330
Error: (04/09/2015 02:01:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330
Error: (04/09/2015 02:01:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330
Error: (04/09/2015 02:01:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330
Error: (04/09/2015 02:01:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330
Error: (04/09/2015 02:01:13 PM) (Source: DCOM) (EventID: 10016) (User: Lenovo-P)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Lenovo-PBrighamS-1-5-21-1638164624-1541004899-62986585-1002LocalHost (Using LRPC)Microsoft.BingWeather_3.0.1.174_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330

Microsoft Office Sessions:
=========================
Error: (04/09/2015 03:16:09 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Lenovo-P)
Description: 0SystemAgentService.exeLenovo System Agent Service03026217817480
Error: (04/09/2015 03:16:07 PM) (Source: MsiInstaller) (EventID: 11316) (User: Lenovo-P)
Description: Product: Dependency Package Update -- Error 1316. A network error occurred while attempting to read from the file C:\Program Files\Lenovo\iMController\PluginUpdates\LenSysAgntSvc.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/09/2015 11:22:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1638410fc01d072ae9bf67428312C:\Program Files\Internet Explorer\iexplore.exe3e2a6b4d-dea2-11e4-8257-0025ab549d71
Error: (04/09/2015 10:45:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1638472401d072a8d56cd0994294967295C:\Program Files\Internet Explorer\iexplore.exe203f03cd-de9c-11e4-8256-0025ab549d71
Error: (04/09/2015 10:38:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Lenovo-P)
Description: DefaultBrowser_NOPUBLISHERID+Microsoft.InternetExplorer.Default
Error: (04/09/2015 10:09:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1638493401d072a4d2ffcc03124C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE1905dd7a-de98-11e4-8256-0025ab549d71
Error: (04/09/2015 10:07:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lenovo-P)
Description: Microsoft.XboxLIVEGames_8wekyb3d8bbwe!Microsoft.XboxLIVEGames-2144927142
Error: (04/09/2015 10:05:34 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Lenovo-P)
Description: 0SystemAgentService.exeLenovo System Agent Service03026217822880
Error: (04/09/2015 10:05:33 AM) (Source: MsiInstaller) (EventID: 11316) (User: Lenovo-P)
Description: Product: Dependency Package Update -- Error 1316. A network error occurred while attempting to read from the file C:\Program Files\Lenovo\iMController\PluginUpdates\LenSysAgntSvc.msi(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (04/09/2015 09:50:25 AM) (Source: Windows Search Service Profile Notification) (EventID: 2) (User: )
Description: <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Search-ProfileNotify' Guid='{FC6F77DD-769A-470E-BCF9-1B6555A118BE}' EventSourceName='Windows Search Service Profile Notification'/><EventID Qualifiers='49152'>2</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-04-09T08:50:25.000000000Z'/><EventRecordID>783</EventRecordID><Correlation/><Execution ProcessID='0' ThreadID='0'/><Channel>Application</Channel><Computer>Lenovo-P</Computer><Security/></System><ProcessingErrorData><ErrorCode>15005</ErrorCode><DataItemName>__binLength</DataItemName><EventPayload>4C0065006E006F0076006F002D0050005C00410064006D0069006E006900730074007200610074006F00720000003000780038003000300034003200310030003300000000000000</EventPayload></ProcessingErrorData></Event>

==================== Memory info =========================== 
Processor: AMD E1-2500 APU with Radeon(TM) HD Graphics 
Percentage of memory in use: 47%
Total physical RAM: 3546.79 MB
Available physical RAM: 1871.11 MB
Total Pagefile: 4890.79 MB
Available Pagefile: 3044.19 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:439.5 GB) (Free:415.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C2B0711B)
Partition: GPT Partition Type.
==================== End Of Log ============================


----------



## Brigham (Aug 24, 2010)

I managed to do it.


----------



## Cookiegal (Aug 27, 2003)

I sse the program is running from the Temporary Internet Files which is not good but it doesn't matter as there is no fix to run. I don't see any issues in that log.

I'm not sure what type of restore you did but I believe you said that you can connect with that computer now, correct?

Are there are any other problems?


----------



## Brigham (Aug 24, 2010)

I am sorting out this machine, and so far it looks fine. I like to have plenty of icons to save time getting to the sites I want, so I am downloading them. Before you warn me, I am being very careful and doing lots of declining on the downloads. Thanks for all your help. I really appreciate it. (John)


----------



## Cookiegal (Aug 27, 2003)

Brigham said:


> I am sorting out this machine, and so far it looks fine. I like to have plenty of icons to save time getting to the sites I want, so I am downloading them. Before you warn me, I am being very careful and doing lots of declining on the downloads. Thanks for all your help. I really appreciate it. (John)


You're welcome and yes, be careful out there.


----------

